libarchive -- multiple vulnerabilities

MITRE reports: Integer signedness error in the archivewritezipdata function in archivewritesetformatzip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service crash via unspecified vectors, which triggers an improper...

Axis2 -- Security vulnerabilities on dependency Apache HttpClient

Apache Axis2 reports: Apache Axis2 1.7.4 is a maintenance release that includes fixes for several issues, including the following security issues: Session fixation AXIS2-4739 and XSS AXIS2-5683 vulnerabilities affecting the admin console. A dependency on an Apache HttpClient version affected by...

django-cms -- XSS Vulnerability

Cross-site scripting XSS vulnerability Jonas Obrist reports: The security issue allows users with limited admin access to elevate their privileges through XSS injection using the pageattribute template tag. Only users with admin access and the permission to edit at least one django CMS page objec...

tomcat -- bypass of CSRF prevention filter

The Apache Software Foundation reports: The CSRF prevention filter could be bypassed if a request was made to a protected resource without a session identifier present in the request...

tomcat -- bypass of security constraints

The Apache Software Foundation reports: When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/jsecuritycheck" to the end of the URL if some other component such as the Single-Sign-On valve had called request.setUserPrincip...

tomcat -- denial of service

The Apache Software Foundation reports: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service...

mysql/mariadb/percona server -- multiple vulnerabilities

ORACLE reports: Multiple SQL injection vulnerabilities in the replication code Stack-based buffer overflow Heap-based buffer overflow...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 161564 High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team Jüri Aedla. 162835 High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie...

dns/bind9* -- servers using DNS64 can be crashed by a crafted query

ISC reports: BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 156567 High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. 148638 Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. 155711 Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. 158249 Hi...

FreeBSD -- Linux compatibility layer input validation error

Problem description: A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation...

FreeBSD -- Multiple Denial of Service vulnerabilities with named(8)

Problem description: The BIND daemon would crash when a query is made on a resource record with RDATA that exceeds 65535 bytes. The BIND daemon would lock up when a query is made on specific combinations of RDATA...

FreeBSD -- Insufficient message length validation for EAP-TLS messages

Problem description: The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages...

upnp -- multiple vulnerabilities

Project changelog reports: This patch addresses three possible buffer overflows in function uniqueservicename.The three issues have the folowing CVE numbers: CVE-2012-5958 Issue 2: Stack buffer overflow of Tempbuf CVE-2012-5959 Issue 4: Stack buffer overflow of Event-UDN CVE-2012-5960 Issue 8:...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-91 Miscellaneous memory safety hazards rv:17.0/ rv:10.0.11 MFSA 2012-92 Buffer overflow while rendering GIF images MFSA 2012-93 evalInSanbox location context incorrectly applied MFSA 2012-94 Crash when combining SVG text on path with CSS MFSA 2012-95...

opera -- execution of arbitrary code

Opera reports: When requesting pages using HTTP, Opera temporarily stores the response in a buffer. In some cases, Opera may incorrectly allocate too little space for a buffer, and may then store too much of the response in that buffer. This causes a buffer overflow, which in turn can lead to a...

lighttpd -- remote DoS in header parsing

Lighttpd security advisory reports: Certain Connection header values will trigger an endless loop, for example: "Connection: TE,,Keep-Alive" On receiving such value, lighttpd will enter an endless loop, detecting an empty token but not incrementing the current string position, and keep reading th...

weechat -- Arbitrary shell command execution via scripts

Sebastien Helleu reports: Untrusted command for function hookprocess could lead to execution of commands, because of shell expansions. Workaround with a non-patched version: remove/unload all scripts calling function hookprocess for maximum safety...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak If the visibility of a custom field is controlled by a product or a component of a product you cannot see, their names are disclosed in the JavaScript code generated for this...

ruby -- Hash-flooding DoS vulnerability for ruby 1.9

The official ruby site reports: Carefully crafted sequence of strings can cause a denial of service attack on the service that parses the sequence to create a Hash object by using the strings as keys. For instance, this vulnerability affects web application that parses the JSON data sent from...

weechat -- Crash or freeze when decoding IRC colors in strings

Sebastien Helleu reports: A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings. Workaround for a non-patched version: /set irc.network.colorsreceive off...

typo3 -- Multiple vulnerabilities in TYPO3 Core

Typo Security Team reports: TYPO3 Backend History Module - Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability. Credits go to Thomas Worm who discovered and reported the...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 157079 Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. Linux 64-bit only 150729 Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. 143761 High CVE-2012-5116:...

opera -- multiple vulnerabilities

Opera reports: CORS Cross-Origin Resource Sharing allows web pages to retrieve the contents of pages from other sites, with their permission, as they would appear for the current user. When requests are made in this way, the browser should only allow the page content to be retrieved if the target...

tomcat -- Denial of Service

The Apache Software Foundation reports: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

tomcat -- authentication weaknesses

The Apache Software Foundation reports: Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: Tomcat tracked client rather than server nonces and nonce count. When a session ID was present, authentication was bypassed. The user name and password were n...

webmin -- potential XSS attack via real name field

The webmin updates site reports Module: Change Passwords; Version: 1.600; Problem: Fix for potential XSS attack via real name field; Solution: New module...

