3816 matches found
Crossfire server: Denial of Service and potential arbitrary code execution
Background Crossfire is a cooperative multiplayer graphical adventure and role-playing game. The Crossfire game server allows various compatible clients to connect to participate in a cooperative game. Description Luigi Auriemma discovered a vulnerability in the Crossfire game server, in the...
GNU tar: Buffer overflow
Background GNU tar is the standard GNU utility for creating and manipulating tar archives, a common format used for creating backups and distributing files on UNIX-like systems. Description Jim Meyering discovered a flaw in the handling of certain header fields that could result in a buffer...
GraphicsMagick: Format string vulnerability
Background GraphicsMagick is a collection of tools to read, write and manipulate images in many formats. Description The SetImageInfo function was found vulnerable to a format string mishandling. Daniel Kobras discovered that the handling of "%"-escaped sequences in filenames passed to the functi...
GPdf: heap overflows in included Xpdf code
Background GPdf is a Gnome PDF viewer. Description Dirk Mueller found a heap overflow vulnerability in the XPdf codebase when handling splash images that exceed size of the associated bitmap. Impact An attacker could entice a user to open a specially crafted PDF file with GPdf, potentially...
Apache: Multiple vulnerabilities
Background The Apache HTTP server is one of the most popular web servers on the Internet. modimap provides support for server-side image maps; modssl provides secure HTTP connections. Description Apache's modimap fails to properly sanitize the "Referer" directive of imagemaps in some cases, leavi...
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Peter Schumacher discovered that Gallery fails to...
pinentry: Local privilege escalation
Background pinentry is a collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol. Description Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that the pinentry ebuild incorrectly sets the permissions of the pinentry binaries upon installation, s...
XLI, Xloadimage: Buffer overflow
Background XLI and Xloadimage are X11 image manipulation utilities. Description When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and...
cURL: NTLM username stack overflow
Background cURL is a command line tool and library for transferring files via many different protocols. It supports NTLM authentication to retrieve files from Windows-based systems. Description iDEFENSE reported that insufficient bounds checking on a memcpy of the supplied NTLM username can resul...
Lynx: Buffer overflow in NNTP processing
Background Lynx is a text-mode browser for the World Wide Web. It supports multiple URL types, including HTTP and NNTP URLs. Description When accessing a NNTP URL, Lynx connects to a NNTP server and retrieves information about the available articles in the target newsgroup. Ulf Harnhammar...
util-linux: umount command validation error
Background util-linux is a suite of useful Linux programs including umount, a program used to unmount filesystems. Description When a regular user mounts a filesystem, they are subject to restrictions in the /etc/fstab configuration file. David Watson discovered that when unmounting a filesystem...
Adobe Reader: Buffer Overflow
Background Adobe Reader is a utility used to view PDF files. Description A buffer overflow has been reported within a core application plug-in, which is part of Adobe Reader. Impact An attacker may create a specially-crafted PDF file, enticing a user to open it. This could trigger a buffer overfl...
fetchmail: Buffer Overflow
Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Impac...
libextractor: Multiple overflow vulnerabilities
Background libextractor is a library used to extract meta-data from files. It makes use of Xpdf code to extract information from PDF files. Description Xpdf is vulnerable to multiple overflows, as described in GLSA 200501-28. Also, integer overflows were discovered in Real and PNG extractors...
phpBB: Cross-Site Scripting Vulnerability
Background phpBB is an Open Source bulletin board package. Description phpBB is vulnerable to a cross-site scripting vulnerability due to improper sanitization of user supplied input. Coupled with poor validation of BBCode URLs which may be included in a forum post, an unsuspecting user may follo...
JunkBuster: Multiple vulnerabilities
Background JunkBuster is a filtering HTTP proxy, designed to enhance privacy and remove unwanted content. Description James Ranson reported a vulnerability when JunkBuster is configured to run in single-threaded mode, an attacker can modify the referrer setting by getting a victim to request a...
Sylpheed, Sylpheed-claws: Message reply overflow
Background Sylpheed is a lightweight email client and newsreader. Sylpheed-claws is a 'bleeding edge' version of Sylpheed. Description Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Impact An attacker can send an email...
phpWebSite: Arbitrary PHP execution and path disclosure
Background phpWebSite provides a complete web site content management system. Description NST discovered that, when submitting an announcement, uploaded files aren't correctly checked for malicious code. They also found out that phpWebSite is vulnerable to a path disclosure. Impact A remote...
MediaWiki: Multiple vulnerabilities
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code doe...
Squid: Multiple vulnerabilities
Background Squid is a full-featured Web proxy cache designed to run on Unix systems. It supports proxying and caching of HTTP, FTP, and other URLs, as well as SSL support, cache hierarchies, transparent caching, access control lists and many other features. Description Squid contains a...
mit-krb5: Heap overflow in libkadm5srv
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description The MIT Kerberos 5 administration library libkadm5srv contains a heap overflow in the code handling password changing. Impact Under specific...
TWiki: Arbitrary command execution
Background TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser. Description The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the...
X.Org, XFree86: libXpm vulnerabilities
Background libXpm is a pixmap manipulation library for the X Window System, included in both X.Org and XFree86. Description Several issues were discovered in libXpm, including integer overflows, out-of-bounds memory accesses, insecure path traversal and an endless loop. Impact An attacker could...
