Mantis: Cross-Site Scripting

Background Mantis is a web-based bug tracking system. Description seiji reported that the filename for the uploaded file in bugreport.php is not properly sanitised before being stored. Impact A remote attacker could upload a file with a specially crafted to a bug report, resulting in the executio...

Adobe Acrobat Reader: Multiple vulnerabilities

Background Adobe Acrobat Reader is a PDF reader released by Adobe. Description Multiple vulnerabilities have been discovered in Adobe Acrobat Reader, including: A file disclosure when using file:// in PDF documents CVE-2007-1199 Multiple buffer overflows in unspecified Javascript methods...

Audacity: Insecure temporary file creation

Background Audacity is a free cross-platform audio editor. Description Viktor Griph reported that the "AudacityApp::OnInit" method in file src/AudacityApp.cpp does not handle temporary files properly. Impact A local attacker could exploit this vulnerability to conduct symlink attacks to delete...

Firebird: Multiple vulnerabilities

Background Firebird is a multi-platform, open source relational database. Description Firebird does not properly handle certain types of XDR requests, resulting in an integer overflow CVE-2008-0387. Furthermore, it is vulnerable to a buffer overflow when processing usernames CVE-2008-0467. Impact...

Asterisk: Multiple vulnerabilities

Background Asterisk is an open source telephony engine and tool kit. Description Multiple vulnerabilities have been found in Asterisk: Russel Bryant reported a stack buffer overflow in the IAX2 channel driver chaniax2 when bridging calls between chaniax2 and any channel driver that uses RTP for...

xine-lib: User-assisted execution of arbitrary code

Background xine-lib is the core library package for the xine media player. Description Damian Frizza and Alfredo Ortega Core Security Technologies discovered a stack-based buffer overflow within the openflacfile function in the file demuxflac.c when parsing tags within a FLAC file CVE-2008-0486. ...

Python: PCRE Integer overflow

Background Python is an interpreted, interactive, object-oriented programming language. Description Python 2.3 includes a copy of PCRE which is vulnerable to an integer overflow vulnerability, leading to a buffer overflow. Impact An attacker could exploit the vulnerability by tricking a vulnerabl...

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description An integer overflow has been reported in the "cliscanpe" function in file libclamav/pe.c CVE-2008-0318. Another unspecified vulnerability has been reported in fil...

Boost: Denial of service

Background Boost is a set of C++ libraries, including the Boost.Regex library to process regular expressions. Description Tavis Ormandy and Will Drewry from the Google Security Team reported a failed assertion in file regex/v4/perlmatchernonrecursive.hpp CVE-2008-0171 and a NULL pointer dereferen...

Pulseaudio: Privilege escalation

Background Pulseaudio is a networked sound server with an advanced plugin system. Description Marcus Meissner from SUSE reported that the padroproot function does not properly check the return value of the system calls setuid, seteuid, setresuid and setreuid when dropping its privileges. Impact A...

Gnumeric: User-assisted execution of arbitrary code

Background The Gnumeric spreadsheet is a versatile application developed as part of the GNOME Office project. Description Multiple integer overflow and signedness errors have been reported in the excelreadHLINK function in file plugins/excel/ms-excel-read.c when processing XLS HLINK opcodes. Impa...

scponly: Multiple vulnerabilities

Background scponly is a shell for restricting user access to file transfer only using sftp and scp. Description Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner CVE-2007-6350. It has also been discovered that scponly does not filter the -o and ...

Gallery: Multiple vulnerabilities

Background Gallery is a web-based application for creating and viewing photo albums. Description The Gallery developement team reported and fixed critical vulnerabilities during an internal audit CVE-2007-6685, CVE-2007-6686, CVE-2007-6687, CVE-2007-6688, CVE-2007-6689, CVE-2007-6690,...

Horde IMP: Security bypass

Background Horde IMP provides a web-based access to IMAP and POP3 mailboxes. Description Ulf Harnhammar, Secunia Research discovered that the "frame" and "frameset" HTML tags are not properly filtered out. He also reported that certain HTTP requests are executed without being checked. Impact A...

Doomsday: Multiple vulnerabilities

Background The Doomsday Engine deng is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered multiple buffer overflows in the DNetPlayerEvent function, the MsgWrite function and the NetSvReadCommands function. He also discovered errors whe...

SDL_image: Two buffer overflow vulnerabilities

Background SDLimage is an image file library that loads images as SDL surfaces, and supports various formats like BMP, GIF, JPEG, LBM, PCX, PNG, PNM, TGA, TIFF, XCF, XPM, and XV. Description The LWZReadByte function in file IMGgif.c and the IMGLoadLBMRW function in file IMGlbm.c each contain a...

Xdg-Utils: Arbitrary command execution

Background Xdg-Utils is a set of tools allowing all applications to easily integrate with the Free Desktop configuration. Description Miroslav Lichvar discovered that the "xdg-open" and "xdg-email" shell scripts do not properly sanitize their input before processing it. Impact A remote attacker...

libxml2: Denial of service

Background libxml2 is the XML eXtended Markup Language C parser and toolkit initially developed for the Gnome project. Description Brad Fitzpatrick reported that the xmlCurrentChar function does not properly handle some UTF-8 multibyte encodings. Impact A remote attacker could entice a user to op...

PeerCast: Buffer overflow

Background PeerCast is a client and server for P2P-radio network Description Luigi Auriemma reported a heap-based buffer overflow within the "handshakeHTTP" function when processing HTTP requests. Impact A remote attacker could send a specially crafted request to the vulnerable server, possibly...

Kazehakase: Multiple vulnerabilities

Background Kazehakase is a web browser based on the Gecko engine. Description Kazehakase includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities GLSA 200711-30. Impact A remote attacker could entice a user to open specially crafted input e.g...

GOffice: Multiple vulnerabilities

Background GOffice is a library of document-centric objects and utilities based on GTK. Description GOffice includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory corruptions vulnerabilities GLSA 200711-30. Impact An attacker could entice a user to open specially...

Netkit FTP Server: Denial of service

Background net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support. Description Venustech AD-LAB discovered that an FTP client connected to a vulnerable server with passive mode and SSL support can trigger an fclose function call on an uninitialized stream in ftpd.c. Impact A...

MaraDNS: CNAME Denial of service

Background MaraDNS is a package that implements the Domain Name Service DNS with resolver and caching ability. Description Michael Krieger reported that a specially crafted DNS could prevent an authoritative canonical name CNAME record from being resolved because of an "improper rotation of...

PostgreSQL: Multiple vulnerabilities

Background PostgreSQL is an open source object-relational database management system. Description If using the "expression indexes" feature, PostgreSQL executes index functions as the superuser during VACUUM and ANALYZE instead of the table owner, and allows SET ROLE and SET SESSION AUTHORIZATION...

xine-lib: User-assisted execution of arbitrary code

Background xine-lib is the core library package for the xine media player. Description Luigi Auriemma reported that xine-lib does not properly check boundaries when processing SDP attributes of RTSP streams, leading to heap-based buffer overflows. Impact An attacker could entice a user to play...

ngIRCd: Denial of service

Background ngIRCd is a free open source daemon for Internet Relay Chat IRC. Description The IRCPART function in the file irc-channel.c does not properly check the number of parameters, referencing an invalid pointer if no channel is supplied. Impact A remote attacker can exploit this vulnerabilit...

CherryPy: Directory traversal vulnerability

Background CherryPy is a Python-based, object-oriented web development framework. Description CherryPy does not sanitize the session id, provided as a cookie value, in the FileSession.getfilepath function before using it as part of the file name. Impact A remote attacker could exploit this...

Blam: User-assisted execution of arbitrary code

Background Blam is an RSS and Atom feed reader for GNOME written in C. Description The "/usr/bin/blam" script sets the "LDLIBRARYPATH" environment variable incorrectly, which might result in the current working directory . being included when searching for dynamically linked libraries of the Mono...

TikiWiki: Multiple vulnerabilities

Background TikiWiki is an open source content management system written in PHP. Description Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the "movies" parameter in file tiki-listmovies.php CVE-2007-6528. Mesut Timur from H-Labs discovered that the input passed to th...

Adobe Flash Player: Multiple vulnerabilities

Background The Adobe Flash Player is a renderer for the popular SWF file format, which is commonly used to provide interactive websites, digital experiences and mobile content. Description Flash contains a copy of PCRE which is vulnerable to a heap-based buffer overflow GLSA 200711-30,...

libcdio: User-assisted execution of arbitrary code

Background libcdio is a library for accessing CD-ROM and CD images. Description Devon Miller reported a boundary error in the "printiso9660recurse" function in files cd-info.c and iso-info.c when processing long filenames within Joliet images. Impact A remote attacker could entice a user to open ...

