cacti -- Multiple vulnerabilities

Cacti Group reports: SQL injection issue with user login, and cross-site scripting issues...

ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...

phpMyAdmin -- multiple XSS vulnerabilities

phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...

django -- multiple vulnerabilities

The Django project reports: Please reference CVE/URL list for details...

OpenSSL -- multiple vulnerabilities

OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...

ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle

Matthias Andree reports that the ca-bundle.pl used in older versions of the carootnss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla...

libxml -- Integer overflow

Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...

OpenTTD -- Denial of service via improperly validated commands

The OpenTTD Team reports: Multiple off-by-one errors in ordercmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted CMDINSERTORDER command...

stunnel -- heap corruption vulnerability

Michal Trojnara reports: Version 4.42, 2011.08.18, urgency: HIGH: Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may possibly be leveraged to perform DoS or remote code execution attacks...

OpenTTD -- Multiple buffer overflows in validation of external data

The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service daemon crash or possibly gain privileges via 1 a crafted BMP file with RLE compression or 2 crafted dimensions in a BMP file...

apache -- Range header DoS vulnerability

Apache HTTP server project reports: A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server...

phpMyAdmin -- multiple XSS vulnerabilities

The phpMyAdmin development team reports: Multiple XSS in the Tracking feature...

codeigniter -- SQL injection vulnerability

The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...

php -- multiple vulnerabilities

PHP development team reports: Security Enhancements and Fixes in PHP 5.3.7: Updated cryptblowfish to 1.2. CVE-2011-2483 Fixed crash in errorlog. Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt. Fixed bug 54939 File path injection vulnerability in RFC1867 File upload...

XSS issue in MantisBT

Net.Edit0r from BlACK Hat Group reported an XSS issue in search.php. All MantisBT users including anonymous users that are not logged in to public bug trackers could be impacted by this vulnerability...

PHP -- crypt() returns only the salt for MD5

PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...

rubygem-rails -- multiple vulnerabilities

SecurityFocus reports: Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20...

OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system

OTRS Security Advisory reports: An attacker with valid session and admin permissions could get read access to any file on the servers local operating system. For this it would be needed minimum one installed OTRS package...

isc-dhcp-server -- server halt upon processing certain packets

ISC reports: A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets...

roundcube -- XSS vulnerability

RoundCube development Team reports: We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our...

OpenTTD -- Buffer overflows in savegame loading

The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame...

zabbix-frontend -- multiple XSS vulnerabilities

Martina Matari reports: These URLs hostgroups.php, usergrps.php are vulnerable to persistent XSS attacks due to improper sanitation of gname variable when creating user and host groups...

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...

PivotX -- Remote File Inclusion Vulnerability of TimThumb

The PivotX team reports: TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...

Samba -- cross site scripting and request forgery vulnerabilities

Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...

libXfont -- possible local privilege escalation

Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...

opensaml2 -- unauthenticated login

OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...

glpi -- remote attack via crafted POST request

The GLPI project reports: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request...

nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl

Heather Adkins, Google's Information Security Manager, reported that Google received ... reports of attempted SSL man-in-the-middle MITM attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The...

mod_perl2 -- execute arbitrary Perl code

modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...

freetype2 -- execute arbitrary code or cause denial of service

Vincent Danen reports: Due to an error within the t1decoderparsecharstrings function src/psaux/t1decode.c and can be exploited to corrupt memory by tricking a user into processing a specially-crafted postscript Type1 font in an application that uses the freetype library...

libsndfile -- PAF file processing integer overflow

Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...

BIND -- Remote DoS against authoritative and recursive servers

ISC reports: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers...

BIND -- Remote DoS with certain RPZ configurations

ISC reports: Two defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones RPZ and where the RPZ zone contains a specific rule/action pattern...

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...

libsoup -- unintentionally allow access to entire local filesystem

Dan Winship reports: Fixed a security hole that caused some SoupServer users to unintentionally allow accessing the entire local filesystem when they thought they were only providing access to a single directory...

cURL -- inappropriate GSSAPI delegation

cURL reports: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism...

Piwik -- remote command execution vulnerability

The Piwik security advisory reports: The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user. Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitra...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-19 Miscellaneous memory safety hazards rv:3.0/1.9.2.18 MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images MFSA 2011-22 Integer overflow and arbitrary...

Dokuwiki -- cross site scripting vulnerability

Dokuwiki reports: We just released a Hotfix Release "2011-05-25a Rincewind". It contains the following changes: Security fix for a Cross Site Scripting vulnerability. Malicious users could abuse DokuWiki's RSS embedding mechanism to create links containing arbitrary JavaScript. Note: this securit...

ikiwiki -- tty hijacking via ikiwiki-mass-rebuild

The IkiWiki development team reports: Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks...

linux-flashplugin -- multiple vulnerabilities

Adobe Product Security Incident Response Team reports: Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.7 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.186.6 and earlier versions for Android. These vulnerabilities could cau...

asterisk -- Remote crash vulnerability

The Asterisk Development Team reports: If a remote user initiates a SIP call and the recipient picks up, the remote user can reply with a malformed Contact header that Asterisk will improperly handle and cause a crash due to a segmentation fault...

Subversion -- multiple vulnerabilities

Subversion team reports: Subversion's moddavsvn Apache HTTPD server module will dereference a NULL pointer if asked to deliver baselined WebDAV resources. This can lead to a DoS. An exploit has been tested, and tools or users have been observed triggering this problem in the wild. Subversion's...

BIND -- Large RRSIG RRsets and Negative Caching DoS

ISC reports: A BIND 9 DNS server set up to be a caching resolver is vulnerable to a user querying a domain with very large resource record sets RRSets when trying to negatively cache a response. This can cause the BIND 9 DNS server named process to crash...

Erlang -- ssh library uses a weak random number generator

US-CERT reports: The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG...

dovecot -- denial of service vulnerability

Timo Sirainen reports: Fixed potential crashes and other problems when parsing header names that contained NUL characters...