3816 matches found
Smarty: Multiple vulnerabilities
Background Smarty is a template engine for PHP. Description Multiple vulnerabilities have been discovered in Smarty: The vendor reported that the modifier.regexreplace.php plug-in contains an input sanitation flaw related to the ASCII NUL character CVE-2008-1066. The vendor reported that the...
BIND: Multiple vulnerabilities
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Multiple cache poisoning vulnerabilities were discovered in BIND. For further information please consult the CVE entries and the ISC Security Bulletin referenced below. Note:...
Ruby: Terminal Control Character Injection
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with a HTTP server "WEBrick". Description Giovanni Pellerano, Alessandro Tanasi and Francesco Ongaro reported that WEBrick does not filter terminal control characters, for instanc...
PyCrypto: Execution of arbitrary code
Background PyCrypto is the Python Cryptography Toolkit. Description Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length. Impact A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an...
Real VNC: User-assisted execution of arbitrary code
Background Real VNC is a remote desktop viewer display system. Description An unspecified vulnerability has been discovered int the CMsgReader::readRect function in the VNC Viewer component, related to the encoding type of RFB protocol data. Impact A remote attacker could entice a user to connect...
cURL: Arbitrary file access
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. Description David Kierznowski reported that the redirect implementation accepts arbitrary Location values when CURLOPTFOLLOWLOCATION is enabled. Impact A remote attacker could possibly...
D-Bus: Denial of service
Background D-Bus is a daemon providing a framework for applications to communicate with one another. Description schelte reported that the dbussignaturevalidate function can trigger a failed assertion when processing a message containing a malformed signature. Impact A local user could send a...
Adobe Reader: User-assisted execution of arbitrary code
Background Adobe Reader formerly Adobe Acrobat Reader is a closed-source PDF reader. Description The Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. Impact A remote attacker could entice a user to open a...
libvorbis: Multiple vulnerabilities
Background libvorbis is the reference implementation of the Xiph.org Ogg Vorbis audio file format. It is used by many applications for playback of Ogg Vorbis files. Description Will Drewry of the Google Security Team reported multiple vulnerabilities in libvorbis: A zero value for "codebook.dim" ...
rdesktop: Multiple vulnerabilities
Background rdesktop is an open source Remote Desktop Protocol RDP client. Description An anonymous researcher reported multiple vulnerabilities in rdesktop via iDefense Labs: An integer underflow error exists in the function isorecvmsg in the file iso.c which can be triggered via a specially...
Samba: Heap-based buffer overflow
Background Samba is a suite of SMB and CIFS client/server programs. Description Alin Rad Pop Secunia Research reported a vulnerability in Samba within the receivesmbraw function in the file lib/utilsock.c when parsing SMB packets, possibly leading to a heap-based buffer overflow via an overly lar...
ClamAV: Multiple vulnerabilities
Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description Multiple vulnerabilities have been reported: Damian Put reported a heap-based buffer overflow when processing PeSpin packed PE binaries CVE-2008-0314. Alin Rad Po...
am-utils: Insecure temporary file creation
Background am-utils is a collection of utilities for use with the Berkeley Automounter. Description Tavis Ormandy discovered that, when creating temporary files, the 'expn' utility does not check whether the file already exists. Impact A local attacker could exploit the vulnerability via a symlin...
Dovecot: Multiple vulnerabilities
Background Dovecot is a lightweight, fast and easy to configure IMAP and POP3 mail server. Description Dovecot uses the group configured via the "mailextragroups" setting, which should be used to create lockfiles in the /var/mail directory, when accessing arbitrary files CVE-2008-1199. Dovecot do...
LIVE555 Media Server: Denial of service
Background LIVE555 Media Server is a set of libraries for multimedia streaming. Description Luigi Auriemma reported a signedness error in the parseRTSPRequestString function when processing short RTSP queries. Impact A remote attacker could send a specially crafted RTSP query to the vulnerable...
lighttpd: Multiple vulnerabilities
Background lighttpd is a lightweight high-performance web server. Description lighttpd contains a calculation error when allocating the global file descriptor array CVE-2008-0983. Furthermore, it sends the source of a CGI script instead of returning a 500 error Internal Server Error when the fork...
SWORD: Shell command injection
Background SWORD is a library for Bible study software. Description Dan Dennison reported that the diatheke.pl script used in SWORD does not properly sanitize shell meta-characters in the "range" parameter before processing it. Impact A remote attacker could provide specially crafted input to a...
CUPS: Memory corruption
Background CUPS provides a portable printing layer for UNIX-based operating systems. Description Alin Rad Pop Secunia Research discovered an off-by-one error in the ippReadIO function when handling Internet Printing Protocol IPP tags that might allow to overwrite one byte on the stack. Impact A...
NVIDIA drivers: Denial of service
Background The NVIDIA drivers provide support for NVIDIA graphic boards. Description Gregory Shikhman discovered that the default Gentoo setup of NVIDIA drivers creates the /dev/nvidia with insecure file permissions. Impact A local attacker could send arbitrary values into the devices, possibly...
emul-linux-x86-java: Multiple vulnerabilities
Background emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development Kit. Description Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an "incorrect use o...
PostgreSQL: Multiple vulnerabilities
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL does not correctly check the data types of the SQL function arguments under unspecified circumstances nor the format of the provided tables in the query planner. Impact A remote...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Tom Ferris reported a heap-based buffer overflow involving wide SVG stroke widths that affects Mozilla Firefox 2 only. Various researchers reported some errors in the JavaScript engine potentiall...
