6526 matches found
claws-mail -- insecure temporary file creation
Nico Golde reports: A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail...
qemu -- Translation Block Local Denial of Service Vulnerability
SecurityFocus reports: QEMU is prone to a local denial-of-service vulnerability because it fails to perform adequate boundary checks when handling user-supplied input. Attackers can exploit this issue to cause denial-of-service conditions. Given the nature of the issue, attackers may also be able...
Squid -- Denial of Service Vulnerability
Squid secuirty advisory reports: Due to incorrect bounds checking Squid is vulnerable to a denial of service check during some cache update reply processing. This problem allows any client trusted to use the service to perform a denial of service attack on the Squid service...
firefox -- multiple remote unspecified memory corruption vulnerabilities
Mozilla Foundation reports: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to...
ikiwiki -- improper symlink verification vulnerability
The ikiwiki development team reports: Ikiwiki did not check if path to the srcdir to contained a symlink. If an attacker had commit access to the directories in the path, they could change it to a symlink, causing ikiwiki to read and publish files that were not intended to be published. But not...
rubygem-rails -- session-fixation vulnerability
Rails core team reports: The rails core team has released ruby on rails 1.2.6 to address a bug in the fix for session fixation attacks CVE-2007-5380. The CVE Identifier for this new issue is CVE-2007-6077...
IRC Services-- Denial of Service Vulnerability
Secunia reports: A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the improper handling of overly long passwords within the "defaultencrypt" function in encrypt.c and can be exploited to...
phpmyadmin -- Cross Site Scripting
phpMyAdmin security announcement: The login page authtype cookie was vulnerable to XSS via the convcharset parameter. An attacker could use this to execute malicious code on the visitors computer...
liveMedia -- DoS vulnerability
The live555 development team reports: Fixed a bounds-checking error in "parseRTSPRequestString" caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...
samba -- multiple vulnerabilities
The Samba Team reports: Secunia Research reported a vulnerability that allows for the execution of arbitrary code in nmbd. This defect may only be exploited when the "wins support" parameter has been enabled in smb.conf. Samba developers have discovered what is believed to be a non-exploitable...
mysql -- privilege escalation and overwrite of the system table information
MySQL reports: Using RENAME TABLE against a table with explicit DATA DIRECTORY and INDEX DIRECTORY options can be used to overwrite system table information by replacing the symbolic link points. the file to which the symlink points...
gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability
SecurityFocus reports: GNUs tar and cpio utilities are prone to a denial-of-service vulnerability because of insecure use of the alloca function. Successfully exploiting this issue allows attackers to crash the affected utilities and possibly to execute code but this has not been confirmed...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group reports: When creating a new database, a malicious user can use a client-side Web proxy to place malicious code in the db parameter of the POST request. Since dbcreate.php does not properly sanitize user-supplied input, an administrator could face a persistent XSS attack when...
php -- multiple security vulnerabilities
PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...
xpdf -- multiple remote Stream.CC vulnerabilities
Secunia Research reports: Secunia Research has discovered some vulnerabilities in Xpdf, which can be exploited by malicious people to compromise a user's system. An array indexing error within the "DCTStream::readProgressiveDataUnit" method in xpdf/Stream.cc can be exploited to corrupt memory via...
plone -- unsafe data interpreted as pickles
Plone projectreports: This hotfix corrects a vulnerability in the statusmessages and linkintegrity modules, where unsafe network data was interpreted as python pickles. This allows an attacker to run arbitrary python code within the Zope/Plone process...
net-snmp -- denial of service via GETBULK request
CVE reports: The SNMP agent snmpagent.c in net-snmp before 5.4.1 allows remote attackers to cause a denial of service CPU and memory consumption via a GETBULK request with a large max-repeaters value...
coppermine -- multiple vulnerabilities
Coppermine Security advisory The development team is releasing a security update for Coppermine in order to counter a recently discovered cross-site-scripting vulnerability...
cups -- off-by-one buffer overflow
Secunia reports: Secunia Research has discovered a vulnerability in CUPS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ippReadIO" function in cups/ipp.c when processing IPP Internet Printing Protocol...
mt-daapd -- denial of service vulnerability
US-CERT reports: webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword...
perl -- regular expressions unicode data buffer overflow
Red Hat reports: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl...
pcre -- arbitrary code execution
Debian project reports: Tavis Ormandy of the Google Security Team has discovered several security issues in PCRE, the Perl-Compatible Regular Expression library, which potentially allow attackers to execute arbitrary code by compiling specially crafted regular expressions...
gftp -- multiple vulnerabilities
Gentoo reports: Kalle Olavi Niemitalo discovered two boundary errors in fsplib code included in gFTP when processing overly long directory or file names. A remote attacker could trigger these vulnerabilities by enticing a user to download a file with a specially crafted directory or file name,...
