hashcash -- heap overflow vulnerability

Andreas Seltenreich reports that hashcash is prone to a heap overflow vulnerability. This vulnerability is caused by improper checking of memory allocations within the "arraypush" function. An attacker could trigger this vulnerability by passing a lot of "-r" or "-j" flags from the command line,...

mutt -- Remote Buffer Overflow Vulnerability

SecurityFocus reports: Mutt is prone to a remote buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. This issue may allow remote attackers to execute arbitrary machin...

Joomla -- multiple vulnerabilities

Joomla Site reports: Secured "Remember Me" functionality against SQL injection attacks Secured "Related Items" module against SQL injection attacks Secured "Weblinks" submission against SQL injection attacks Secured SEF from XSS vulnerability Hardened frontend submission forms against spoofing...

mambo -- SQL injection vulnerabilities

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code...

openldap -- slapd acl selfwrite Security Issue

Howard Chu reports: An ACL of the form 'access to dn.subtree="ou=groups, dc=example,dc=com" attr=member by selfwrite' is intended to only allow users to add/delete their own DN to the target attribute. Currently it allows any DNs to be modified...

sendmail -- Incorrect multipart message handling

Problem Description A suitably malformed multipart MIME message can cause sendmail to exceed predefined limits on its stack usage. Impact An attacker able to send mail to, or via, a server can cause queued messages on the system to not be delivered, by causing the sendmail process which handles...

wv2 -- Integer Overflow Vulnerability

Secunia reports: A vulnerability has been reported in wvWare wv2 Library, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to an integer overflow error in "wordhelper.h" when handling a Word document. This can b...

horde -- multiple parameter cross site scripting vulnerabilities

FrSIRT advisory ADV-2006-2356 reports: Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" script...

mailman -- Multiple Vulnerabilities

Secunia reports: Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS Denial of Service. 1 An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL. Successfu...

shoutcast -- cross-site scripting, information exposure

Goober's advisory reports reports that shoutcast is vulnerable to an arbitrary file reading vulnerability: Impact of the vulnerability depends on the way the product was installed. In general, the vulnerability allows the attacker to read any file which can be read by the Shoutcast server process...

dokuwiki -- spellchecker remote PHP code execution

Stefan Esser reports: During the evaluation of DokuWiki for a german/korean wiki of mine a flaw in DokuWiki's spellchecker was discovered, that allows injecting arbitrary PHP commands, by requesting a spellcheck on PHP commands in 'complex curly syntax'. Because the spellchecker is written as par...

freeradius -- authentication bypass vulnerability

The freeradius development team reports: A validation issue exists with the EAP-MSCHAPv2 module in all versions from 1.0.0 where the module first appeared to 1.1.0. Insufficient input validation was being done in the EAP-MSCHAPv2 state machine. A malicious attacker could manipulate their...

squirrelmail -- plugin.php local file inclusion vulnerability

The SquirrelMail Project Team reports: A security issue has been uncovered in functions/plugin.php that could allow a remote user to access local files on the server without requiring login. This issue manifests itself if registerglobals is enabled, and magicquotesgpc is disabled...

MySQL -- SQL-injection security vulnerability

MySQL reports: An SQL-injection security hole has been found in multibyte encoding processing. An SQL-injection security hole can include a situation whereby when inserting user supplied data into a database, the user might inject his own SQL statements that the server will execute. With regards ...

libxine -- buffer overflow vulnerability

A Secunia Advisory reports: Federico L. Bossi Bonin has discovered a weakness in xine-lib, which can be exploited by malicious people to crash certain applications on a user's system. The weakness is cause due to a heap corruption within the "xinepluginphttp.so" plugin when handling an overly lar...

dokuwiki -- multiple vulnerabilities

Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...

smbfs -- chroot escape

Problem Description smbfs does not properly sanitize paths containing a backslash character; in particular the directory name '..' is interpreted as the parent directory by the SMB/CIFS server, but smbfs handles it in the same manner as any other directory. Impact When inside a chroot environment...

ypserv -- Inoperative access controls in ypserv

Problem Description There are two documented methods of restricting access to NIS maps through ypserv8: through the use of the /var/yp/securenets file, and through the /etc/hosts.allow file. While both mechanisms are implemented in the server, a change in the build process caused the "securenets"...

gnupg -- user id integer overflow vulnerability

If GnuPG processes a userid with a very long packet length, GnuPG can crash due to insufficient bounds check. This can result in a denial-of-service condition or potentially execution of arbitrary code with the privileges of the user running GnuPG...