OpenSSL, Groff: Insecure tempfile handling
Background OpenSSL is a toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols as well as a general-purpose cryptography library. It includes the derchop script, which is used to convert DER-encoded certificates to PEM format. Groff GNU Troff is a typesetting package...
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Jim Paris has discovered a cross-site scripting...
MIT krb5: Insecure temporary file use in send-pr.sh
Background MIT krb5 is the free implementation of the Kerberos network authentication protocol written by the Massachusetts Institute of Technology. Description The send-pr.sh script creates temporary files in world-writeable directories with predictable names. Impact A local attacker could creat...
OpenOffice.org: Temporary files disclosure
Background OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. Description On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When ...
phpMyAdmin: Vulnerability in MIME-based transformation system
Background phpMyAdmin is a popular web-based MySQL administration tool written in PHP. It allows users to browse and administer a MySQL database from a web-browser. Transformations are a phpMyAdmin feature allowing plug-ins to rewrite the contents of any column seen in phpMyAdmin's Browsing mode,...
Samba: Denial of Service vulnerabilities
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. smbd and nmbd are two daemons used by the Samba server. Description There is a defect in smbd's ASN.1 parsing. A bad packet received during t...
Webmin, Usermin: Multiple vulnerabilities in Usermin
Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also...
MySQL: Insecure temporary file creation in mysqlhotcopy
Background MySQL is a popular open-source multi-threaded, multi-user SQL database server. Description Jeroen van Wolffelaar discovered that the MySQL database hot copy utility mysqlhotcopy.sh, when using the scp method, uses temporary files with predictable names. A malicious local user with writ...
rsync: Directory traversal in rsync daemon
Background rsync is a utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. rsyncd is the rsync daemon, which listens to connections from rsync clients. Description When rsyncd is used...
Buffer overflow in Subversion
Background Subversion is a version control system intended to eventually replace CVS. Like CVS, it has an optional client-server architecture where the server can be an Apache server running modsvn, or an ssh program as in CVS's :ext: method. In addition to supporting the features found in CVS,...
Pound format string vulnerability
Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description A format string flaw in the processing of syslog messages was discovered and...
ClamAV RAR Archive Remote Denial Of Service Vulnerability
Background From http://www.clamav.net/ : "Clam AntiVirus is a GPL anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for...
Roundcube: Multiple Vulnerabilities
Background Free and open source webmail software for the masses, written in PHP. Description Multiple vulnerabilities have been discovered in Roundcube. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround Ther...
HashiCorp Consul: Multiple Vulnerabilities
Background HashiCorp Consul is a tool for service discovery, monitoring and configuration. Description Multiple vulnerabilities have been discovered in HashiCorp Consul. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
Bundler: Multiple Vulnerabilities
Background Bundler provides a consistent environment for Ruby projects by tracking and installing the exact gems and versions that are needed. Description Multiple vulnerabilities have been discovered in Bundler. Please review the CVE identifiers referenced below for details. Impact Please review...
ExifTool: Multiple vulnerabilities
Background ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files. Description Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for...
cryptography: Multiple Vulnerabilities
Background cryptography is a package which provides cryptographic recipes and primitives to Python developers. Description Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE...
GNU Emacs, Org Mode: Multiple Vulnerabilities
Background GNU Emacs is a highly extensible and customizable text editor. Description Multiple vulnerabilities have been discovered in GNU Emacs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no...
Mozilla Thunderbird: Multiple Vulnerabilities
Background Mozilla Thunderbird is a popular open-source email client from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for...
Mozilla Firefox: Multiple Vulnerabilities
Background Mozilla Firefox is a popular open-source web browser from the Mozilla project. Description Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details...
GNU Aspell: Heap Buffer Overflow
Background GNU Aspell is a popular spell-checker. Dictionaries are available for many languages. Description Multiple vulnerabilities have been discovered in GNU Aspell. Please review the CVE identifiers referenced below for details. Impact GNU Aspell has a heap-based buffer overflow in...
OpenJDK: Multiple Vulnerabilities
Background OpenJDK is an open source implementation of the Java programming language. Description Multiple vulnerabilities have been discovered in OpenJDK. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround...
FAAD2: Multiple Vulnerabilities
Background FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder. Description Multiple vulnerabilities have been discovered in FAAD2. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known...
AtomicParsley: Multiple Vulnerabilities
Background AtomicParsley is a command line program for manipulating iTunes-style metadata in MPEG4 files. Description Multiple vulnerabilities have been discovered in AtomicParsley. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers...
X.Org X Server: Privilege escalation
Background The X Window System is a graphical windowing system based on a client/server model. Description It was discovered that X.Org X Server did not sufficiently check the length of the XInput extension’s ChangeFeedbackControl request. Impact An authorized attacker could possibly escalate...
mailx: Multiple vulnerabilities
Background A utility program for sending and receiving mail, also known as a Mail User Agent program. Description Multiple vulnerabilities have been discovered in mailx. Please review the CVE identifiers referenced below for details. Impact A remote attacker could execute arbitrary commands...
PLIB: User-assisted execution of arbitrary code
Background PLIB includes sound effects, music, a complete 3D engine, font rendering, a simple Windowing library, a game scripting language, a GUI, networking, 3D math library and a collection of handy utility functions. Description A stack-based buffer overflow within the error function of...