6583 matches found
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 112983 Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG. 113496 Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community. 118374 Medium CVE-2011-3085: UI...
mail/sympa* -- Multiple vulnerabilities in Sympa archive management
David Verdin reports: Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms. This vulnerability allows the attacker to: display the archives management page 'arcmanage' download the list's archives delete the list'...
libxml2 -- An off-by-one out-of-bounds write by XPointer
Google chrome team reports: An off-by-one out-of-bounds write flaw was found in the way libxml, a library for providing XML and HTML support, evaluated certain XPointer parts XPointer is used by libxml to include only the part from the returned XML document, that can be accessed using the XPath...
sympa -- Multiple Security Bypass Vulnerabilities
Secunia team reports: Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions. The vulnerabilities are caused due to the application allowing access to archive functions without checking credentials. This can be...
socat -- Heap-based buffer overflow
The socat development team reports: This vulnerability can be exploited when socat is invoked with the READLINE address this is usually only used interactively without option "prompt" and without option "noprompt" and an attacker succeeds to provide malicious data to the other arbitrary address...
openjpeg -- Multiple vulnerabilities
Openjpeg release notes report: That CVE-2012-3535 and CVE-2012-3358 are fixed in the 1.5.1 release. That CVE-2013-4289, CVE-2013-4290, CVE-2013-1447, CVE-2013-6045, CVE-2013-6052, CVE-2013-6054, CVE-2013-6053, CVE-2013-6887, where fixed in the 1.5.2 release...
OpenSSL -- DTLS and TLS 1.1, 1.2 denial of service
OpenSSL security team reports: A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers...
PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability
High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...
php -- multiple vulnerabilities
The PHP Development Team reports: The release of PHP 5.4.13 and 5.4.3 complete a fix for the vulnerability in CGI-based setups as originally described in CVE-2012-1823. CVE-2012-2311 Note: modphp and php-fpm are not vulnerable to this attack. PHP 5.4.3 fixes a buffer overflow vulnerability in the...
rssh -- arbitrary command execution
Derek Martin rssh maintainer reports: Henrik Erkkonen has discovered that, through clever manipulation of environment variables on the ssh command line, it is possible to circumvent rssh. As far as I can tell, there is no way to effect a root compromise, except of course if the root account is th...
libpurple -- Invalid memory dereference in the XMPP protocol plug-in by processing serie of specially-crafted file transfer requests
Pidgin reports: A series of specially crafted file transfer requests can cause clients to reference invalid memory. The user must have accepted one of the file transfer requests...
FreeBSD -- OpenSSL multiple vulnerabilities
Problem description: OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 records when operating as a client or a server that accept SSL 3.0 handshakes. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could...
php -- vulnerability in certain CGI-based setups
php development team reports: Security Enhancements and Fixes in PHP 5.3.12: Initial fix for cgi-bin ?-s cmdarg parse issue CVE-2012-1823...
p5-Config-IniFiles -- unsafe temporary file creation
Unsafe Temporary file creation Config::IniFiles used a predictable name for its temporary file without opening it correctly...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106413 High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team Marty Barbella and independent later discovery by miaubiz. 117627 Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. 121726 Medium CVE-2011-3080: Rac...
portupgrade-devel -- lack of distfile checksums
Ports security team reports: The portupgrade-devel port fetched directly from a git respository without checking against a known good SHA hash. This means that it is possible that packages built using this port may not match the one vetted by the maintainer. Users are advised to rebuild...
samba -- incorrect permission checks vulnerability
The Samba project reports: Samba versions 3.4.x to 3.6.4 inclusive are affected by a vulnerability that allows arbitrary users to modify privileges on a file server. Security checks were incorrectly applied to the Local Security Authority LSA remote proceedure calls RPC CreateAccount, OpenAccount...
joomla -- Privilege Escalation
Joomla! reported a Core Privilege Escalation:: Inadequate checking leads to possible user privilege escalation...
WebCalendar -- multiple vulnerabilities
Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...
net-snmp -- Remote DoS
The Red Hat Security Response Team reports: An array index error, leading to out-of heap-based buffer read flaw was found in the way the net-snmp agent performed lookups in the extension table. When certain MIB subtrees were handled by the extend directive, a remote attacker having read privilege...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-20 Miscellaneous memory safety hazards rv:12.0/ rv:10.0.4 MFSA 2012-21 Multiple security flaws fixed in FreeType v2.4.9 MFSA 2012-22 use-after-free in IDBKeyRange MFSA 2012-23 Invalid frees causes heap corruption in gfxImageSurface MFSA 2012-24 Potential XSS...
asterisk -- multiple vulnerabilities
Asterisk project reports: Remote Crash Vulnerability in SIP Channel Driver Heap Buffer Overflow in Skinny Channel Driver Asterisk Manager User Unauthorized Shell Access...
wordpress -- multiple vulnerabilities
Wordpress reports: External code has been updated to non-vulnerable versions. In addition the following bugs have been fixed: Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances. Cross-site...