WebCalendar -- information disclosure vulnerability

Secunia reports: socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Input passed to the "includedir" parameter isn't properly verified, before it is used in an "fopen" call...

coppermine -- Multiple File Extensions Vulnerability

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of file uploads where a filename has multiple file extensions. This can be exploited to upload...

phpmyadmin -- XSRF vulnerabilities

phpMyAdmin security team reports: It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Such issue is quite common in many PHP applications and users should take care what links they follow. We consider these vulnerabilities to be quite...

drupal -- multiple vulnerabilities

The Drupal team reports: Vulnerability: XSS Vulnerability in taxonomy module It is possible for a malicious user to insert and execute XSS into terms, due to lack of validation on output of the page title. The fix wraps the display of terms in checkplain...

drupal -- multiple vulnerabilities

The Drupal team reports: Vulnerability: SQL injection A security vulnerability in the database layer allowed certain queries to be submitted to the database without going through Drupal's query sanitizer. Vulnerability: Execution of arbitrary files Certain -- alas, typical -- configurations of...

vnc -- authentication bypass vulnerability

RealVNC is susceptible to an authentication-bypass vulnerability. A malicious VNC client can cause a VNC server to allow it to connect without any authentication regardless of the authentication settings configured in the server. Exploiting this issue allows attackers to gain unauthenticated,...

postgresql -- encoding based SQL injection

The PostgreSQL development team reports: An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible injection of hostile SQL commands in...

libmms -- stack-based buffer overflow

Mitre CVE reports: Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket...

libxine -- multiple buffer overflow vulnerabilities

The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c "realparsesdp" function. A remote attacker could exploit this by tricking an user to connect to a...

awstats -- arbitrary command execution vulnerability

OS Reviews reports: If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character "|" leads to an insecure call to Perl's open function and...

firefox -- denial of service vulnerability

A Mozilla Foundation Security Advisory reports for deleted object reference when designMode="on" Martijn Wargers and Nick Mott each described crashes that were discovered to ultimately stem from the same root cause: attempting to use a deleted controller context when designMode was turned on. Thi...

mysql50-server -- COM_TABLE_DUMP arbitrary code execution

Stefano Di Paola reports: An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. To take advantage of these flaws an attacker should have direct access to MySQL server communication layer port 3306 or unix socket. But if used in conjuction with so...

MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities

Secunia reports: MySQL have some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system. 1 An error within the code that generates an error response to an invalid COMTABLEDUMP packet can be exploited by an...

clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability

Secunia reports: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service and potentially to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line...

trac -- Wiki Macro Script Insertion Vulnerability

Secunia reports: A vulnerability has been reported, which can be exploited by malicious people to conduct script insertion attacks. Input passed using the wiki macro isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed ...

ethereal -- Multiple Protocol Dissector Vulnerabilities

Secunia reports: Multiple vulnerabilities have been reported in Ethereal, which can be exploited by malicious people to cause a DoS Denial of Service or compromise a vulnerable system. The vulnerabilities are caused due to various types of errors including boundary errors, an off-by-one error, an...

zgv, xzgv -- heap overflow vulnerability

Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap...

phpldapadmin -- Cross-Site Scripting and Script Insertion vulnerabilities

Secunia reports: phpLDAPadmin have some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1 Some input isn't properly sanitised before being returned to the user. This can be exploited to...

FreeBSD -- FPU information disclosure

Problem Description On "7th generation" and "8th generation" processors manufactured by AMD, including the AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and Sempron, the fxsave and fxrstor instructions do not save and restore the FOP, FIP, and FDP registers unle...

coppermine -- "file" Local File Inclusion Vulnerability

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "file" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary...

lifetype -- ADOdb "server.php" Insecure Test Script Security Issue

Secunia reports: A security issue has been discovered in LifeType, which can be exploited by malicious people to execute arbitrary SQL code and potentially compromise a vulnerable system. The problem is caused due to the presence of the insecure "server.php" test script...

fswiki -- XSS vulnerability

JVN reports: FreeStyleWiki has XSS vulnerability...

phpwebftp -- "language" Local File Inclusion

Secunia reports: phpWebFTP have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the "language" parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from...

xine -- multiple remote string vulnerabilities

c0ntexb reports: There are 2 format string bugs in the latest version of Xine that could be exploited by a malicious person to execute code on the system of a remote user running the media player against a malicious playlist file. By passing a format specifier in the path of a file that is embedd...

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

plone -- "member_id" Parameter Portrait Manipulation Vulnerability

Secunia reports: The vulnerability is caused due to missing security declarations in "changeMemberPortrait" and "deletePersonalPortrait". This can be exploited to manipulate or delete another user's portrait via the "memberid" parameter...

mozilla -- multiple vulnerabilities

A Mozilla Foundation Security Advisory reports of multiple issues. Several of which can be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-29 Spoofing with translucent windows MFSA 2006-28 Security check of jsValueToFunctionObject can be circumvented MFSA...

frontpage -- cross site scripting vulnerability

Esteban Martinez Fayo reports: The FrontPage Server Extensions 2002 included in Windows Sever 2003 IIS 6.0 and available as a separate download for Windows 2000 and XP has a web page /vtibin/vtiadm/fpadmdll.dll that is used for administrative purposes. This web page is vulnerable to cross site...

cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service

Unspecified vulnerability in the CMU Cyrus Simple Authentication and Security Layer SASL library, has unknown impact and remote unauthenticated attack vectors, related to DIGEST-MD5 negotiation...

asterisk -- denial of service vulnerability, local system access

Emmanouel Kellenis reports a denial of service vulnerability within asterisk. The vulnerability is caused by a buffer overflow in "formatjpeg.c". A large JPEG image could trigger this bug, potentially allowing a local attacker to execute arbitrary code...

mailman -- Private Archive Script Cross-Site Scripting

Secunia reports: A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute...