6580 matches found
bugzilla -- "createmailregexp" security bypass vulnerability
The Bugzilla development team reports: Bugzilla::WebService::User::offeraccountbyemail does not check the "createemailregexp" parameter, and thus allows users to create accounts who would normally be denied account creation. The "emailregexp" parameter is still checked. If you do not have the...
mozilla -- code execution via Quicktime media-link files
The Mozilla Foundation reports a vulnerability within the mozilla browser. This vulnerability also affects various other browsers like firefox and seamonkey. The vulnerability is caused by QuickTime Media-Link files that contain a qtnext attribute. This could allow an attacker to start the browse...
konquerer -- address bar spoofing
The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...
coppermine -- multiple vulnerabilities
The coppermine development team reports two vulnerabilities with the coppermine application. These vulnerabilities are caused by improper checking of the log variable in "viewlog.php" and improper checking of the referer variable in "mode.php". This could allow local file inclusion, potentially...
samba -- nss_info plugin privilege escalation vulnerability
The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...
wordpress -- remote sql injection vulnerability
Alexander Concha reports: While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like...
mediawiki -- cross site scripting vulnerability
The MediaWiki development team reports: A possible HTML/XSS injection vector in the API pretty-printing mode has been found and fixed. The vulnerability may be worked around in an unfixed version by simply disabling the API interface if it is not in use, by adding this to LocalSettings.php:...
lighttpd -- FastCGI header overrun in mod_fastcgi
lighttpd maintainer reports: Lighttpd is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference. This bug was found by Mattias Bengtsson and Philip Olaus...
apache -- multiple vulnerabilities
Apache HTTP server project reports: The following potential security flaws are addressed: CVE-2007-3847: modproxy: Prevent reading past the end of a buffer when parsing date-related headers. CVE-2007-1863: modcache: Prevent a segmentation fault if attributes are listed in a Cache-Control header...
php -- multiple vulnerabilities
The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.4: Fixed a floating point exception inside wordwrap Reported by Mattias Bengtsson Fixed several integer overflows inside the GD extension Reported by Mattias Bengtsson Fixed size calculation in chunksplit Reported by...
gallery2 -- multiple vulnerabilities
Gallery project reports: Gallery 2.2.3 addresses the following security vulnerabilities: Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas Unauthorized modification and retrieval of item properties possible with WebDAV Unauthorized locking and replacing of items...
irc/bitchx -- multiple vulnerabilities
bannedit reports: Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the pmode variable. Nico Golde reports: There is a security issue in ircii-pana in bitchx' hostname command. The ehostname function...
tikiwiki -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when remi...
claws-mail -- POP3 Format String Vulnerability
A Secunia Advisory reports: A format string error in the "incputerror" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but...
gtar -- Directory traversal vulnerability
Red Hat reports: A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: This advisory covers three security issues that have recently been fixed in the Bugzilla code: A possible cross-site scripting XSS vulnerability when filing bugs using the guided form. When using emailin.pl, insufficiently escaped data may be passed to...
clamav -- multiple remote Denial of Service vulnerabilities
BugTraq reports: ClamAV is prone to multiple denial-of-service vulnerabilities. A successful attack may allow an attacker to crash the application and deny service to users...
id3lib -- insecure temporary file creation
Debian Bug report log reports: When tagging file $foo, a temporary copy of the file is created, and for some reason, libid3 doesn't use mkstemp but just creates $foo.XXXXXX literally, without any checking. This would silently truncate and overwrite an existing $foo.XXXXXX...
rsync -- off by one stack overflow
BugTraq reports: The rsync utility is prone to an off-by-one buffer-overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input. Successfully exploiting this issue may allow arbitrary code-execution in the context of the affected utility...
opera -- Vulnerability in javascript handling
An advisory from Opera reports: A specially crafted JavaScript can make Opera execute arbitrary code...
FreeBSD -- Buffer overflow in tcpdump(1)
Problem Description: An un-checked return value in the BGP dissector code can result in an integer overflow. This value is used in subsequent buffer management operations, resulting in a stack based buffer overflow under certain circumstances. Impact: By crafting malicious BGP packets, an attacke...
joomla -- multiple vulnerabilities
A Secunia Advisory reports: joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...
xpdf -- stack based buffer overflow
The KDE Team reports: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that can cause a stack based buffer overflow via a PDF file that exploits an integer overflow in StreamPredictor::StreamPredictor. Remotely supplied pdf files can be used to disrupt the kpdf viewe...
fetchmail -- denial of service on reject of local warning message
Matthias Andree reports: fetchmail will generate warning messages in certain circumstances for instance, when leaving oversized messages on the server or login to the upstream fails and send them to the local postmaster or the user running it. If this warning message is then refused by the SMTP...
vim -- Command Format String Vulnerability
A Secunia Advisory reports: A format string error in the "helptagsone" function in src/excmds.c when running the "helptags" command can be exploited to execute arbitrary code via specially crafted help files...
phpsysinfo -- url Cross-Site Scripting
Doz reports: A Input passed in the URL to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
drupal -- Cross site request forgeries
The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...
drupal -- Multiple cross-site scripting vulnerabilities
The Drupal Project reports: Some server variables are not escaped consistently. When a malicious user is able to entice a victim to visit a specially crafted link or webpage, arbitrary HTML and script code can be injected and executed in the context of the victim's session on the targeted website...