OpenSSL -- integer conversions result in memory corruption
OpenSSL security team reports: A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1d2ireadbio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2ibio or d2ifp, for exampl...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Unauthorized Access Due to a lack of proper validation of the X-FORWARDED-FOR header of an authentication request, an attacker could bypass the current lockout policy used for protection against...
node -- private information disclosure
Private information disclosure An attacker can cause private information disclosure...
Dokuwiki -- cross site scripting vulnerability
Andy Webber reports: Add User appears to be vulnerable to Cross Site Request Forgery CSRF/XSRF...
typo -- Cross-Site Scripting
Typo Security Team reports: Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages...
phpmyfaq -- Remote PHP Code Execution Vulnerability
The phpMyFAQ project reports: The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses...
foswiki -- Script Insertion Vulnerability via unchecked user registration fields
Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...
nginx -- Buffer overflow in the ngx_http_mp4_module
The nginx project reports: Buffer overflow in the ngxhttpmp4module...
samba -- "root" credential remote code execution
Samba development team reports: Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection. As this does not require an authenticated connection it is the most serious vulnerability...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hig...
linux-flashplugin -- multiple vulnerabilities
Adobe reports: Multiple Priority 2 vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
png -- memory corruption/possible remote code execution
The PNG project reports: libpng fails to correctly handle malloc failures for text chunks in pngsettext2, which can lead to memory corruption and the possibility of remote code execution...
coppermine -- Multiple vulnerabilities
The Coppermine Team reports: The release covers several path disclosure vulnerabilities. If unpatched, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 109574 Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. 112317 Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. 114056 Medium CVE-2011-3060: Out-of-bounds read in text fragmen...
ImageMagick -- multiple vulnerabilities
ImageMagick reports: Three vulnerabilities have been identified in ImageMagick's handling of JPEG and TIFF files. With these vulnerabilities, it is possible to cause a denial of service situation in the target system...
phpMyAdmin -- Path disclosure due to missing verification of file presence
The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...
puppet -- Multiple Vulnerabilities
Multiple vulnerabilities exist in puppet that can result in arbitrary code execution, arbitrary file read access, denial of service, and arbitrary file write access. Please review the details in each of the CVEs for additional information...
raptor/raptor2 -- XXE in RDF/XML File Interpretation
Timothy D. Morgan reports: In December 2011, VSR identified a vulnerability in multiple open source office products including OpenOffice, LibreOffice, KOffice, and AbiWord due to unsafe interpretation of XML files with custom entity declarations. Deeper analysis revealed that the vulnerability wa...
quagga -- multiple vulnerabilities
CERT reports: The ospfd implementation of OSPF in Quagga allows a remote attacker on a local network segment with OSPF enabled to cause a denial of service daemon aborts due to an assert with a malformed OSPF LS-Update message. The ospfd implementation of OSPF in Quagga allows a remote attacker o...
Apache Traffic Server -- heap overflow vulnerability
CERT-FI reports: A heap overflow vulnerability has been found in the HTTP Hypertext Transfer Protocol protocol handling of Apache Traffic Server. The vulnerability allows an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified HTTP message t...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 113902 High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. 116162 High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. 116461 High CVE-2011-3051: Use-after-free in CSS cross-fad...
phpList -- SQL injection and XSS vulnerability
Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...
gnutls -- possible overflow/Denial of service vulnerabilities
Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability...
NVIDIA UNIX driver -- access to arbitrary system memory
NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...
libtasn1 -- ASN.1 length decoding vulnerability
Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1getlengthder is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally...
clamav -- multiple vulnerabilities
MITRE Advisories report: The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial aliases character sequence. The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR fi...
inspircd -- buffer overflow
InspIRCd reports: InspIRCd contains a heap corruption vulnerability that exists in the dns.cpp code. The res buffer is allocated on the heap and can be overflowed. The res buffer can be exploited during its deallocation. The number of overflowed bytes can be controlled with DNS compression featur...