OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

redmine -- multiple vulnerabilities

Redmine reports: Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability...

portaudit -- auditfile remote code execution

Michael Gmelin and Jörg Scheinert has reported a remote command execution vulnerability in portaudit. An attacker who can get the user to use a specially crafted audit file will be able to run commands on the users system, with the privileges of the user running running portaudit often root. The...

chromium -- Errant plug-in load and GPU process memory corruption

Google Chrome Releases reports: 117620 117656 Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie...

freetype -- multiple vulnerabilities

The Freetype project reports: Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information...

mutt-devel -- failure to check SMTP TLS server certificate

Dave B reports on Full Disclosure: It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. ... This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection...

chromium -- cross-site scripting vulnerability

Google Chrome Releases reports: 117226 117230 Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov...

linux-flashplugin -- multiple vulnerabilities

These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

jenkins -- XSS vulnerability

Jenkins Security Advisory reports: An XSS vulnerability was found in Jenkins core, which allows an attacker to inject malicious HTMLs to pages served by Jenkins. This allows an attacker to escalate his privileges by hijacking sessions of other users. This vulnerability affects all versions...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...

Apache -- Insecure LD_LIBRARY_PATH handling

Apache reports: Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...

php -- multiple vulnerabilities

php development team reports: Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172 Add openbasedir checks to readlinewritehistory and readlinereadhistory. Security Enhancements for both PHP 5.3.11 only:...

databases/postgresql*-client -- multiple vulnerabilities

The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading ...

dropbear -- arbitrary code execution

The Dropbear project reports: Dropbear SSH Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after- free error. If a command restriction is enforced, an attacker could exploit this vulnerability to execute arbitrary code on the system with...

bugzilla Cross-Site Request Forgery

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious...

phpMyAdmin -- XSS in replication setup

The phpMyAdmin development team reports: It was possible to conduct XSS using a crafted database name...

mozilla -- heap-buffer overflow

The Mozilla Project reports: MFSA 2012-11 libpng integer overflow...

piwik -- xss and click-jacking issues

The Piwik Team reports: We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile...

linux-flashplugin -- multiple vulnerabilities

These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 105803 High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team scarybeasts. 106336 Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. 108695 High CVE-2011-3017: Possible use-after-free in database handlin...

xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled

Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 1, if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose all enabled...

Python -- DoS via malformed XML-RPC / HTTP POST request

Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process ...

surf -- private information disclosure

surf does not protect its cookie jar against access read access from other local users...

mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings

The Mozilla Project reports: MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 73478 Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. 92550 Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. 93106 High CVE-2011-3955: Crash aborting an...

php -- arbitrary remote code execution vulnerability

Secunia reports: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the "phpregistervariableex" function phpvariables.c when hashing form posts and updating a hash table,...

mathopd -- directory traversal vulnerability

Michiel Boland reports: The software has a vulnerability that could lead to directory traversal if the '' construct for mass virtual hosting is used...

drupal -- multiple vulnerabilities

Drupal development team reports: Cross Site Request Forgery vulnerability in Aggregator module CVE: CVE-2012-0826 An XSRF vulnerability can force an aggregator feed to update. Since some services are rate-limited e.g. Twitter limits requests to 150 per hour this could lead to a denial of service...

libtremor -- memory corruption

The Mozilla Project reports: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user accoun...

sudo -- format string vulnerability

Todd Miller reports: Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudodebug function contains a flaw where the program name is used as part of the format string passed to the fprintf function. The program nam...

postfixadmin -- Multiple Vulnerabilities

The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $GETdomain in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS by values stored in the database in fetchmail list view, list-domain...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...

fetchmail -- chosen plaintext attack against SSL CBC initialization vectors

Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...

OpenSSL -- DTLS Denial of Service

The OpenSSL Team reports: A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected...

spamdyke -- Buffer Overflow Vulnerabilities

Secunia reports: Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...

asterisk -- SRTP Video Remote Crash Vulnerability

Asterisk project reports: An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the ressrtp Asterisk module is loaded...

couchdb -- DOM based Cross-Site Scripting via Futon UI

Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...

isc-dhcp-server -- DoS in DHCPv6

ISC reports: Due to improper handling of a DHCPv6 lease structure, ISC DHCP servers that are serving IPv6 address pools AND using Dynamic DNS can encounter a segmentation fault error while updating lease status under certain conditions. The potential exists for this condition to be intentionally...

poweradmin -- multiple XSS vulnerabilities

Multiple cross-site scripting XSS vulnerabilities Multiple scripts are vulnerable to XSS attacks...

WebCalendar -- Persistent XSS

tom reports, There is no sanitation on the input of the location variable allowing for persistent XSS...

PowerDNS -- Denial of Service Vulnerability

The PowerDNS Team reports: Using well crafted UDP packets, one or more PowerDNS servers could be made to enter a tight packet loop, causing temporary denial of service...

bip -- buffer overflow

Julien Tinnes reports, Bip doesn't check if fd is equal or larger than FDSETSIZE...

OpenTTD -- Denial of service (server) via slow read attack

The OpenTTD Team reports: Using a slow read type attack it is possible to prevent anyone from joining a server with virtually no resources. Once downloading the map no other downloads of the map can start, so downloading really slowly will prevent others from joining. This can be further aggravat...

libxml2 -- heap buffer overflow

Google chrome team reports: Heap-based buffer overflow in libxml2, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106672 High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. 107128 High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Juri Aedla. 108006 High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google...

spamdyke -- STARTTLS Plaintext Injection Vulnerability

Secunia reports: The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data e.g. SMTP commands during the...

OpenSSL -- multiple vulnerabilities

The OpenSSL Team reports: 6 security flaws have been fixed in OpenSSL 1.0.0f: If X509VFLAGPOLICYCHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. As a...

WordPress -- cross site scripting vulnerability

WordPress development team reports: WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy...