6526 matches found
wordpress -- multiple vulnerabilities
A Gentoo Linux Security Advisory reports: Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the...
gld -- format string and buffer overflow vulnerabilities
Gld has been found vulnerable to multiple buffer overflows as well as multiple format string vulnerabilities. An attacker could exploit this vulnerability to execute arbitrary code with the permissions of the user running Gld, the default user being root. The FreeBSD port defaults to running gld ...
portupgrade -- insecure temporary file handling vulnerability
Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...
mozilla -- code execution through javascript: favicons
A Mozilla Foundation Security Advisory reports: Firefox and the Mozilla Suite support custom "favicons" through the tag. If a link tag is added to the page programmatically and a javascript: url is used, then script will run with elevated privileges and could run or install malicious software...
jdk -- jar directory traversal vulnerability
Pluf has discovered a vulnerability in Sun Java JDK/SDK, which potentially can be exploited by malicious people to compromise a user's system. The jar tool does not check properly if the files to be extracted have the string "../" on its names, so it's possible for an attacker to create a malicio...
openoffice -- DOC document heap overflow vulnerability
AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker t...
rsnapshot -- local privilege escalation
An rsnapshot Advisory reports: The copysymlink subroutine in rsnapshot incorrectly changes file ownership on the files pointed to by symlinks, not on the symlinks themselves. This would allow, under certain circumstances, an arbitrary user to take ownership of a file on the main filesystem...
sharutils -- unshar insecure temporary file creation
An Ubuntu Advisory reports: Joey Hess discovered that "unshar" created temporary files in an insecure manner. This could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user invoking the program...
gaim -- jabber remote crash
The GAIM team reports: A remote jabber user can cause Gaim to crash by sending a specific file transfer request...
phpmyadmin -- cross site scripting vulnerability
A phpMyAdmin security announcement reports: The convcharset parameter was not correctly validated, opening the door to a XSS attack...
gaim -- remote DoS on receiving malformed HTML
The GAIM team reports: The gaimmarkupstriphtml function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service application crash via a string that contains malformed HTML, which causes an out-of-bounds read...
gaim -- remote DoS on receiving certain messages over IRC
The GAIM team reports: The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows 1 remote attackers to inject arbitrary Gaim markup via ircmsgkick, ircmsgmode, ircmsgpart, ircmsgquit, 2 remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via...
mozilla -- javascript "lambda" replace exposes memory contents
A Mozilla Foundation Security Advisory reports: A bug in javascript's regular expression string replacement when using an anonymous function as the replacement argument allows a malicious script to capture blocks of memory allocated to the browser. A web site could capture data and transmit it to...
firefox -- PLUGINSPAGE privileged javascript execution
A Mozilla Foundation Security Advisory reports: When a webpage requires a plugin that is not installed the user can click to launch the Plugin Finder Service PFS to find an appropriate plugin. If the service does not have an appropriate plugin the EMBED tag is checked for a PLUGINSPAGE attribute,...
bzip2 -- denial of service and permission race vulnerabilities
Problem Description Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions. Impac...
horde -- Horde Page Title Cross-Site Scripting Vulnerability
Secunia Advisory: SA14730 A vulnerability has been reported in Horde, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed when setting the parent frame's page title via JavaScript is not properly sanitised before being returned to the user. This can be...
sylpheed -- MIME-encoded file name buffer overflow vulnerability
Sylpheed is vulnerable to a buffer overflow when displaying emails with attachments that have MIME-encoded file names. This could be used by a remote attacker to crash sylpheed potentially allowing execution of arbitrary code with the permissions of the user running sylpheed...
phpSysInfo -- cross site scripting vulnerability
A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Als...
lsh -- multiple vulnerabilities
Secunia reports: A vulnerability has been reported in LSH, which potentially can be exploited by malicious people to cause a DoS Denial of Service...
kdelibs -- local DCOP denial of service vulnerability
A KDE Security Advisory reports: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol DCOP daemon better known as dcopserver. A local user can lock up the dcopserver of arbitrary other users on the same machine...
rxvt-unicode -- buffer overflow vulnerability
A rxvt-unicode changelog reports: Fix a bug that allowed to overflow a buffer via a long escape sequence, which is probably exploitable fix by Rob Holland / Yoann Vandoorselaere / Gentoo Audit Team...
wine -- information disclosure due to insecure temporary file handling
Due to insecure temporary file creation in the Wine Windows emulator, it is possible for any user to read potentially sensitive information from temporary registry files. When a Win32 application is launched by wine, wine makes a dump of the Windows registry in /tmp with name regxxxxyyyy.tmp ,...
racoon -- remote denial-of-service
Sebastian Krahmer discovered that the racoon ISAKMP daemon could be crashed with a maliciously crafted UDP packet. No authentication is required in order to perform the attack...
mysql-server -- multiple remote vulnerabilities
SecurityFocus reports: MySQL is reported prone to an insecure temporary file creation vulnerability. Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process...
mozilla -- heap buffer overflow in GIF image processing
A Mozilla Foundation Security Advisory states: An sic GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine...
ethereal -- multiple protocol dissectors vulnerabilities
An Ethreal Security Advisories reports: Issues have been discovered in the following protocol dissectors: Matevz Pustisek discovered a buffer overflow in the Etheric dissector. CVE: CAN-2005-0704 The GPRS-LLC dissector could crash if the "ignore cipher bit" option was enabled. CVE: CAN-2005-0705...
