3816 matches found
Webmin, Usermin: Cross-site scripting vulnerabilities
Background Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description The pamlogin.cgi file does not properly sanitize user input before sending it back as output t...
file: Integer overflow
Background file is a utility that guesses a file format by scanning binary data for patterns. Description Colin Percival from FreeBSD reported that the previous fix for the fileprintf buffer overflow introduced a new integer overflow. Impact A remote attacker could entice a user to run the file...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description iDefense Labs have reported a stack-based buffer overflow in the cabunstore function when processing negative values in .cab files. Multiple file descriptor leaks have also been reported in chmunpack.c, pdf.c and dblock.c when processing .chm...
NAS: Multiple vulnerabilities
Background NAS is a network transparent, client/server audio transport system. Description Luigi Auriemma has discovered multiple vulnerabilities in NAS, some of which include a buffer overflow in the function acceptattlocal, an integer overflow in the function ProcAuWriteElement, and a null...
FreeRADIUS: Denial of service
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description The Coverity Scan project has discovered a memory leak within the handling of certain malformed Diameter format values inside an EAP-TTLS tunnel. Impact A remote attacker could send a large amount of...
X.Org X server: Multiple vulnerabilities
Background The X Window System is a graphical windowing system based on a client/server model. Description Multiple memory corruption vulnerabilities have been found in the ProcDbeGetVisualInfo and the ProcDbeSwapBuffers of the DBE extension, and ProcRenderAddGlyphs in the Render extension. Impac...
Mono: Information disclosure
Background Mono provides the necessary software to develop and run .NET client and server applications on various platforms. Description Jose Ramon Palanco has discovered that the System.Web class in the XSP for the ASP.NET server 1.1 through 2.0 in Mono does not properly validate or sanitize loc...
Ruby: Denial of Service vulnerability
Background Ruby is a dynamic, open source programming language with a focus on simplicity and productivity. Description The readmultipart function of the CGI library shipped with Ruby cgi.rb does not properly check boundaries in MIME multipart content. This is a different issue than GLSA 200611-1...
Trac: Cross-site request forgery
Background Trac is a wiki and issue tracking system for software development projects. Description Trac allows users to perform certain tasks via HTTP requests without performing correct validation on those requests. Impact An attacker could entice an authenticated user to browse to a specially...
Mozilla Thunderbird: Multiple vulnerabilities
Background The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. Description A number of vulnerabilities have been found and fixed in Mozilla Thunderbird. For details please consult the references below. Impact The most severe vulnerabilities might lead to the execution...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform, stand-alone browser application. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact The most...
BIND: Denial of service
Background ISC BIND is the Internet Systems Consortium implementation of the Domain Name System DNS protocol. Description Queries for SIG records will cause an assertion error if more than one SIG RRset is returned. Additionally, an INSIST failure can be triggered by sending multiple recursive...
AdPlug: Multiple vulnerabilities
Background AdPlug is a free, cross-platform, and hardware-independent AdLib sound player library. Description AdPlug is vulnerable to buffer and heap overflows when processing the following types of files: CFF, MTK, DMO, U6M, DTM, and S3M. Impact By enticing a user to load a specially crafted fil...
Heartbeat: Denial of service
Background Heartbeat is a component of the High-Availability Linux project. It is used to perform death-of-node detection, communications and cluster management. Description Yan Rong Ge discovered that the peelnetstring function in clnetstring.c does not validate the "length" parameter of user...
Net::Server: Format string vulnerability
Background Net::Server is an extensible, generic Perl server engine. It is used by several Perl applications like Postgrey. Description The log function of Net::Server does not handle format string specifiers properly before they are sent to syslog. Impact By sending a specially crafted datastrea...
WordPress: Privilege escalation
Background WordPress is a PHP and MySQL based multiuser blogging system. Description The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact...
shadow: Privilege escalation
Background shadow provides a set of utilities to deal with user accounts. Description When the mailbox is created in useradd, the "open" function does not receive the three arguments it expects while OCREAT is present, which leads to random permissions on the created file, before fchmod is...