YUI JavaScript library -- JavaScript injection exploits in Flash components

The YUI team reports: Vulnerability in YUI 2.4.0 through YUI 2.9.0 A XSS vulnerability has been discovered in some YUI 2 .swf files from versions 2.4.0 through 2.9.0. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files. If your site loa...

RT -- Multiple Vulnerabilities

BestPractical report: All versions of RT are vulnerable to an email header injection attack. Users with ModifySelf or AdminUser can cause RT to add arbitrary headers or content to outgoing mail. Depending on the scrips that are configured, this may be be leveraged for information leakage or...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-90 Fixes for Location object issues...

Exim -- remote code execution

This vulnerability affects Exim instances built with DKIM enabled this is the default for FreeBSD Exim port and running verification of DKIM signatures on the incoming mail messages. Phil Penncock reports: This is a SECURITY release, addressing a CRITICAL remote code execution flaw in versions of...

DomainKeys Identified Mail (DKIM) Verifiers may inappropriately convey message trust

US-CERT reports: DomainKeys Identified Mail DKIM Verifiers may inappropriately convey message trust when messages are signed using test or small bit signing keys...

bogofilter -- heap corruption by invalid base64 input

David Relson reports: Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, FU Berlin, Germany...

drupal7 -- multiple vulnerabilities

Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original...

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Some parts of Django -- independent of end-user-written applications -- make use of full URLs, including domain name, which are generated from the HTTP Host header. Some attacks against this are beyond Django's ability to control, and require the...

xlockmore -- local exploit

Ignatios Souvatzis of NetBSD reports: Due to an error in the dclock screensaver in xlockmore, users who explicitly use this screensaver or a random mix of screensavers using something like "xlockmore -mode random" may have their screen unlocked unexpectedly at a random time...

otrs -- XSS vulnerability

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...

otrs -- XSS vulnerability could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying th...

ruby -- Unintentional file creation caused by inserting an illegal NUL character

The official ruby site reports: A vulnerability was found that file creation routines can create unintended files by strategically inserting NULs in file paths. This vulnerability has been reported as CVE-2012-4522. Ruby can handle arbitrary binary patterns as Strings, including NUL chars. On the...

libproxy -- stack-based buffer overflow

Tomas Hoger reports: A buffer overflow flaw was discovered in the libproxy's url::getpac used to download proxy.pac proxy auto-configuration file. A malicious host hosting proxy.pac, or a man in the middle attacker, could use this flaw to trigger a stack-based buffer overflow in an application...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 154983154987 Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-74 Miscellaneous memory safety hazards rv:16.0/ rv:10.0.8 MFSA 2012-75 select element persistance allows for attacks MFSA 2012-76 Continued access to initial origin after setting document.domain MFSA 2012-77 Some DOMWindowUtils methods bypass security checks...

plib -- stack-based buffer overflow

CVE reports: Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file...

gitolite -- path traversal vulnerability

Sitaram Chamarty reports: I'm sorry to say there is a potential path traversal vulnerability in v3. Thanks to Stephane Chazelas for finding it and alerting me. Can it affect you? This can only affect you if you are using wild card repos, and at least one of your patterns allows the string "../" t...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 138208 High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG. 147499 Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG. 148692 Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

phpMyAdmin -- Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

The phpMyAdmin development team reports: When creating/modifying a trigger, event or procedure with a crafted name, it is possible to trigger an XSS. To display information about the current phpMyAdmin version on the main page, a piece of JavaScript is fetched from the phpmyadmin.net website in...

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS due to unescaped hostnames CVE-2012-3499 Various XSS flaws due to unescaped hostnames and URIs HTML output in modinfo, modstatus, modimagemap, modldap, and modproxyftp. moderate: XSS in modproxybalancer CVE-2012-4558 A XSS flaw affected the...

Wireshark -- Multiple Vulnerabilities

Wireshark reports: The HSRP dissector could go into an infinite loop. The PPP dissector could abort. Martin Wilck discovered an infinite loop in the DRDA dissector. Laurent Butti discovered a buffer overflow in the LDP dissector...