6526 matches found
apache -- Cross-site scripting vulnerability
CVE Mitre reports: Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in th...
phpmyadmin -- cross site request forgery vulnerabilities
A phpMyAdmin security announcement: A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set...
libxine -- denial of service vulnerability
xine team reports: A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files CVE-2008-3231, some related fixes, and fixes for a few possible buffer overflows...
clamav -- CHM Processing Denial of Service
Hanno Boeck reports: A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser...
drupal -- multiple vulnerabilities
The Drupal Project reports: Free tagging taxonomy terms can be used to insert arbitrary script and HTML code cross site scripting or XSS on node preview pages. A successful exploit requires that the victim selects a term containing script code and chooses to preview the node. This issue affects...
mplayer -- vulnerability in STR files processor
Secunia reports: The vulnerability is caused due to a boundary error within the "strreadpacket" function in libavformat/psxstr.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted STR file...
FreeBSD -- DNS cache poisoning
Problem Description: The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization. Impact: The lack of source port randomization reduces the amount of data the attacker needs to guess in order to...
poppler -- uninitialized pointer
Felipe Andres Manzano reports: The libpoppler pdf rendering library, can free uninitialized pointers, leading to arbitrary code execution. This vulnerability results from memory management bugs in the Page class constructor/destructor...
mysql -- MyISAM table privileges security bypass vulnerability for symlinked paths
MySQL Team reports: Additional corrections were made for the symlink-related privilege problem originally addressed. The original fix did not correctly handle the data directory pathname if it contained symlinked directories in its path, and the check was made only at table-creation time, not at...
fetchmail -- potential crash in -v -v verbose mode (revised patch)
Matthias Andree reports: 2008-06-24 1.2 also fixed issue in reportcomplete reported by Petr Uzel...
phpmyadmin -- Cross Site Scripting Vulnerabilities
Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...
cgiwrap -- XSS Vulnerability
Secunia reports: A vulnerability has been reported in CGIWrap, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to the application generating error messages without specifying a charset. This can be exploited to execute arbitrary...
ruby -- multiple integer and buffer overflow vulnerabilities
The official ruby site reports: Multiple vulnerabilities in Ruby may lead to a denial of service DoS condition or allow execution of arbitrary code...
php -- input validation error in safe_mode
According to Maksymilian Arciemowicz research, it is possible to bypass security restrictions of safemode in various functions via directory traversal vulnerability. The attacker can use this attack to gain access to sensitive information. Functions utilizing expandfilepath may be affected. It...
vim -- Vim Shell Command Injection Vulnerabilities
Rdancer.org reports: Improper quoting in some parts of Vim written in the Vim Script can lead to arbitrary code execution upon opening a crafted file...
apache -- multiple vulnerabilities
Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2008-2364: modproxyhttp: Better handling of excessive interim responses from origin server to prevent potential denial of service and high memory usage. Reported by Ryujiro Shibuya. CVE-2007-6420:...
fetchmail -- potential crash in -v -v verbose mode
Matthias Andree reports: Gunter Nau reported fetchmail crashing on some messages; further debugging by Petr Uzel and Petr Cerny at Novell/SUSE Czech Republic dug up that this happened when fetchmail was trying to print, in -v -v verbose level, headers exceeding 2048 bytes. In this situation,...
xorg -- multiple vulnerabilities
Matthieu Herrb of X.Org reports: Several vulnerabilities have been found in the server-side code of some extensions in the X Window System. Improper validation of client-provided data can cause data corruption. Exploiting these overflows will crash the X server or, under certain circumstances all...
FreeType 2 -- Multiple Vulnerabilities
Secunia reports: An integer overflow error exists in the processing of PFB font files. This can be exploited to cause a heap-based buffer overflow via a PFB file containing a specially crafted "Private" dictionary table. An error in the processing of PFB font files can be exploited to trigger the...
Courier Authentication Library -- SQL Injection
Secunia reports: A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploite...
Bugzilla -- Directory Traversal in importxml.pl
A Bugzilla Security Advisory reports: When importing bugs using importxml.pl, the --attachpath option can be specified, pointing to the directory where attachments to import are stored. If the XML file being read by importxml.pl contains a malicious ../relativepath/to/localfile node, the script...
ikiwiki -- empty password security hole
The ikiwiki development team reports: This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins...
ikiwiki -- cleartext passwords
The ikiwiki development team reports: Until version 2.48, ikiwiki stored passwords in cleartext in the userdb. That risks exposing all users' passwords if the file is somehow exposed. To pre-emtively guard against that, current versions of ikiwiki store password hashes using Eksblowfish...
py-pylons -- Path traversal bug
Pylons team reports: The error.py controller uses paste.fileapp to serve the static resources to the browser. The default error.py controller uses os.path.join to combine the id from Routes with the media path. Routes prior to 1.8 double unquoted the PATHINFO, resulting in FileApp returning files...
linux-flashplugin -- unspecified remote code execution vulnerability
Adobe Product Security Incident Response Team reports: An exploit appears to be taking advantage of a known vulnerability, reported by Mark Dowd of the ISS X-Force and wushi of team509, that was resolved in Flash Player 9.0.124.0 CVE-2007-0071. This exploit does NOT appear to include a new,...
spamdyke -- open relay
Spamdyke Team reports: Fixed smtpfilter to reject the DATA command if no valid recipients have been specified. Otherwise, a specific scenario could result in every spamdyke installation being used as an open relay. If the remote server connects and gives one or more recipients that are rejected f...
