6526 matches found
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: MFSA 2008-69 XSS vulnerabilities in SessionStore MFSA 2008-68 XSS and JavaScript privilege escalation MFSA 2008-67 Escaped null characters ignored by CSS parser MFSA 2008-66 Errors parsing URLs with leading whitespace and control characters MFSA 2008-65 Cross-domai...
imap-uw -- imap c-client buffer overflow
SANS reports: The University of Washington IMAP library is a library implementing the IMAP mail protocol. University of Washington IMAP is exposed to a buffer overflow issue that occurs due to a boundary error within the rfc822outputchar function in the c-client library. The University of...
mediawiki -- multiple vulnerabilities
The MediaWiki development team reports: Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads i...
mplayer -- twinvq processing buffer overflow vulnerability
A trapkit reports: MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of MPlayer...
roundcube -- remote execution of arbitrary code
Entry for CVE-2008-5619 says: html2text.php in RoundCube Webmail roundcubemail 0.2-1.alpha and 0.2-3.beta allows remote attackers to execute arbitrary code via crafted input that is processed by the pregreplace function with the eval switch...
drupal -- multiple vulnerabilities
The Drupal Project reports: The update system is vulnerable to Cross site request forgeries. Malicious users may cause the superuser user 1 to execute old updates that may damage the database. When an input format is deleted, not all existing content on a site is updated to reflect this deletion...
phpmyadmin -- cross-site request forgery vulnerability
The phpMyAdmin Team reports: A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter...
vinagre -- format string vulnerability
CORE Security Technologies reports: A format string error has been found on the vinagreutilsshowerror function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web based attack scenario, the user would be required to conne...
phppgadmin -- directory traversal with register_globals enabled
Secunia reports: Dun has discovered a vulnerability in phpPgAdmin, which can be exploited by malicious people to disclose sensitive information. Input passed via the "language" parameter to libraries/lib.inc.php is not properly sanitised before being used to include files. This can be exploited t...
php5 -- potential magic_quotes_gpc vulnerability
PHP Developers reports: Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magicquotesgpc is enabled, because it remains off even when set to on...
pdfjam -- insecure temporary files
Secunia reports: Some security issues have been reported in PDFjam, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issues are caused due to the "pdf90", "pdfjoin", and "pdfnup" scripts using temporary files in an insecure manner...
twiki -- multiple vulnerabilities
Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report: XSS vulnerability with URLPARAM variable SEARCH variable allows arbitrary shell command execution...
php -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in PHP, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. An input validation error exists within the "ZipArchive::extractTo"...
squirrelmail -- Cross site scripting vulnerability
Squirrelmail team reports: An issue was fixed that allowed an attacker to send specially- crafted hyperlinks in a message that could execute cross-site scripting XSS when the user viewed the message in SquirrelMail...
vlc -- arbitrary code execution in the RealMedia processor
Tobias Klein from TrapKit reports: The VLC media player contains an integer overflow vulnerability while parsing malformed RealMedia .rm files. The vulnerability leads to a heap overflow that can be exploited by a remote attacker to execute arbitrary code in the context of VLC media player...
p5-File-Path -- rmtree allows creation of setuid files
Jan Lieskovsky reports: perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix...
codeigniter -- arbitrary script execution in the new Form Validation class
znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...
php -- ini database truncation inside dba_replace() function
securityfocus research reports: A bug that leads to the emptying of the INI file contents if the database key was not found exists in PHP dba extension in versions 5.2.6, 4.4.9 and earlier. Function dbareplace are not filtering strings key and value. There is a possibility for the destruction of...
samba -- potential leakage of arbitrary memory contents
Samba Team reports: Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to...
wordpress -- header rss feed script insertion vulnerability
Secunia reports: Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed...
amaya -- multiple buffer overflow vulnerabilities
Secunia reports: A boundary error when processing "div" HTML tags can be exploited to cause a stack-based buffer overflow via an overly long "id" parameter. A boundary error exists when processing overly long links. This can be exploited to cause a stack-based buffer overflow by tricking the user...
wireshark -- SMTP Processing Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in Wireshark, which can be exploited by malicious people to cause a DoS. The vulnerability is caused due to an error in the SMTP dissector and can be exploited to trigger the execution of an infinite loop via a large SMTP packet...