Fetchmail: Denial of Service and password disclosure
Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla Project. Description Georgi Guninski and David Bienvenu discovered buffer overflows in the processing of long "Content-Type:" and long non-ASCII MIME headers. Additionally, Frederik Reiss discovered a heap-based...
imlib2: Multiple vulnerabilities
Background imlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. Description M. Joonas Pihlaja discovered several buffer overflows in loaderargb.c, loaderpng.c,...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Description Mozilla Firefox improperly handles Script objects while they are being executed. Mozilla Firefox has also been found to be vulnerable to various possible buffer overflows. Lastly, the binary...
Mozilla Network Security Service (NSS): RSA signature forgery
Background The Mozilla Network Security Service is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Daniel Bleichenbacher discovered that it might be possible to forge signatures signed by RSA keys with th...
ImageMagick: Multiple Vulnerabilities
Background ImageMagick is a free software suite to manipulate, convert, and create many image formats. Description Tavis Ormandy of the Google Security Team discovered a stack and heap buffer overflow in the GIMP XCF Image decoder and multiple heap and integer overflows in the SUN bitmap decoder...
Mailman: Multiple vulnerabilities
Background Mailman is a Python based mailing list server with an extensive web interface. Description Mailman fails to properly handle standards-breaking RFC 2231 formatted headers. Furthermore, Moritz Naumann discovered several XSS vulnerabilities and a log file injection. Impact An attacker cou...
DokuWiki: Arbitrary command execution
Background DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Description "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a...
LibXfont, monolithic X.org: Multiple integer overflows
Background libXfont is the X.Org Xfont library, some parts are based on the FreeType code base. Description Several integer overflows have been found in the CID font parser. Impact A remote attacker could exploit this vulnerability by enticing a user to load a malicious font file resulting in the...
PHP: Arbitary code execution
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description The sscanf PHP function contains an array boundary error that can be exploited to dereference a null pointer. This can possibly allow the...
Motor: Execution of arbitrary code
Background Motor is a text mode based programming environment for Linux, with a syntax highlighting feature, project manager, makefile generator, gcc and gdb front-end, and CVS integration. Description In November 2005, Zone-H Research reported a boundary error in the ktools library in the...
Mozilla SeaMonkey: Multiple vulnerabilities
Background The Mozilla SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as "Mozilla Application Suite". Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's...
Nagios: Buffer overflow
Background Nagios is an open source host, service and network monitoring program. Description Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact A buffer overflow in Nagios CGI scripts under certa...
zgv, xzgv: Heap overflow
Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space...
WordPress: SQL injection vulnerability
Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...
Blender: Heap-based buffer overflow
Background Blender is an open source software for 3D modeling, animation, rendering, post-production, interactive creation and playback. Description Damian Put has reported a flaw due to an integer overflow in the "getbhead" function, leading to a heap overflow when processing malformed ".blend"...
Xpdf, GPdf, CUPS, Poppler: Multiple vulnerabilities
Background Xpdf and GPdf are PDF file viewers that run under the X Window System. Poppler is a PDF rendering library based on Xpdf code. The Common UNIX Printing System CUPS is a cross-platform print spooler. It makes use of Xpdf code to handle PDF files. Description infamous41md discovered that...
chmlib, KchmViewer: Stack-based buffer overflow
Background chmlib is a library for dealing with Microsoft ITSS and CHM format files. KchmViewer is a CHM viewer that includes its own copy of the chmlib library. Description Sven Tantau reported about a buffer overflow vulnerability in chmlib. The function "chmdecompressblock" does not properly...
Weex: Format string vulnerability
Background Weex is a non-interactive FTP client typically used to update web pages. Description Ulf Harnhammar discovered a format string bug in Weex that can be triggered when it is first run or when its cache files are rebuilt, using the -r option. Impact An attacker could setup a malicious FTP...
Python: Heap overflow in the included PCRE library
Background Python is an interpreted, interactive, object-oriented, cross-platform programming language. The "re" Python module provides regular expression functions. Description The "re" Python module makes use of a private copy of libpcre which is subject to an integer overflow leading to a heap...
GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library
Background GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications created to support Gadu Gadu instant messaging protocol. libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an...
Kopete: Vulnerability in included Gadu library
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete also part of kdenetwork is the KDE Instant Messenger. Description Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in...
Adobe Acrobat Reader: Buffer overflow vulnerability
Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the UnixAppOpenFilePerform function, which is called when Adobe Acrobat Reader tries to open a file with the "\Filespec" tag. Impact By enticing a user to open a specially...
cpio: Directory traversal vulnerability
Background cpio is a file archival tool which can also read and write tar files. Description A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Impact An attacker could create a malicious cpio...
Wordpress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. Impact An attacker could use the SQL injection vulnerabilities to gain information from the database...
phpMyAdmin: Insecure SQL script installation
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL databases from a web-browser. phpMyAdmin uses a pma MySQL user to control the linked-tables infrastructure. The SQL install script sets the initial password for the pma user. Description The phpMyAdmin...
Heimdal: Buffer overflow vulnerabilities
Background Heimdal is a free implementation of Kerberos 5 that includes a telnet client program. Description Buffer overflow vulnerabilities in the slcaddreply and envoptadd functions have been discovered by Gael Delalleau in the telnet client in Heimdal. Impact Successful exploitation would...
eGroupWare: XSS and SQL injection vulnerabilities
Background eGroupWare is a suite of web-based group applications including calendar, address book, messenger and email. Description Multiple SQL injection and cross-site scripting vulnerabilities have been found in several eGroupWare modules. Impact An attacker could possibly use the SQL injectio...