perl -- Directory Permissions Race Condition
Secunia reports: Paul Szabo has reported a vulnerability in Perl File::Path::rmtree, which potentially can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a race condition in the way File::Path::rmtree handles directory permissions when...
sylpheed -- buffer overflow in header processing
The Sylpheed web site states: A buffer overflow which occurred when replying to a message with certain headers which contain non-ascii characters was fixed...
hashcash -- format string vulnerability
A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the Hashcash utility that an attacker could expose by specifying a malformed reply address. Successful exploitation would permit an attacker to disrupt Hashcash users, and...
firefox -- arbitrary code execution from sidebar panel
A Mozilla Foundation Security Advisory states: If a user bookmarked a malicious page as a Firefox sidebar panel that page could execute arbitrary programs by opening a privileged page and injecting javascript into it...
libexif -- buffer overflow vulnerability
Sylvain Defresne reports that libexif is vulnerable to a buffer overflow vulnerability due to insufficient input checking. This could lead crash of applications using libexif...
ImageMagick -- format string vulnerability
Tavis Ormandy reports: magemagick-6.2.0-3 fixes an potential issue handling malformed filenames, the flaw may affect webapps or scripts that use the imagemagick utilities for image processing, or applications linked with libMagick. This vulnerability could crash ImageMagick or potentially lead to...
realplayer -- remote heap overflow
Two exploits have been identified in the Linux RealPlayer client. RealNetworks states: RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no...
xv -- filename handling format string vulnerability
A Gentoo Linux Security Advisory reports: Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Successful exploitation would require a victim to process a specially crafted image with a malformed filename, potentially resulting in the...
phpbb -- Insuffient check against HTML code in usercp_register.php
Neo Security Team reports: If we specify a variable in the html code any type: hidden, text, radio, check, etc with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature. This is a low risk vulnerability that allows users to bypass...
postnuke -- cross-site scripting (XSS) vulnerabilities
A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be...
postnuke -- SQL injection vulnerabilities
Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system to view all files within the PHP scope, for instance. Various other SQ...
phpbb -- privilege elevation and path disclosure
The phpbb developer group reports: phpBB Group announces the release of phpBB 2.0.13, the "Beware of the furries" edition. This release addresses two recent security exploits, one of them critical. They were reported a few days after .12 was released and no one is more annoyed than us, having to...
mozilla -- arbitrary code execution vulnerability
A Mozilla Foundation Security Advisory reports: Plugins such as flash can be used to load privileged content into a frame. Once loaded various spoofs can be applied to get the user to interact with the privileged content. Michael Krax's "Fireflashing" example demonstrates that an attacker can ope...
mkbold-mkitalic -- format string vulnerability
The version 0.061 and prior have a format string vulnerability which can be triggered by using a carefully-crafted BDF font file...
phpbb -- multiple vulnerabilities
phpBB is vulnerable to remote exploitation of an input validation vulnerability allows attackers to read the contents of arbitrary system files under the privileges of the webserver. This also allows remote attackers to unlink arbitrary system files under the privileges of the webserver...
phpbb -- multiple information disclosure vulnerabilities
psoTFX reports: phpBB Group are pleased to announce the release of phpBB 2.0.12 the "Horray for Furrywood" release. This release addresses a number of bugs and a couple of potential exploits. ... one of the potential exploits addressed in this release could be serious in certain situations and th...
phpmyadmin -- information disclosure vulnerability
A phpMyAdmin security announcement reports: By calling some scripts that are part of phpMyAdmin in an unexpected way especially scripts in the libraries subdirectory, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin...
uim -- privilege escalation vulnerability
The uim developers reports: Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+...
phpmyadmin -- arbitrary file include and XSS vulnerabilities
A phpMyAdmin security announcement reports: We received two bug reports by Maksymilian Arciemowicz about those vulnerabilities and we wish to thank him for his work. The vulnerabilities apply to those points: css/phpmyadmin.css.php was vulnerable against $cfg and GLOBALS variable injections. This...
putty -- pscp/psftp heap corruption vulnerabilities
Simon Tatham reports: This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. However, note that the server must have...
bidwatcher -- format string vulnerability
A Debian Security Advisory reports: Ulf Härnhammer from the Debian Security Audit Project discovered a format string vulnerability in bidwatcher, a tool for watching and bidding on eBay auctions. This problem can be triggered remotely by a web server of eBay, or someone pretending to be eBay,...
xloadimage -- arbitrary command execution when handling compressed files
Tavis Ormandy discovered that xli and xloadimage attempt to decompress images by piping them through gunzip or similar decompression tools. Unfortunately, the unsanitized file name is included as part of the command. This is dangerous, as in some situations, such as mailcap processing, an attacke...
gaim -- AIM/ICQ remote denial of service vulnerability
The GAIM team reports that GAIM is vulnerable to a denial-of-service vulnerability which can cause GAIM to freeze: Certain malformed SNAC packets sent by other AIM or ICQ users can trigger an infinite loop in Gaim when parsing the SNAC. The remote user would need a custom client, able to generate...
gaim -- remote DoS on receiving malformed HTML
The GAIM team reports: Receiving malformed HTML can result in an invalid memory access causing Gaim to crash...