MPlayer: Heap-based buffer overflow
Background MPlayer is a media player that supports many multimedia file types. Description Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Impact An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in...
xine-lib: Buffer overflow vulnerability
Background xine-lib is the xine core engine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the...
Crossfire server: Denial of Service and potential arbitrary code execution
Background Crossfire is a cooperative multiplayer graphical adventure and role-playing game. The Crossfire game server allows various compatible clients to connect to participate in a cooperative game. Description Luigi Auriemma discovered a vulnerability in the Crossfire game server, in the...
Doomsday: Format string vulnerability
Background Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing. Impact A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of...
GNU tar: Buffer overflow
Background GNU tar is the standard GNU utility for creating and manipulating tar archives, a common format used for creating backups and distributing files on UNIX-like systems. Description Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer...
GraphicsMagick: Format string vulnerability
Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. Description The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of "%"-escaped sequences in filenames passed to the functi...
GPdf: heap overflows in included Xpdf code
Background GPdf is a Gnome PDF viewer. Description Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially...
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Peter Schumacher discovered that Gallery fails to...
pinentry: Local privilege escalation
Background pinentry is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, s...
XLI, Xloadimage: Buffer overflow
Background XLI and Xloadimage are X11 image manipulation utilities. Description When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and...
util-linux: umount command validation error
Background util-linux is a suite of useful Linux programs including umount, a program used to unmount filesystems. Description When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem...
Adobe Reader: Buffer Overflow
Background Adobe Reader is a utility used to view PDF files. Description A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Impact An attacker may create a specially-crafted PDF file, enticing a user to open it. This could trigger a buffer overfl...
AMD64 x86 emulation base libraries: Buffer overflow
Background The x86 emulation base libraries for AMD64 emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted...
libextractor: Multiple overflow vulnerabilities
Background libextractor is a library used to extract meta-data from files. It makes use of Xpdf code to extract information from PDF files. Description Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors...
phpBB: Cross-Site Scripting Vulnerability
Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...
JunkBuster: Multiple vulnerabilities
Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...
Sylpheed, Sylpheed-claws: Message reply overflow
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Impact An attacker can send an email...
phpWebSite: Arbitrary PHP execution and path disclosure
Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains a...
TWiki: Arbitrary command execution
Background TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser. Description The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the...
X.Org, XFree86: libXpm vulnerabilities
Background libXpm is a pixmap manipulation library for the X Window System, included in both X.Org and XFree86. Description Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact An attacker could...
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Jim Paris has discovered a cross-site scripting...
MIT krb5: Insecure temporary file use in send-pr.sh
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...
OpenOffice.org: Temporary files disclosure
Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When ...
phpMyAdmin: Vulnerability in MIME-based transformation system
Background phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode,...
xine-lib: Multiple vulnerabilities
Background xine-lib is a multimedia library which can be utilized to create multimedia frontends. Description xine-lib contains two stack-based overflows and one heap-based overflow. In the code reading VCD disc labels, the ISO disc label is copied into an unprotected stack buffer of fixed size...
Webmin, Usermin: Multiple vulnerabilities in Usermin
Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also...
MySQL: Insecure temporary file creation in mysqlhotcopy
Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Jeroen van Wolffelaar discovered that the MySQL database hot copy utility mysqlhotcopy.sh, when using the scp method, uses temporary files with predictable names. A malicious local user with writ...
rsync: Directory traversal in rsync daemon
Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description When rsyncd is used...
Pavuk: Remote buffer overflow
Background Pavuk is web spider and website mirroring tool. Description When Pavuk connects to a web server and the server sends back the HTTP status code 305 Use Proxy, Pavuk copies data from the HTTP Location header in an unsafe manner. Impact An attacker could cause a stack-based buffer overflo...
Pound format string vulnerability
Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description A format string flaw in the processing of syslog messages was discovered and...
ClamAV RAR Archive Remote Denial Of Service Vulnerability
Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...
HashiCorp Consul: Multiple Vulnerabilities
Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...