Nagios -- Cross Site Scripting Vulnerability
Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks...
peercast -- arbitrary code execution
Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...
cdf3 -- Buffer overflow vulnerability
NASA Goddard Space Flight Center reports: The libraries for the scientific data file format, Common Data Format CDF version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted invalid CDF files. If successful, this could trigger execution of...
mantis -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in Mantis, which can be exploited by malicious users to compromise a vulnerable system and malicious people to conduct cross-site scripting and request forgery attacks. Input passed to the "filtertarget" parameter in returndynamicfilters.ph...
libvorbis -- various security issues
Red Hat reports: Will Drewry of the Google Security Team reported several flaws in the way libvorbis processed audio data. An attacker could create a carefully crafted Vorbis audio file in such a way that it could cause an application linked with libvorbis to crash, or execute arbitrary code when...
django -- XSS vulnerability
Django project reports: The Django administration application will, when accessed by a user who is not sufficiently authenticated, display a login form and ask the user to provide the necessary credentials before displaying the requested page. This form will be submitted to the URL the user...
mysql -- MyISAM table privileges security bypass vulnerability
SecurityFocus reports: MySQL is prone to a security-bypass vulnerability. An attacker can exploit this issue to overwrite existing table files in the MySQL data directory, bypassing certain security restrictions...
qemu -- "drive_init()" Disk Format Security Bypass
Secunia reports: A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is caused due to the "driveinit" function in vl.c determining the format of a disk from data contained in the disk's header. This...
phpmyadmin -- Shared Host Information Disclosure
A phpMyAdmin security announcement report: It is possible to read the contents of any file that the web server's user can access. The exact mechanism to achieve this won't be disclosed. If a user can upload on the same host where phpMyAdmin is running a PHP script that can read files with the...
serendipity -- multiple cross site scripting vulnerabilities
Hanno Boeck reports: The installer of serendipity 1.3 has various Cross Site Scripting issues. This is considered low priority, as attack scenarios are very unlikely. Various path fields are not escaped properly, thus filling them with javascript code will lead to XSS. MySQL error messages are no...
mt-daapd -- integer overflow
FrSIRT reports: A vulnerability has been identified in mt-daapd which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the wsgetpostvars function when processing a negative Content-Length: head...
moinmoin -- superuser privilege escalation
MoinMoin team reports: A check in the userform processing was not working as expected and could be abused for ACL and superuser privilege escalation...
vorbis-tools -- Speex header processing vulnerability
Secunia reports: A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Spee...
firefox -- javascript garbage collector vulnerability
Mozilla Foundation reports: Fixes for security problems in the JavaScript engine described in MFSA 2008-15 introduced a stability problem, where some users experienced crashes during JavaScript garbage collection. This is being fixed primarily to address stability concerns. We have no demonstrati...
clamav -- Multiple Vulnerabilities
Secunia reports: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. 1 A boundary error exists within the "cliscanpe" function in libclamav/pe.c. This can be exploited to cause a...
mksh -- TTY attachment privilege escalation
Secunia reports: The vulnerability is caused due to an error when attaching to a TTY via the -T command line switch. This can be exploited to execute arbitrary commands with the privileges of the user running mksh via characters previously written to the attached virtual console...
png -- unknown chunk processing uninitialized memory access
Secunia reports: Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a Denial of Service, disclose potentially sensitive information, or potentially compromise an application using the library. The vulnerability is caused due to the improper...
python -- Integer Signedness Error in zlib Module
Justin Ferguson reports: Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow...
ikiwiki -- cross site request forging
The ikiwiki development team reports: Cross Site Request Forging could be used to construct a link that would change a logged-in user's password or other preferences if they clicked on the link. It could also be used to construct a link that would cause a wiki page to be modified by a logged-in...
openfire -- unspecified denial of service
Secunia reports: A vulnerability has been reported in Openfire, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to an unspecified error and can be exploited to cause a Denial of Service...
swfdec -- exposure of sensitive information
Secunia reports: A vulnerability has been reported in swfdec, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to swfdec not properly restricting untrusted sandboxes from reading local files, which can be exploited to disclose the conte...
libxine -- array index vulnerability
xine Team reports: A new xine-lib version is now available. This release contains a security fix an unchecked array index that could allows remote attackers to execute arbitrary code via a header structure containing a negative offset, which is used to dereference a function pointer...
opera -- multiple vulnerabilities
Opera Software reports of multiple security issues in Opera. All of them can lead to arbitrary code execution. Details are as the following: Newsfeed prompt can cause Opera to execute arbitrary code Resized canvas patterns can cause Opera to execute arbitrary code...
lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to lighttpd not properly clearing the OpenSSL error queue. This can be exploited to close concurrent SSL connections of...