6583 matches found
apache -- multiple vulnerabilities
CVE MITRE reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
kdelibs4, rekonq -- input validation failure
KDE Security Advisory reports: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. KSSL and Rekonq did not properly force its QLabels to use QLabel::PlainText. As a result, if given a...
FreeBSD -- Buffer overflow in handling of UNIX socket addresses
Problem Description: When a UNIX-domain socket is attached to a location using the bind2 system call, the length of the provided path is not validated. Later, when this address was returned via other system calls, it is copied into a fixed-length buffer. Linux uses a larger socket address structu...
FreeBSD -- errors handling corrupt compress file in compress(1) and gzip(1)
Problem Description: The code used to decompress a file created by compress1 does not do sufficient boundary checks on compressed code words, allowing reference beyond the decompression table, which may result in a stack overflow or an infinite loop when the decompressor encounters a corrupted fi...
Mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...
cacti -- Multiple vulnerabilities
Cacti Group reports: SQL injection issue with user login, and cross-site scripting issues...
quagga -- multiple vulnerabilities
CERT-FI reports: Five vulnerabilities have been found in the BGP, OSPF, and OSPFv3 components of Quagga. The vulnerabilities allow an attacker to cause a denial of service or potentially to execute his own code by sending a specially modified packets to an affected server. Routing messages are...
ffmpeg -- multiple vulnerabilities
Ubuntu Security Notice USN-1320-1 reports: Phillip Langlois discovered that FFmpeg incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary...
phpMyAdmin -- multiple XSS vulnerabilities
phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...
django -- multiple vulnerabilities
The Django project reports: Please reference CVE/URL list for details...
OpenSSL -- multiple vulnerabilities
OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. CVE-2011-3207 OpenSSL server code for ephemeral ECDH ciphersuites is not...
ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle
Matthias Andree reports that the ca-bundle.pl used in older versions of the carootnss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla...
libxml -- Integer overflow
Integer overflow in xpath.c, allows context-dependent attackers to to cause a denial of service crash and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions...
OpenTTD -- Denial of service via improperly validated commands
The OpenTTD Team reports: Multiple off-by-one errors in ordercmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a crafted CMDINSERTORDER command...
OpenTTD -- Multiple buffer overflows in validation of external data
The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service daemon crash or possibly gain privileges via 1 a crafted BMP file with RLE compression or 2 crafted dimensions in a BMP file...
stunnel -- heap corruption vulnerability
Michal Trojnara reports: Version 4.42, 2011.08.18, urgency: HIGH: Fixed a heap corruption vulnerability in versions 4.40 and 4.41. It may possibly be leveraged to perform DoS or remote code execution attacks...
phpMyAdmin -- multiple XSS vulnerabilities
The phpMyAdmin development team reports: Multiple XSS in the Tracking feature...
apache -- Range header DoS vulnerability
Apache HTTP server project reports: A denial of service vulnerability has been found in the way the multiple overlapping ranges are handled by Apache HTTPD server...
codeigniter -- SQL injection vulnerability
The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions 5.0.7 with mysqlsetcharset creates a...
XSS issue in MantisBT
Net.Edit0r from BlACK Hat Group reported an XSS issue in search.php. All MantisBT users including anonymous users that are not logged in to public bug trackers could be impacted by this vulnerability...
php -- multiple vulnerabilities
PHP development team reports: Security Enhancements and Fixes in PHP 5.3.7: Updated cryptblowfish to 1.2. CVE-2011-2483 Fixed crash in errorlog. Reported by Mateusz Kocielski Fixed buffer overflow on overlog salt in crypt. Fixed bug 54939 File path injection vulnerability in RFC1867 File upload...
PHP -- crypt() returns only the salt for MD5
PHP development team reports: If crypt is executed with MD5 salts, the return value consists of the salt only. DES and BLOWFISH salts work as expected...
OTRS -- Vulnerabilities in OTRS-Core allows read access to any file on local file system
OTRS Security Advisory reports: An attacker with valid session and admin permissions could get read access to any file on the servers local operating system. For this it would be needed minimum one installed OTRS package...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-29 Security issues addressed in Firefox 6 MFSA 2011-28 Security issues addressed in Firefox 3.6.20...
rubygem-rails -- multiple vulnerabilities
SecurityFocus reports: Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues...
isc-dhcp-server -- server halt upon processing certain packets
ISC reports: A pair of defects cause the server to halt upon processing certain packets. The patch is to properly discard or process those packets...
roundcube -- XSS vulnerability
RoundCube development Team reports: We just published a new release which fixes a recently reported XSS vulnerability as an update to the stable 0.5 branch. Please update your installations with this new version or patch them with the fix which is also published in the downloads section or our...
