6583 matches found
libpurple -- Remote DoS via an MSN OIM message that lacks UTF-8 encoding
US-CERT reports: The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...
nginx -- potential information leak
nginx development team reports: Matthew Daley recently discovered a security problem which may lead to a disclosure of previously freed memory on specially crafted response from an upstream server, potentially resulting in sensitive information leak...
asterisk -- multiple vulnerabilities
Asterisk project reports: Stack Buffer Overflow in HTTP Manager Remote Crash Vulnerability in Milliwatt Application...
rubygem-mail -- multiple vulnerabilities
rubygem-mail -- multiple vulnerabilities Two issues were fixed. They are a file system traversal in filedelivery method and arbitrary command execution when using exim or sendmail from the command line...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-13 XSS with Drag and Drop and Javascript: URL MFSA 2012-14 SVG issues found with Address Sanitizer MFSA 2012-15 XSS with multiple Content Security Policy headers MFSA 2012-16 Escalation of privilege with Javascript: URL as home page MFSA 2012-17 Crash when...
OpenSSL -- CMS and S/MIME Bleichenbacher attack
The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...
vlc -- arbitrary code execution in Real RTSP and MMS support
Jean-Baptiste Kempf, on behalf of the VideoLAN project reports: If successful, a malicious third party could crash the VLC media player process. Arbitrary code execution could be possible on some systems...
redmine -- multiple vulnerabilities
Redmine reports: Mass-assignment vulnerability that would allow an attacker to bypass part of the security checks. Persistent XSS vulnerability...
portaudit -- auditfile remote code execution
Michael Gmelin and Jörg Scheinert has reported a remote command execution vulnerability in portaudit. An attacker who can get the user to use a specially crafted audit file will be able to run commands on the users system, with the privileges of the user running running portaudit often root. The...
chromium -- Errant plug-in load and GPU process memory corruption
Google Chrome Releases reports: 117620 117656 Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie...
chromium -- cross-site scripting vulnerability
Google Chrome Releases reports: 117226 117230 Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov...
mutt-devel -- failure to check SMTP TLS server certificate
Dave B reports on Full Disclosure: It seems that mutt fails to check the validity of a SMTP servers certificate during a TLS connection. ... This means that an attacker could potentially MITM a mutt user connecting to their SMTP server even when the user has forced a TLS connection...
freetype -- multiple vulnerabilities
The Freetype project reports: Multiple vulnerabilities exist in freetype that can result in application crashes and remote code execution. Please review the details in each of the CVEs for additional information...
linux-flashplugin -- multiple vulnerabilities
These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
jenkins -- XSS vulnerability
Jenkins Security Advisory reports: An XSS vulnerability was found in Jenkins core, which allows an attacker to inject malicious HTMLs to pages served by Jenkins. This allows an attacker to escalate his privileges by hijacking sessions of other users. This vulnerability affects all versions...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 105867 High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. 108037 High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. 108406 115471 High CVE-2011-3033: Buffer overflow in the Skia drawing library. Cred...
Apache -- Insecure LD_LIBRARY_PATH handling
Apache reports: Insecure handling of LDLIBRARYPATH was found that could lead to the current working directory to be searched for DSOs. This could allow a local user to execute code as root if an administrator runs apachectl from an untrusted directory...
php -- multiple vulnerabilities
php development team reports: Security Enhancements for both PHP 5.3.11 and PHP 5.4.1: Insufficient validating of upload name leading to corrupted $FILES indices. CVE-2012-1172 Add openbasedir checks to readlinewritehistory and readlinereadhistory. Security Enhancements for both PHP 5.3.11 only:...
databases/postgresql*-client -- multiple vulnerabilities
The PostgreSQL Global Development Group reports: These vulnerabilities could allow users to define triggers that execute functions on which the user does not have EXECUTE permission, allow SSL certificate spoofing and allow line breaks in object names to be exploited to execute code when loading ...
dropbear -- arbitrary code execution
The Dropbear project reports: Dropbear SSH Server could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a use-after- free error. If a command restriction is enforced, an attacker could exploit this vulnerability to execute arbitrary code on the system with...
bugzilla Cross-Site Request Forgery
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious...
phpMyAdmin -- XSS in replication setup
The phpMyAdmin development team reports: It was possible to conduct XSS using a crafted database name...
piwik -- xss and click-jacking issues
The Piwik Team reports: We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile...
mozilla -- heap-buffer overflow
The Mozilla Project reports: MFSA 2012-11 libpng integer overflow...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 105803 High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team scarybeasts. 106336 Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. 108695 High CVE-2011-3017: Possible use-after-free in database handlin...
linux-flashplugin -- multiple vulnerabilities
These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...
xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled
Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 1, if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose all enabled...