FreeBSD -- arc4random(9) predictable sequence vulnerability
Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...
verlihub -- insecure temporary file usage and arbitrary command execution
securityfocus reports: An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files,...
imlib2 -- XPM processing buffer overflow vulnerability
Secunia reports: A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a pointer arithmetic error within the "load" function provided by the XPM loader. This can be...
dovecot-managesieve -- Script Name Directory Traversal Vulnerability
Secunia reports: The security issue is caused due to an input validation error when processing script names. This can be exploited to read or modify arbitrary files having ".sieve" extensions via directory traversal attacks, with the privileges of the attacker's user id...
opera -- multiple vulnerabilities
The Opera Team reports: Manipulating certain text-area contents can cause a buffer overflow, which may be exploited to execute arbitrary code. Certain HTML constructs can cause the resulting DOM to change unexpectedly, which triggers a crash. To inject code, additional techniques will have to be...
libxml2 -- multiple vulnerabilities
Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or to potentially compromise an application using the library. 1 An integer overflow error in the "xmlSAX2Characters" function can be exploited to trigge...
syslog-ng2 -- startup directory leakage in the chroot environment
Florian Grandel reports: I have not had the time to analyze all of syslog-ng code. But by reading the code section near the chroot call and looking at strace results I believe that syslog-ng does not chdir to the chroot jail's location before chrooting into it. This opens up ways to work around t...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: MFSA 2008-58 Parsing error in E4X default namespace MFSA 2008-57 -moz-binding property bypasses security checks on codebase principals MFSA 2008-56 nsXMLHttpRequest::NotifyEventListeners same-origin violation MFSA 2008-55 Crash and remote code execution in...
optipng -- arbitrary code execution via crafted BMP image
Secunia reports: A vulnerability has been reported in OptiPNG, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the BMP reader and can be exploited to cause a buffer overflow by tricking a user into...
gnutls -- X.509 certificate chain validation vulnerability
SecurityFocus reports: GnuTLS is prone to a security-bypass vulnerability because the application fails to properly validate chained X.509 certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted servers. Unsuspecting users ma...
trac -- potential DOS vulnerability
Trac development team reports: 0.11.2 is a new stable maintenance release. It contains several security fixes and everyone is recommended to upgrade their installations. Bug fixes: Fixes potential DOS vulnerability with certain wiki markup...
clamav -- off-by-one heap overflow in VBA project parser
Advisory from Moritz Jodeit, November 8th, 2008: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the clamd' process by sending an email...
openfire -- multiple vulnerabilities
Andreas Kurtz reports: The jabber server Openfire = version 3.6.0a contains several serious vulnerabilities. Depending on the particular runtime environment these issues can potentially even be used by an attacker to execute code on operating system level. Authentication bypass - This vulnerabili...
nagios -- web interface privilege escalation vulnerability
securityfocus reports: An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks...
libcdaudio -- remote buffer overflow and code execution
securityfocus reports: The 'libcdaudio' library is prone to a remote heap code in the context of an application that uses the library. Failed attacks will cause denial-of-service conditions. A buffer-overflow in Grip occurs when the software processes a response to a CDDB query that has more than...
streamripper -- multiple buffer overflows
Secunia reports: A boundary error exists within httpparsescheader in lib/http.c when parsing an overly long HTTP header starting with "Zwitterion v". A boundary error exists within httpgetpls in lib/http.c when parsing a specially crafted pls playlist containing an overly long entry. A boundary...
vlc -- cue processing stack overflow
The VLC Team reports: The VLC media player contains a stack overflow vulnerability while parsing malformed cue files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of VLC media player...
opera -- multiple vulnerabilities
Opera reports: When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuration...
qemu -- Heap overflow in Cirrus emulation
Aurelien Jarno reports: CVE-2008-4539: fix a heap overflow in Cirrus emulation The code in hw/cirrusvga.c has changed a lot between CVE-2007-1320 has been announced and the patch has been applied. As a consequence it has wrongly applied and QEMU is still vulnerable to this bug if using VNC...
phpmyadmin -- Cross-Site Scripting Vulnerability
SecurityFocus reports: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This ma...
imap-uw -- local buffer overflow vulnerabilities
SANS reports: University of Washington "tmail" and "dmail" are mail deliver agents. "tmail" and "dmail" are exposed to local buffer overflow issues because they fail to perform adequate boundary checks on user-supplied data...
openoffice -- arbitrary code execution vulnerabilities
The OpenOffice Team reports: A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running...
websvn -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in WebSVN, which can be exploited by malicious users to disclose sensitive information, and by malicious people to conduct cross-site scripting attacks and manipulate data. Input passed in the URL to index.php is not properly sanitised befo...
wordpress -- snoopy "_httpsrequest()" shell command execution vulnerability
The Wordpress development team reports: A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately...
enscript -- arbitrary code execution vulnerability
Ulf Harnhammar of Secunia Research reports: Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafte...
drupal -- multiple vulnerabilities
The Drupal Project reports: On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory. This bug affects both Drupal 5 and Drupal 6. The title of book pages is not always properly escaped, enabling users wi...
libspf2 -- Buffer overflow
CVE reports: Heap-based buffer overflow in the SPFdnsresolvlookup function in Spfdnsresolv.c in libspf2 before 1.2.8 allows remote attackers to execute arbitrary code via a long DNS TXT record with a modified length field...
mantis -- php code execution vulnerability
Secunia reports: EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "sort" parameter in manageprojpage.php is not properly sanitised before being used in a "createfunction" call. This can be exploited to...