X.Org X server and Xfont library: Multiple vulnerabilities

Background The X Window System is a graphical windowing system based on a client/server model. Description regenrecht reported multiple vulnerabilities in various X server extension via iDefense: The XFree86-Misc extension does not properly sanitize a parameter within a PassMessage request,...

OpenAFS: Denial of service

Background OpenAFS is a distributed network filesystem. Description Russ Allbery, Jeffrey Altman, Dan Hyde and Thomas Mueller discovered a race condition due to an improper handling of the clients callbacks lists. Impact A remote attacker could construct cases which trigger the race condition,...

unp: Arbitrary command execution

Background unp is a script for unpacking various file formats. Description Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact A remote attacker could entice a user or automated system to unpack a compressed archive...

R: Multiple vulnerabilities

Background R is a GPL licensed implementation of S, a language and environment for statistical computing and graphics. PCRE is a library providing functions for Perl-compatible regular expressions. Description R includes a copy of PCRE which is vulnerable to multiple buffer overflows and memory...

Xfce: Multiple vulnerabilities

Background Xfce is a GTK+ 2 based desktop environment that allows to run a modern desktop environment on modest hardware. Description Gregory Andersen reported that the Xfce4 panel does not correctly calculate memory boundaries, leading to a stack-based buffer overflow in the...

Squid: Denial of service

Background Squid is a multi-protocol proxy server. Description The Wikimedia Foundation reported a memory leak vulnerability when performing cache updates. Impact A remote attacker could perform numerous specially crafted requests to the vulnerable server, resulting in a Denial of Service...

Claws Mail: Insecure temporary file creation

Background Claws Mail is a GTK based e-mail client. Description Nico Golde from Debian reported that the sylprint.pl script that is part of the Claws Mail tools creates temporary files in an insecure manner. Impact A local attacker could exploit this vulnerability to conduct symlink attacks to...

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...

AMD64 x86 emulation GTK+ library: User-assisted execution of arbitrary code

Background Cairo is a 2D vector graphics library with cross-device output support. The AMD64 x86 emulation GTK+ library packages Cairo libraries for 32bit x86 emulation on AMD64. Description The Cairo versions used by the AMD64 x86 emulation GTK+ libraries were vulnerable to integer overflow...

Opera: Multiple vulnerabilities

Background Opera is a fast Web browser that is available free of charge. Description David Bloom reported two vulnerabilities where plug-ins CVE-2007-6520 and Rich text editing CVE-2007-6522 could be used to allow cross domain scripting. Alexander Klink Cynops GmbH discovered an issue with TLS...

OpenOffice.org: User-assisted arbitrary code execution

Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description The HSQLDB engine, as used in Openoffice.org, does not properly enforce restrictions to...

ClamAV: Multiple vulnerabilities

Background Clam AntiVirus is a free anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. Description iDefense reported an integer overflow vulnerability in the cliscanpe function when parsing Portable Executable PE files packed in the MEW format, that could be...

Mozilla Firefox, SeaMonkey: Multiple vulnerabilities

Background Mozilla Firefox is a cross-platform web browser from Mozilla. SeaMonkey is a free, cross-platform Internet suite. Description Jesse Ruderman and Petko D. Petkov reported that the jar protocol handler in Mozilla Firefox and Seamonkey does not properly check MIME types CVE-2007-5947...

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...

Multi-Threaded DAAP Daemon: Multiple vulnerabilities

Background Multi-Threaded DAAP Daemon mt-daapd, also known as the Firefly Media Server, is a software to serve digital music to the Roku Soundbridge and Apple's iTunes. Description nnp discovered multiple vulnerabilities in the XML-RPC handler in the file webserver.c. The wsaddarg function contai...

Syslog-ng: Denial of service

Background Syslog-ng is a flexible and scalable system logger. Description Oriol Carreras reported a NULL pointer dereference in the logmsgparse function when processing timestamps without a terminating whitespace character. Impact A remote attacker could send a specially crafted event to a...

Exiv2: Integer overflow

Background Exiv2 is a C++ library and set of tools for parsing, editing and saving Exif and IPTC metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer...

exiftags: Multiple vulnerabilities

Background exiftags is a library and set of tools for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered that Exif metadata i...

CUPS: Multiple vulnerabilities

Background CUPS provides a portable printing layer for UNIX-based operating systems. The alternate pdftops filter is a CUPS filter used to convert PDF files to the Postscript format via Poppler; the filter is installed by default in Gentoo Linux. Description Wei Wang McAfee AVERT Research...