FreeBSD -- Predictable query ids in named(8)
Problem Description: When named8 is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named8 uses a predictable query id. Impact: An attacker who can see the query id for some requests sent by named8 is likely to be able to perform DNS cache poisoning by...
fsplib -- multiple vulnerabilities
A Secunia Advisory reports: fsplib can be exploited to compromise an application using the library. A boundary error exists in the processing of file names in fspreaddirnative, which can be exploited to cause a stack-based buffer overflow if the defined MAXNAMLEN is bigger than 256. A boundary...
lighttpd -- multiple vulnerabilities
Secunia Advisory reports: Some vulnerabilities have been reported in lighttpd, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS Denial of Service...
opera -- multiple vulnerabilities
Opera Software ASA reports of multiple security fixes in Opera, including an arbitrary code execute vulnerability: Opera for Linux, FreeBSD, and Solaris has a flaw in the createPattern function that leaves old data that was in the memory before Opera allocated it in the new pattern. The pattern c...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2007-25 XPCNativeWrapper pollution MFSA 2007-24 Unauthorized access to...
mysql -- remote dos via malformed password packet
MySQL reports: A malformed password packet in the connection protocol could cause the server to crash...
linux-flashplugin -- critical vulnerabilities
Adobe reports: Critical vulnerabilities have been identified in Adobe Flash Player that could allow an attacker who successfully exploits these potential vulnerabilities to take control of the affected system. A malicious SWF must be loaded in Flash Player by the user for an attacker to exploit...
wireshark -- Multiple problems
wireshark Team reports: It may be possible to make Wireshark or Ethereal crash or use up available memory by injecting a purposefully malformed packet onto the wire or by convincing someone to read a malformed packet trace file...
p5-Net-DNS -- multiple Vulnerabilities
A Secunia Advisory reports: An error exists in the handling of DNS queries where IDs are incremented with a fixed value and are additionally used for child processes in a forking server. This can be exploited to poison the DNS cache of an application using the module if a valid ID is guessed. An...
dokuwiki -- XSS vulnerability in spellchecker backend
DokuWiki reports: The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users se...
evolution-data-server -- remote execution of arbitrary code vulnerability
Debian project reports: It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code...
gd -- multiple vulnerabilities
gd had been reported vulnerable to several vulnerabilities: CVE-2007-3472: Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers has unspecified attack vectors and impact. CVE-2007-3473: The gdImageCreateXbm functi...
p5-Mail-SpamAssassin -- local user symlink-attack DoS vulnerability
SpamAssassin website reports: A local user symlink-attack DoS vulnerability in SpamAssassin has been found, affecting versions 3.1.x, 3.2.0, and SVN trunk...
c-ares -- DNS Cache Poisoning Vulnerability
Secunia reports: The vulnerability is caused due to predictable DNS "Transaction ID" field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed...
wordpress -- XMLRPC SQL Injection
Secunia reports: Slappter has discovered a vulnerability in WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "wp.suggestCategories" method in xmlrpc.php is not properly sanitised before being used in SQL queries. This can be exploited to...
mplayer -- cddb stack overflow
Mplayer Team reports: A stack overflow was found in the code used to handle cddb queries. When copying the album title and category, no checking was performed on the size of the strings before storing them in a fixed-size array. A malicious entry in the database could trigger a stack overflow in...
libvorbis -- Multiple memory corruption flaws
isecpartners reports: libvorbis contains several vulnerabilities allowing heap overwrite, read violations and a function pointer overwrite. These bugs cause a at least a denial of service, and potentially code execution...
vlc -- format string vulnerability and integer overflow
isecpartners reports: VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized...
flac123 -- stack overflow in comment parsing
isecpartners reports: flac123, also known as flac-tools, is vulnerable to a buffer overflow in vorbis comment parsing. This allows for the execution of arbitrary code...
webmin -- cross site scripting vulnerability
Secunia reports: Input passed to unspecified parameters in pamlogin.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...
wordpress -- unmoderated comments disclosure
Blogsecurity reports: An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments comments that have not been made public to hide sensitive notes regarding posts, future work, passwords etc. So please be caref...
findutils -- GNU locate heap buffer overrun
James Youngman reports: When GNU locate reads filenames from an old-format locate database, they are read into a fixed-length buffer allocated on the heap. Filenames longer than the 1026-byte buffer can cause a buffer overrun. The overrunning data can be chosen by any person able to control the...