OpenTTD -- Buffer overflows in savegame loading
The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via vectors related to 1 NAME, 2 PLYR, 3 CHTS, or 4 AIPL aka AI config chunk loading from a savegame...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Internet Explorer 8 and older, and Safari before 5.0.6 do content sniffing when viewing a patch in "Raw Unified" mode, which could trigger a cross-site scripting attack due to the execution of...
zabbix-frontend -- multiple XSS vulnerabilities
Martina Matari reports: These URLs hostgroups.php, usergrps.php are vulnerable to persistent XSS attacks due to improper sanitation of gname variable when creating user and host groups...
PivotX -- Remote File Inclusion Vulnerability of TimThumb
The PivotX team reports: TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...
Samba -- cross site scripting and request forgery vulnerabilities
Samba security advisory reports: All current released versions of Samba are vulnerable to a cross-site request forgery in the Samba Web Administration Tool SWAT. By tricking a user who is authenticated with SWAT into clicking a manipulated URL on a different web page, it is possible to manipulate...
libXfont -- possible local privilege escalation
Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...
opensaml2 -- unauthenticated login
OpenSAML developer reports: The Shibboleth software relies on the OpenSAML libraries to perform verification of signed XML messages such as attribute queries or SAML assertions. Both the Java and C++ versions are vulnerable to a so-called "wrapping attack" that allows a remote, unauthenticated...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: XSS in table Print view. Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a loca...
glpi -- remote attack via crafted POST request
The GLPI project reports: The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request...
freetype2 -- execute arbitrary code or cause denial of service
Vincent Danen reports: Due to an error within the t1decoderparsecharstrings function src/psaux/t1decode.c and can be exploited to corrupt memory by tricking a user into processing a specially-crafted postscript Type1 font in an application that uses the freetype library...
nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl
Heather Adkins, Google's Information Security Manager, reported that Google received ... reports of attempted SSL man-in-the-middle MITM attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The...
mod_perl2 -- execute arbitrary Perl code
modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...
libsndfile -- PAF file processing integer overflow
Secunia reports: Hossein Lotfi has discovered a vulnerability in libsndfile, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to an integer overflow error in the "paf24init" function src/paf.c when processing...
BIND -- Remote DoS with certain RPZ configurations
ISC reports: Two defects were discovered in ISC's BIND 9.8 code. These defects only affect BIND 9.8 servers which have recursion enabled and which use a specific feature of the software known as Response Policy Zones RPZ and where the RPZ zone contains a specific rule/action pattern...
BIND -- Remote DoS against authoritative and recursive servers
ISC reports: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers...
phpmyadmin -- multiple vulnerabilities
The phpMyAdmin development team reports: It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks. An unsanitized key from the Servers array is written in a comment of the generated config. An attacker can...
Asterisk -- multiple vulnerabilities
The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...
libsoup -- unintentionally allow access to entire local filesystem
Dan Winship reports: Fixed a security hole that caused some SoupServer users to unintentionally allow accessing the entire local filesystem when they thought they were only providing access to a single directory...
cURL -- inappropriate GSSAPI delegation
cURL reports: When doing GSSAPI authentication, libcurl unconditionally performs credential delegation. This hands the server a copy of the client's security credentials, allowing the server to impersonate the client to any other using the same GSSAPI mechanism...
mozilla -- multiple vulnerabilities
The Mozilla Project reports: MFSA 2011-19 Miscellaneous memory safety hazards rv:3.0/1.9.2.18 MFSA 2011-20 Use-after-free vulnerability when viewing XUL document with script disabled MFSA 2011-21 Memory corruption due to multipart/x-mixed-replace images MFSA 2011-22 Integer overflow and arbitrary...
Piwik -- remote command execution vulnerability
The Piwik security advisory reports: The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user. Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitra...
Dokuwiki -- cross site scripting vulnerability
Dokuwiki reports: We just released a Hotfix Release "2011-05-25a Rincewind". It contains the following changes: Security fix for a Cross Site Scripting vulnerability. Malicious users could abuse DokuWiki's RSS embedding mechanism to create links containing arbitrary JavaScript. Note: this securit...
ikiwiki -- tty hijacking via ikiwiki-mass-rebuild
The IkiWiki development team reports: Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks...