extman -- password bypass vulnerability

Extmail team reports: Emergency update 4 fixes a serious security vulnerability. Successful exploit of this vulnerability would allow attacker to change user's password without knowing it by using specifically crafted HTTP request...

powerdns-recursor -- DNS cache poisoning

If the system random number generator can be predicted by its past output, then an attacker may spoof Recursor to accept mallicious data. This leads to DNS cache poisoning and client redirection...

phpmyadmin -- Username/Password Session File Information Disclosure

A phpMyAdmin security announcement report: phpMyAdmin saves sensitive information like the MySQL username and password and the Blowfish secret key in session data, which might be unprotected on a shared host...

suphp -- multiple local privilege escalation vulnerabilities

Multiple local privilege escalation are found in the symlink verification code. An attacker may use it to run a PHP script with the victim's privilege. This attack is a little harder when suphp operates in paranoid mode. For suphp that runs in owner mode which is the default in ports, immediate...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2008-19 XUL popup spoofing variant cross-tab popups MFSA 2008-18 Java sock...

silc -- pkcs_decode buffer overflow

Core Security Technologies reports: A remote buffer overflow vulnerability found in a library used by both the SILC server and client to process packets containing cryptographic material may allow an un-authenticated client to executearbitrary code on the server with the privileges of the user...

postfix-policyd-weight -- working directory symlink vulnerability

postfix-policyd-weight does not check for symlink for its working directory. If the working directory is not already setup by the super root, an unprivileged user can link it to another directories in the system. This results in ownership/permission changes on the target directory...

php -- integer overflow vulnerability

CVE reports: Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and...

gnupg -- memory corruption vulnerability

Secunia reports: A vulnerability has been reported in GnuPG, which can potentially be exploited to compromise a vulnerable system. The vulnerability is caused due to an error when importing keys with duplicated IDs. This can be exploited to cause a memory corruption when importing keys via...

libtremor -- multiple vulnerabilities

The RedHat Project reports: Will Drewry of the Google Security Team reported multiple issues in OGG Vorbis and Tremor libraries, that could cause application using those libraries to crash NULL pointer dereference or divide by zero, enter an infinite loop or cause heap overflow caused by integer...

bzip2 -- crash with certain malformed archive files

SecurityFocus reports: The 'bzip2' application is prone to a remote file-handling vulnerability because the application fails to properly handle malformed files. Exploit attempts likely result in application crashes...

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

dovecot -- security hole in blocking passdbs

Dovecot reports: Security hole in blocking passdbs MySQL always. PAM, passwd and shadow if blocking=yes where user could specify extra fields in the password. The main problem here is when specifying "skippasswordcheck" introduced in v1.0.11 for fixing master user logins, allowing the user to log...

phpmyadmin -- SQL injection vulnerability

A phpMyAdmin security announcement report: phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for t...

ghostscript -- zseticcspace() function buffer overflow vulnerability

Chris Evans from the Google Security Team reports: Severity: parsing of evil PostScript file will result in arbitrary code execution. A stack-based buffer overflow in the zseticcspace function in zicc.c allows remote arbitrary code execution via a malicious PostScript file .ps that contains a lon...

flyspray -- multiple vulnerabilities

The Flyspray Project reports: Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch javascript function. There is an XSS problem in the history tab, th...

opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. Image properties can no longer be used to execute scripts, as reported by Max Leonov. Fixed an issue where the...

qemu -- unchecked block read/write vulnerability

Ian Jackson reports on the debian-security mailinglist: When a block device read or write request is made by the guest, nothing checks that the request is within the range supported by the backend, but the code in the backend typically assumes that the request is sensible. Depending on the backen...

openldap -- modrdn Denial of Service vulnerability

Secunia Advisory reports: A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS Denial of Service...

cacti -- Multiple security vulnerabilities have been discovered

The cacti development team reports: Multiple security vulnerabilities have been discovered in Cacti's web interface: XSS vulnerabilities Path disclosure vulnerabilities SQL injection vulnerabilities HTTP response splitting vulnerabilities...

ikiwiki -- javascript insertion via uris

The ikiwiki development team reports: The htmlscrubber did not block javascript in uris. This was fixed by adding a whitelist of valid uri types, which does not include javascript. Some urls specifyable by the meta plugin could also theoretically have been used to inject javascript; this was also...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. Web forgery overwrite with div overlay URL token stealing via stylesheet redire...

mailman -- script insertion vulnerability

Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert...

mplayer -- multiple vulnerabilities

The Mplayer team reports: A buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious...

pcre -- buffer overflow vulnerability

PCRE developers report: A character class containing a very large number of characters with codepoints greater than 255 in UTF-8 mode, of course caused a buffer overflow...

sdl_image -- buffer overflow vulnerabilities

Secunia reports: Two vulnerabilities have been reported in SDLimage, which can be exploited by malicious people to cause a Denial of Service or potentially compromise an application using the library. A boundary error within the LWZReadByte function in IMGgif.c can be exploited to trigger the...

