redmine -- XSS vulnerability

Redmine reports: XSS vulnerability...

dns/bind9* -- crash on deliberately constructed combination of records

ISC reports: A deliberately constructed combination of records could cause named to hang while populating the additional section of a response...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 143439 High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. 143437 High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. 139814 High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. 135432 High...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces security vulnerabilities that were found in Jenkins core and several plugins. The first vulnerability in Jenkins core allows unprivileged users to insert data into Jenkins master, which can lead to remote code execution. For this...

optipng -- use-after-free vulnerability

Secunia reports: A vulnerability has been reported in OptiPNG, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a use-after-free error related to the palette reduction functionality. No further information is currently...

OpenX -- SQL injection vulnerability

Secunia reports: A vulnerability has been discovered in OpenX, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "xajaxargs" parameter to www/admin/updates-history.php when "xajax" is set to "expandOSURow" is not properly sanitised in e.g. the...

apache22 -- several vulnerabilities

Apache HTTP SERVER PROJECT reports: low: XSS in modnegotiation when untrusted uploads are supported CVE-2012-2687 Possible XSS for sites which use modnegotiation and allow untrusted uploads to locations which have MultiViews enabled. low: insecure LDLIBRARYPATH handling CVE-2012-0883 This issue w...

mod_pagespeed -- multiple vulnerabilities

Google Reports: modpagespeed 0.10.22.6 is a security update that fixes two critical issues that affect earlier versions: CVE-2012-4001, a problem with validation of own host name. CVE-2012-4360, a cross-site scripting attack, which affects versions starting from 0.10.19.1. The effect of the first...

dns/bind9* -- Several vulnerabilities

ISC reports: Prevents a crash when queried for a record whose RDATA exceeds 65535 bytes. Prevents a crash when validating caused by using "Bad cache" data before it has been initialized. ISCQUEUE handling for recursive clients was updated to address a race condition that could cause a memory leak...

bacula -- Console ACL Bypass

A security issue has been reported in Bacula, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to an error within the implementation of console ACLs, which can be exploited to gain access to certain restricted functionality and e....

freeradius -- arbitrary code execution for TLS-based authentication

freeRADIUS security team reports: Overflow in EAP-TLS for 2.1.10, 2.1.11 and 2.1.12. The issue was found by Timo Warns, and communicated to [email protected]. A sample exploit for the issue was included in the notification. The vulnerability was created in commit a368a6f4f4aaf on August 18,...

wordpress -- multiple unspecified privilege escalation bugs

Wordpress reports: Version 3.4.2 also fixes a few security issues and contains some security hardening. The vulnerabilities included potential privilege escalation and a bug that affects multisite installs with untrusted users. These issues were discovered and fixed by the WordPress security team...

moinmoin -- wrong processing of group membership

MoinMoin developers report: If you have group NAMES containing "All" or "Known" or "Trusted", they behaved wrong until now they erroneously included All/Known/Trusted users even if you did not list them as members, but will start working correctly with this changeset. E.g. AllFriendsGroup: JoeDoe...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 121347 Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. 134897 High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. 135485 Low CVE-2012-2867: Browser crash with SPDY. 136881 Medium CVE-2012-2868: Race condition with workers and...

otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while displaying th...

asterisk -- multiple vulnerabilities

Asterisk project reports: Asterisk Manager User Unauthorized Shell Access ACL rules ignored when placing outbound calls by certain IAX2 users...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: LDAP Injection When the user logs in using LDAP, the username is not escaped when building the uid=$username filter which is used to query the LDAP directory. This could potentially lead to LDAP...

otrs -- XSS vulnerability in Firefox and Opera

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. This is a variance of the XSS vulnerability, where an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your browser while...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-57 Miscellaneous memory safety hazards rv:15.0/ rv:10.0.7 MFSA 2012-58 Use-after-free issues found using Address Sanitizer MFSA 2012-59 Location object can be shadowed using Object.defineProperty MFSA 2012-60 Escalation of privilege through about:newtab MFSA...

mediawiki -- multiple vulnerabilities

Mediawiki reports: Bug 39700 Wikipedia administrator Writ Keeper discovered a stored XSS HTML injection vulnerability. This was possible due to the handling of link text on File: links for nonexistent files. MediaWiki 1.16 and later is affected. Bug 39180 User Fomafix reported several DOM-based X...

Java 1.7 -- security manager bypass

US-CERT reports: Oracle Java Runtime Environment JRE 1.7 contains a vulnerability that may allow an applet to call setSecurityManager in a way that allows setting of arbitrary permissions. By leveraging the public, privileged getField function, an untrusted Java applet can escalate its privileges...

py39-Elixir -- weak use of cryptography

Red Hat Security Response Team reports: Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique initialization vector IV, which makes it easier for context-dependent users to obtain sensitive information and decrypt the database...

otrs -- XSS vulnerability in Internet Explorer

OTRS Security Advisory reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer whil...

otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution

The OTRS Project reports: This advisory covers vulnerabilities discovered in the OTRS core system. Due to the XSS vulnerability in Internet Explorer an attacker could send a specially prepared HTML email to OTRS which would cause JavaScript code to be executed in your Internet Explorer while...

ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s

The official ruby site reports: Vulnerabilities found for Exceptiontos, NameErrortos, and nameerrmesgtos which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes. Ruby's $SAFE mechanism enables untrusted user codes to run in $SA...

jabberd -- domain spoofing in server dialback protocol

XMPP Standards Foundation reports: Some implementations of the XMPP Server Dialback protocol RFC 3920/XEP-0220 have not been checking dialback responses to ensure that validated results are correlated with requests. An attacking server could spoof one or more domains in communicating with a...

wireshark -- denial of service in DRDA dissector

RedHat security team reports: A denial of service flaw was found in the way Distributed Relational Database Architecture DRDA dissector of Wireshark, a network traffic analyzer, performed processing of certain DRDA packet capture files. A remote attacker could create a specially-crafted capture...

databases/postgresql*-server -- multiple vulnerabilities

The PostgreSQL Global Development Group reports: The PostgreSQL Global Development Group today released security updates for all active branches of the PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. This update patches security holes associated with libxml2 and...

GNU gatekeeper -- denial of service

Jan Willamowius reports: GNU Gatekeeper before 3.1 does not limit the number of connections to the status port, which allows remote attackers to cause a denial of service connection and thread consumption via a large number of connections...

typo3 -- Multiple vulernabilities in TYPO3 Core

Typo Security Team reports: It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution. TYPO3 Backend Help System - Due to a missing signature HMAC for a parameter in the viewhelp.php file, an...

inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

roundcube -- cross-site scripting in HTML email messages

RoundCube branch 0.8.x prior to the version 0.8.1 is prone to the cross-scripting attack XSS originating from incoming HTML e-mails: due to the lack of proper sanitization of JavaScript code inside the "href" attribute, sender could launch XSS attack when recipient opens the message in RoundCube...

emacs -- remote code execution vulnerability

Chong Yidong reports: Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to th...

ansible -- enable host key checking in paramiko connection type

Ansible changelog reports: Host key checking is on by default. Disable it if you like by adding hostkeychecking=False in the default section of /etc/ansible/ansible.cfg or /ansible.cfg or by exporting ANSIBLEHOSTKEYCHECKING=False...

phpMyAdmin -- Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages

The phpMyAdmin development team reports: Using a crafted table name, it was possible to produce a XSS : 1 On the Database Structure page, creating a new table with a crafted name 2 On the Database Structure page, using the Empty and Drop links of the crafted table name 3 On the Table Operations...

fetchmail -- two vulnerabilities in NTLM authentication

Matthias Andree reports: With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV. Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location...

Calligra, KOffice -- input validation failure

KDE Security Advisory reports: A flaw has been found which can allow malicious code to take advantage of an input validation failure in the Microsoft import filter in Calligra and KOffice. Exploitation can allow the attacker to gain control of the running process and execute code on its behalf...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 136643 137721 137957 High CVE-2012-2862: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. 136968 137361 High CVE-2012-2863: Out-of-bounds writes in PDF viewer. Credit to...

rubygem-rails -- multiple vulnerabilities

Rails core team reports: This version contains three important security fixes, please upgrade immediately. One of security fixes impacts all users and is related to HTML escaping code. The other two fixes impacts people using selecttag's prompt option and striptags helper from ActionPack...

phpMyAdmin -- Path disclosure due to missing library

The phpMyAdmin development team reports: The showconfigerrors.php script does not include a library, so an error message shows the full path of this file, leading to possible further attacks...

libcloud -- possible SSL MITM due to invalid regexp used to validate target server hostname

The libcloud development team reports: When establishing a secure SSL / TLS connection to a target server an invalid regular expression has been used for performing the hostname verification. Subset instead of the full target server hostname has been marked an an acceptable match for the given...

libutp -- remote denial of service or arbitrary code execution

NVD reports: Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted "micro transport protocol packets."...

Several vulnerabilities found in IcedTea-Web

The IcedTea project team reports: CVE-2012-3422: Use of uninitialized instance pointers An uninitialized pointer use flaw was found in IcedTea-Web web browser plugin. A malicious web page could use this flaw make IcedTea-Web browser plugin pass invalid pointer to a web browser. Depending on the...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: Linux only 125225 Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team Julien Tinnes. 127522 Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. 127525 Medi...

django -- multiple vulnerabilities

The Django project reports: Today the Django team is issuing multiple releases -- Django 1.3.2 and Django 1.4.1 -- to remedy security issues reported to us: Cross-site scripting in authentication views Denial-of-service in image validation Denial-of-service via getimagedimensions All users are...

ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file

Kurt Seifried reports: There is an issue in ImageMagick that is also present in GraphicsMagick. CVE-2011-3026 deals with libpng memory allocation, and limitations have been added so that a bad PNG can't cause the system to allocate a lot of memory and a denial of service. However on further...

nsd -- Denial of Service

Tom Hendrikx reports: It is possible to crash SIGSEGV a NSD child server process by sending it a DNS packet from any host on the internet and the per zone stats build option is enabled. A crashed child process will automatically be restarted by the parent process, but an attacker may keep the NSD...

libotr -- buffer overflows

OTR developers report: The otrlbase64otrdecode function and similar functions within OTR suffer from buffer overflows in the case of malformed input; specifically if a message of the format of "?OTR:===." is received then a zero-byte allocation is performed without a similar correlation between t...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Information Leak Versions: 4.1.1 to 4.2.1, 4.3.1 In HTML bugmails, all bug IDs and attachment IDs are linkified, and hovering these links displays a tooltip with the bug summary or the attachment...

rubygem-actionpack -- Denial of Service

There is a DoS vulnerability in Action Pack digest authentication handling in authenticateorrequestwithhttpdigest...