perdition -- str_vwrite format string vulnerability
SEC-Consult reports: Perdition IMAP is affected by a format string bug in one of its IMAP output-string formatting functions. The bug allows the execution of arbitrary code on the affected server. A successful exploit does not require prior authentication...
openldap -- multiple remote denial of service vulnerabilities
BugTraq reports: OpenLDAP is prone to multiple remote denial-of-service vulnerabilities because of an incorrect NULL-termination issue and a double-free issue...
wordpress -- cross-site scripting
A Secunia Advisory report: Input passed to the "postscolumns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
py-django -- denial of service vulnerability
Django project reports: A per-process cache used by Django's internationalization "i18n" system to store the results of translation lookups for particular values of the HTTP Accept-Language header used the full value of that header as a key. An attacker could take advantage of this by sending...
linux-realplayer -- multiple vulnerabilities
Secunia reports: Multiple vulnerabilities have been reported in RealPlayer/RealOne/HelixPlayer, which can be exploited by malicious people to compromise a user's system. An input validation error when processing .RA/.RAM files can be exploited to cause a heap corruption via a specially crafted...
firefox -- OnUnload Javascript browser entrapment vulnerability
RedHat reports: Several flaws were found in the way in which Firefox displayed malformed web content. A web page containing specially-crafted content could potentially trick a user into surrendering sensitive information. CVE-2007-1095, CVE-2007-3844, CVE-2007-3511, CVE-2007-5334...
opera -- multiple vulnerabilities
An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...
drupal --- multiple vulnerabilities
The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
phpmyadmin -- cross-site scripting vulnerability
The DigiTrust Group discovered serious XSS vulnerability in the phpMyAdmin serverstatus.php script. According to their report vulnerability can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
rubygem-rails -- JSON XSS vulnerability
Rails core team reports: All users of Rails 1.2.4 or earlier are advised to upgrade to 1.2.5, though it isn't strictly necessary if you aren't working with JSON. For more information the JSON vulnerability, see CVE-2007-3227...
phpmyadmin -- cross-site scripting vulnerability
SecurityFocus reports: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
flac -- media file processing integer overflow vulnerabilities
iDefense Laps reports: Remote exploitation of multiple integer overflow vulnerabilities in libFLAC, as included with various vendor's software distributions, allows attackers to execute arbitrary code in the context of the currently logged in user. These vulnerabilities specifically exist in the...
ldapscripts -- Command Line User Credentials Disclosure
Ganael Laplanche reports: Up to now, each ldap command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a ps during the call. This is now avoided by using the -y parameter and ...
png -- multiple vulnerabilities
A Secunia Advisory reports: Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS Denial of Service. Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency...
firebird -- multiple remote buffer overflow vulnerabilities
RISE Security reports: There exists multiple vulnerabilities within functions of Firebird Relational Database, which when properly exploited can lead to remote compromise of the vulnerable system...
jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented
SUN reports: A vulnerability in the Java Runtime Environment JRE with applet caching may allow an untrusted applet that is downloaded from a malicious website to make network connections to network services on machines other than the one that the applet was downloaded from. This may allow network...
xfs -- multiple vulnerabilities
Matthieu Herrb reports: Problem Description: Several vulnerabilities have been identified in xfs, the X font server. The QueryXBitmaps and QueryXExtents protocol requests suffer from lack of validation of their 'length' parameters. Impact: On most modern systems, the font server is accessible onl...
smbftpd -- format string vulnerability
Secunia reports: Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name...
nagios-plugins -- Long Location Header Buffer Overflow Vulnerability
A Secunia Advisory reports: The vulnerability is caused due to a boundary error within the redir function in checkhttp.c when processing HTTP Location: header information. This can be exploited to cause a buffer overflow by returning an overly long string in the "Location:" header to a vulnerable...
tcl/tk -- buffer overflow in ReadImage function
A Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl/Tk, allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first...
ImageMagick -- multiple vulnerabilities
Multiple vulnerabilities have been discovered in ImageMagick. ImageMagick before 6.3.5-9 allows context-dependent attackers to cause a denial of service via a crafted image file that triggers 1 an infinite loop in the ReadDCMImage function, related to ReadBlobByte function calls; or 2 an infinite...
openoffice -- arbitrary command execution vulnerability
iDefense reports: Remote exploitation of multiple integer overflow vulnerabilities within OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code. These vulnerabilities exist within the TIFF parsing code of the OpenOffice suite. When...
kdm -- passwordless login vulnerability
The KDE development team reports: KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled...
mozilla -- code execution via Quicktime media-link files
The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...
bugzilla -- "createmailregexp" security bypass vulnerability
The Bugzilla development team reports: Bugzilla::WebService::User::offeraccountbyemail does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still checked. If you do not have the...
coppermine -- multiple vulnerabilities
The coppermine development team reports two vulnerabilities with the coppermine application. These vulnerabilities are caused by improper checking of the log variable in "viewlog.php" and improper checking of the referer variable in "mode.php". This could allow local file inclusion, potentially...
konquerer -- address bar spoofing
The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...