libxine -- buffer overflow vulnerability

xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2006-1664. This is not the first time that that bug has been fixed... It also fixes a few more recent bugs, such as the audio output problems in 1.1.9...

xorg -- multiple vulnerabilities

Matthieu Herrb of X.Org reports: Several vulnerabilities have been identified in server code of the X window system caused by lack of proper input validation on user controlled data in various parts of the software, causing various kinds of overflows. Exploiting these overflows will crash the X...

drupal -- cross site scripting (utf8)

The Drupal Project reports: When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

drupal -- cross site scripting (register_globals)

The Drupal Project reports: When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupal's .htaccess attempts to set registerglobals to disabled and...

drupal -- cross site request forgery

The Drupal Project reports: The aggregator module fetches items from RSS feeds and makes them available on the site. The module provides an option to remove items from a particular feed. This has been implemented as a simple GET request and is therefore vulnerable to cross site request forgeries...

xfce -- multiple vulnerabilities

Gentoo reports: A remote attacker could entice a user to install a specially crafted "rc" file to execute arbitrary code via long strings in the "Name" and "Comment" fields or via unspecified vectors involving the second vulnerability...

libxine -- buffer overflow vulnerability

xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2008-0225. It also contains a read-past-end fix for an internal library function which is only used if the OS does not supply it and a rendering fix for...

geeklog xss vulnerability

Geeklog reports: MustLive pointed out a possible XSS in the form to email an article to a friend that we're fixing with this release. Please note that this problem only exists in Geeklog 1.4.0 - neither Geeklog 1.4.1 nor any older versions 1.3.x series have that problem...

clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability

iDefense Security Advisory 02.12.08: Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists...

postgresql -- multiple vulnerabilities

The PostgreSQL developers report: PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: 1 index functions were executed as the superuser and not the table owner during VACUUM an...

maradns -- CNAME record resource rotation denial of service

Secunia reports: A vulnerability has been reported in MaraDNS, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to an error within the handling of certain DNS packets. This can be exploited to cause a resource rotation by sending specially...

zenphoto -- XSS vulnerability

zenphoto project reports: A new zenphoto version is now available. This release contains security fixes for HTML, XSS, and SQL injection vulnerabilities...

gallery2 -- multiple vulnerabilities

The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...

jetty -- multiple vulnerability

Greg Wilkins reports: jetty allows remote attackers to bypass protection mechanisms and read the source of files via multiple '/' characters in the URI...

dovecot -- Specific LDAP + auth cache configuration may mix up user logins

Dovecot reports: If two users with the same password and same passfilter variables log in within authcachettl seconds 1h by default, the second user may get logged in with the first user's cached passattrs. For example if passattrs contained the user's home/mail directory, this would mean that th...

wireshark -- multiple vulnerabilities

The Wireshark team reports of multiple vulnerabilities: Wireshark could crash when reading an MP3 file. Beyond Security discovered that Wireshark could loop excessively while reading a malformed DNP packet. Stefan Esser discovered a buffer overflow in the SSL dissector. The ANSI MAP dissector cou...

opera -- multiple vulnerabilities

Opera Software ASA reports about multiple security fixes: Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. Fixed an issue with TLS certificates that could be used to execute arbitrary code, as...

linux-flashplugin -- multiple vulnerabilities

Adobe Security bulletin: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to...

peercast -- buffer overflow vulnerability

Luigi Auriemma reports that peercast is vulnerable to a buffer overflow which could lead to a DoS or potentially remote code execution: The handshakeHTTP function which handles all the requests received by the other clients is vulnerable to a heap overflow which allows an attacker to fill the...

ganglia-webfrontend -- XSS vulnerabilities

The Ganglia project reports: The Ganglia development team is pleased to release Ganglia 3.0.6 Foss which is available.... This release includes a security fix for web frontend cross-scripting vulnerability...

samba -- buffer overflow vulnerability

Secuna Research reports: Secunia Research has discovered a vulnerability in Samba, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "sendmailslot" function. This can be exploited to cause a stack-based...

e2fsprogs -- heap buffer overflow

Theodore Y. Ts'o reports: Fix a potential security vulnerability where an untrusted filesystem can be corrupted in such a way that a program using libext2fs will allocate a buffer which is far too small. This can lead to either a crash or potentially a heap-based buffer overflow crash. No known...

drupal -- SQL injection vulnerability

The Drupal Project reports: The function taxonomyselectnodes directly injects variables into SQL queries instead of using placeholders. While taxonomy module itself validates the input passed to taxonomyselectnodes, this is a weakness in Drupal core. Several contributed modules, such as...

jetty -- multiple vulnerabilities

Cross-site scripting XSS vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies. Mortbay Jetty before 6.1.6rc1 does not properly handle "certain quote sequences" in HTML cookie parameters...