Lucene search
K
FreebsdRecent

6583 matches found

FreeBSD
FreeBSD
•added 2011/10/05 12:0 a.m.•63 views

apache -- multiple vulnerabilities

CVE MITRE reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

2.6CVSS9AI score0.30809EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/10/03 12:0 a.m.•35 views

kdelibs4, rekonq -- input validation failure

KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a...

4.3CVSS9.3AI score0.01134EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/09/28 12:0 a.m.•22 views

FreeBSD -- Buffer overflow in handling of UNIX socket addresses

Problem Description: When a UNIX-domain socket is attached to a location using the bind2 system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. Linux uses a larger socket address structu...

1.1AI score
Exploits0
FreeBSD
FreeBSD
•added 2011/09/28 12:0 a.m.•39 views

FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)

Problem Description: The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted fi...

9.3CVSS7.8AI score0.08355EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/09/27 12:0 a.m.•54 views

Mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...

10CVSS9.8AI score0.05312EPSS
Exploits5References10
FreeBSD
FreeBSD
•added 2011/09/26 12:0 a.m.•9 views

cacti -- Multiple vulnerabilities

Cacti Group reports: SQL injection issue with user login, and cross-site scripting issues...

2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/09/26 12:0 a.m.•37 views

quagga -- multiple vulnerabilities

CERT-FI reports: Five vulnerabilities have been found in the BGP, OSPF, and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are...

7.5CVSS10AI score0.07615EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/09/14 12:0 a.m.•37 views

ffmpeg -- multiple vulnerabilities

Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...

7.5CVSS9.8AI score0.06597EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/09/11 12:0 a.m.•14 views

phpMyAdmin -- multiple XSS vulnerabilities

phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...

2.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/09/09 12:0 a.m.•18 views

django -- multiple vulnerabilities

The Django project reports: Please reference CVE/URL list for details...

1.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/09/06 12:0 a.m.•34 views

OpenSSL -- multiple vulnerabilities

OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...

5CVSS9AI score0.05012EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/09/04 12:0 a.m.•19 views

ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle

Matthias Andree reports that the ca-bundle.pl used in older versions of the carootnss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla...

4.3AI score
Exploits0
FreeBSD
FreeBSD
•added 2011/09/02 12:0 a.m.•33 views

libxml -- Integer overflow

Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...

9.3CVSS8.6AI score0.13727EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/08/25 12:0 a.m.•34 views

OpenTTD -- Denial of service via improperly validated commands

The OpenTTD Team reports: Multiple off-by-one errors in ordercmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted CMDINSERTORDER command...

7.5CVSS7.6AI score0.03831EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/25 12:0 a.m.•28 views

OpenTTD -- Multiple buffer overflows in validation of external data

The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service daemon crash or possibly gain privileges via 1 a crafted BMP file with RLE compression or 2 crafted dimensions in a BMP file...

4.6CVSS6.5AI score0.0038EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/25 12:0 a.m.•22 views

stunnel -- heap corruption vulnerability

Michal Trojnara reports: Version 4.42, 2011.08.18, urgency: HIGH: Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may possibly be leveraged to perform DoS or remote code execution attacks...

9.3CVSS6.9AI score0.05711EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/08/24 12:0 a.m.•27 views

phpMyAdmin -- multiple XSS vulnerabilities

The phpMyAdmin development team reports: Multiple XSS in the Tracking feature...

4.3CVSS5.9AI score0.02326EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/08/24 12:0 a.m.•58 views

apache -- Range header DoS vulnerability

Apache HTTP server project reports: A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server...

7.8CVSS8.4AI score0.98945EPSS
Exploits17References3
FreeBSD
FreeBSD
•added 2011/08/20 12:0 a.m.•35 views

codeigniter -- SQL injection vulnerability

The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/18 12:0 a.m.•34 views

XSS issue in MantisBT

Net.Edit0r from BlACK Hat Group reported an XSS issue in search.php. All MantisBT users including anonymous users that are not logged in to public bug trackers could be impacted by this vulnerability...

4.3CVSS5.8AI score0.04529EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/08/18 12:0 a.m.•62 views

php -- multiple vulnerabilities

PHP development team reports: Security Enhancements and Fixes in PHP 5.3.7: Updated cryptblowfish to 1.2. CVE-2011-2483 Fixed crash in errorlog. Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt. Fixed bug 54939 File path injection vulnerability in RFC1867 File upload...

7.5CVSS7.7AI score0.22724EPSS
Exploits15
FreeBSD
FreeBSD
•added 2011/08/17 12:0 a.m.•24 views

PHP -- crypt() returns only the salt for MD5

PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...

1.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/16 12:0 a.m.•22 views

OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system

OTRS Security Advisory reports: An attacker with valid session and admin permissions could get read access to any file on the servers local operating system. For this it would be needed minimum one installed OTRS package...

4CVSS6AI score0.01737EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/16 12:0 a.m.•42 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20...

10CVSS9.6AI score0.05556EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2011/08/16 12:0 a.m.•14 views

rubygem-rails -- multiple vulnerabilities

SecurityFocus reports: Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues...