Python -- DoS via malformed XML-RPC / HTTP POST request
Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process ...
mozilla -- use-after-free in nsXBLDocumentInfo::ReadPrototypeBindings
The Mozilla Project reports: MFSA 2012-10 use after free in nsXBLDocumentInfo::ReadPrototypeBindings...
surf -- private information disclosure
surf does not protect its cookie jar against access read access from other local users...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 73478 Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. 92550 Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. 93106 High CVE-2011-3955: Crash aborting an...
mathopd -- directory traversal vulnerability
Michiel Boland reports: The software has a vulnerability that could lead to directory traversal if the '' construct for mass virtual hosting is used...
php -- arbitrary remote code execution vulnerability
Secunia reports: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a logic error within the "phpregistervariableex" function phpvariables.c when hashing form posts and updating a hash table,...
drupal -- multiple vulnerabilities
Drupal development team reports: Cross Site Request Forgery vulnerability in Aggregator module CVE: CVE-2012-0826 An XSRF vulnerability can force an aggregator feed to update. Since some services are rate-limited e.g. Twitter limits requests to 150 per hour this could lead to a denial of service...
libtremor -- memory corruption
The Mozilla Project reports: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative the possibility of memory corruption during the decoding of Ogg Vorbis files. This can cause a crash during decoding and has the potential for remote code execution...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user accoun...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2012-01 Miscellaneous memory safety hazards rv:10.0/ rv:1.9.2.26 MFSA 2012-02 Overly permissive IPv6 literal syntax MFSA 2012-03 iframe element exposed across domains via name attribute MFSA 2012-04 Child nodes from nsDOMAttribute still accessible after removal o...
sudo -- format string vulnerability
Todd Miller reports: Sudo 1.8.0 introduced simple debugging support that was primarily intended for use when developing policy or I/O logging plugins. The sudodebug function contains a flaw where the program name is used as part of the format string passed to the fprintf function. The program nam...
postfixadmin -- Multiple Vulnerabilities
The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $GETdomain in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS by values stored in the database in fetchmail list view, list-domain...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 106484 High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. 108461 High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI ZDI-CAN-1415. 108605 High CVE-2011-3927: Uninitialized value in Skia...
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
Matthias Andree reports: Fetchmail version 6.3.9 enabled "all SSL workarounds" SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an attacker can make the application fetchmail...
OpenSSL -- DTLS Denial of Service
The OpenSSL Team reports: A flaw in the fix to CVE-2011-4108 can be exploited in a denial of service attack. Only DTLS applications using OpenSSL 1.0.0f and 0.9.8s are affected...
asterisk -- SRTP Video Remote Crash Vulnerability
Asterisk project reports: An attacker attempting to negotiate a secure video stream can crash Asterisk if video support has not been enabled and the ressrtp Asterisk module is loaded...
spamdyke -- Buffer Overflow Vulnerabilities
Secunia reports: Fixed a number of very serious errors in the usage of snprintf/vsnprintf. The return value was being used as the length of the string printed into the buffer, but the return value really indicates the length of the string that could be printed if the buffer were of infinite size...
couchdb -- DOM based Cross-Site Scripting via Futon UI
Jan Lehnardt reports: Query parameters passed into the browser-based test suite are not sanitised, and can be used to load external resources. An attacker may execute JavaScript code in the browser, using the context of the remote user...
isc-dhcp-server -- DoS in DHCPv6
ISC reports: Due to improper handling of a DHCPv6 lease structure, ISC DHCP servers that are serving IPv6 address pools AND using Dynamic DNS can encounter a segmentation fault error while updating lease status under certain conditions. The potential exists for this condition to be intentionally...
poweradmin -- multiple XSS vulnerabilities
Multiple cross-site scripting XSS vulnerabilities Multiple scripts are vulnerable to XSS attacks...
WebCalendar -- Persistent XSS
tom reports, There is no sanitation on the input of the location variable allowing for persistent XSS...
PowerDNS -- Denial of Service Vulnerability
The PowerDNS Team reports: Using well crafted UDP packets, one or more PowerDNS servers could be made to enter a tight packet loop, causing temporary denial of service...
bip -- buffer overflow
Julien Tinnes reports, Bip doesn't check if fd is equal or larger than FDSETSIZE...