1.3AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2011/08/10 12:0 a.m.•40 views

isc-dhcp-server -- server halt upon processing certain packets

ISC reports: A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets...

7.8CVSS6.4AI score0.38775EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/08/09 12:0 a.m.•41 views

roundcube -- XSS vulnerability

RoundCube development Team reports: We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our...

4.3CVSS5.9AI score0.02453EPSS
Exploits1
FreeBSD
FreeBSD
•added 2011/08/08 12:0 a.m.•21 views

OpenTTD -- Buffer overflows in savegame loading

The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame...

7.5CVSS7.4AI score0.05007EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/04 12:0 a.m.•33 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...

5CVSS6.4AI score0.02065EPSS
Exploits2References7
FreeBSD
FreeBSD
•added 2011/08/04 12:0 a.m.•11 views

zabbix-frontend -- multiple XSS vulnerabilities

Martina Matari reports: These URLs hostgroups.php, usergrps.php are vulnerable to persistent XSS attacks due to improper sanitation of gname variable when creating user and host groups...

2.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/08/03 12:0 a.m.•10 views

PivotX -- Remote File Inclusion Vulnerability of TimThumb

The PivotX team reports: TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...

0.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/27 12:0 a.m.•40 views

Samba -- cross site scripting and request forgery vulnerabilities

Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...

6.8CVSS5.7AI score0.10046EPSS
Exploits6
FreeBSD
FreeBSD
•added 2011/07/26 12:0 a.m.•26 views

libXfont -- possible local privilege escalation

Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...

9.3CVSS7.7AI score0.08355EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/25 12:0 a.m.•41 views

opensaml2 -- unauthenticated login

OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...

5.8CVSS4.7AI score0.02291EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/23 12:0 a.m.•38 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...

6.8CVSS6.5AI score0.0332EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/07/20 12:0 a.m.•31 views

glpi -- remote attack via crafted POST request

The GLPI project reports: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request...

5CVSS6.1AI score0.0285EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/07/19 12:0 a.m.•30 views

freetype2 -- execute arbitrary code or cause denial of service

Vincent Danen reports: Due to an error within the t1decoderparsecharstrings function src/psaux/t1decode.c and can be exploited to corrupt memory by tricking a user into processing a specially-crafted postscript Type1 font in an application that uses the freetype library...

9.3CVSS3AI score0.06646EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/19 12:0 a.m.•11 views

nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl

Heather Adkins, Google's Information Security Manager, reported that Google received ... reports of attempted SSL man-in-the-middle MITM attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The...

0.1AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2011/07/19 12:0 a.m.•26 views

mod_perl2 -- execute arbitrary Perl code

modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...

10CVSS3.2AI score0.08946EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2011/07/12 12:0 a.m.•52 views

libsndfile -- PAF file processing integer overflow

Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...

6.8CVSS7.1AI score0.04647EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/05 12:0 a.m.•37 views

BIND -- Remote DoS with certain RPZ configurations

ISC reports: Two defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones RPZ and where the RPZ zone contains a specific rule/action pattern...

2.6CVSS6.7AI score0.0888EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/07/05 12:0 a.m.•27 views

BIND -- Remote DoS against authoritative and recursive servers

ISC reports: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers...

5CVSS8.4AI score0.19265EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/07/02 12:0 a.m.•52 views

phpmyadmin -- multiple vulnerabilities

The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...

7.5CVSS6.7AI score0.12879EPSS
Exploits18References4
FreeBSD
FreeBSD
•added 2011/06/24 12:0 a.m.•26 views

Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...

5CVSS6.7AI score0.04612EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/06/23 12:0 a.m.•16 views

libsoup -- unintentionally allow access to entire local filesystem

Dan Winship reports: Fixed a security hole that caused some SoupServer users to unintentionally allow accessing the entire local filesystem when they thought they were only providing access to a single directory...

7.5CVSS7.3AI score0.00858EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/06/23 12:0 a.m.•49 views

cURL -- inappropriate GSSAPI delegation

cURL reports: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism...

4.3CVSS7.5AI score0.02994EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/06/21 12:0 a.m.•10 views

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-19 Miscellaneous memory safety hazards rv:3.0/1.9.2.18 MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images MFSA 2011-22 Integer overflow and arbitrary...

1.5AI score
Exploits0References10
FreeBSD
FreeBSD
•added 2011/06/21 12:0 a.m.•14 views

Piwik -- remote command execution vulnerability

The Piwik security advisory reports: The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user. Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitra...

3.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/06/14 12:0 a.m.•15 views

Dokuwiki -- cross site scripting vulnerability

Dokuwiki reports: We just released a Hotfix Release "2011-05-25a Rincewind". It contains the following changes: Security fix for a Cross Site Scripting vulnerability. Malicious users could abuse DokuWiki's RSS embedding mechanism to create links containing arbitrary JavaScript. Note: this securit...

0.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/06/08 12:0 a.m.•21 views

ikiwiki -- tty hijacking via ikiwiki-mass-rebuild

The IkiWiki development team reports: Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks...

8.2CVSS2.8AI score0.01596EPSS
Exploits0References1
Total number of security vulnerabilities6583