3816 matches found
x11vnc: Authentication bypass in included LibVNCServer code
Background x11vnc provides VNC servers for X displays. Description x11vnc includes vulnerable LibVNCServer code, which fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None" GLSA-200608-05. x11vnc will accept this security type, ev...
pike: SQL injection vulnerability
Background Pike is a general purpose programming language, able to be used for multiple tasks. Description Some input is not properly sanitised before being used in a SQL statement in the underlying PostgreSQL database. Impact A remote attacker could provide malicious input to a pike program, whi...
MySQL: Denial of service
Background MySQL is a popular multi-threaded, multi-user SQL server. Description Jean-David Maillefer discovered a format string vulnerability in time.cc where MySQL fails to properly handle specially formatted user input to the dateformat function. Impact By specifying a format string as the fir...
Webmin, Usermin: File Disclosure
Background Webmin is a web-based interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description A vulnerability in both Webmin and Usermin has been discovered by Kenny Chen, wherein simplifypath is called...
GnuPG: Integer overflow vulnerability
Background The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of cryptographic software. Description Evgeny Legerov discovered a vulnerability in GnuPG that when certain packets are handled an integer overflow may occur. Impact By sending a specially crafted email to a user...
LibVNCServer: Authentication bypass
Background LibVNCServer is a GPL'ed library for creating VNC servers. Description LibVNCServer fails to properly validate protocol types effectively letting users decide what protocol to use, such as "Type 1 - None". LibVNCServer will accept this security type, even if it is not offered by the...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF images. Description Tavis Ormandy of the Google Security Team discovered several heap and stack buffer overflows and other flaws in libTIFF. The affected parts include the TIFFFetchShortPair, TIFFScanLineSize and...
Courier MTA: Denial of Service vulnerability
Background Courier MTA is an integrated mail and groupware server based on open protocols. Description Courier MTA has fixed a security issue relating to usernames containing the "=" character, causing high CPU utilization. Impact An attacker could exploit this vulnerability by sending a speciall...
Mozilla SeaMonkey: Multiple vulnerabilities
Background The Mozilla SeaMonkey project is a community effort to deliver production-quality releases of code derived from the application formerly known as "Mozilla Application Suite". Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is a redesign of the Mozilla Navigator component. The goal is to produce a cross-platform stand-alone browser application. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that chrome URL's could be made to reference remote file...
Mozilla Thunderbird: Multiple vulnerabilities
Background The Mozilla Thunderbird mail client is a redesign of the Mozilla Mail component. The goal is to produce a cross-platform stand-alone mail application using XUL XML User Interface Language. Description The following vulnerabilities have been reported: Benjamin Smedberg discovered that...
Apache: Off-by-one flaw in mod_rewrite
Background The Apache HTTP server is one of the most popular web servers on the Internet. The Apache module modrewrite provides a rule-based engine to rewrite requested URLs on the fly. Description An off-by-one flaw has been found in Apache's modrewrite module by Mark Dowd of McAfee Avert Labs...
Audacious: Multiple heap and buffer overflows
Background Audacious is a media player that has been forked from Beep Media Player. Description Luigi Auriemma has found that the adplug library fails to verify the size of the destination buffers in the unpacking instructions, resulting in various possible heap and buffer overflows. Impact An...
OpenOffice.org: Multiple vulnerabilities
Background OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities. Description Internal security audits by OpenOffice.org have discovered three security vulnerabiliti...
TunePimp: Buffer overflow
Background The TunePimp library also referred to as libtunepimp is a development library geared towards developers who wish to create MusicBrainz enabled tagging applications. Description Kevin Kofler has reported a vulnerability where three stack variables are allocated with 255, 255 and 100 byt...
Samba: Denial of Service vulnerability
Background Samba is a freely available SMB/CIFS implementation which allows seamless interoperability of file and print services to other SMB/CIFS clients. Description During an internal audit the Samba team discovered that a flaw in the way Samba stores share connection requests could lead to a...
Wireshark: Multiple vulnerabilities
Background Wireshark, formerly known as Ethereal, is a popular network protocol analyzer. Description Wireshark dissectors have been found vulnerable to a large number of exploits, including off-by-one errors, buffer overflows, format string overflows and an infinite loop. Impact Running an...
GIMP: Buffer overflow
Background GIMP is the GNU Image Manipulation Program. XCF is the native image file format used by GIMP. Description Henning Makholm discovered that the "xcfloadvector" function is vulnerable to a buffer overflow when loading a XCF file with a large "numaxes" value. Impact An attacker could explo...
xine-lib: Buffer overflow
Background xine-lib is the core library of xine, a multimedia player. Description There is a stack based overflow in the libmms library included with xine-lib which can be triggered by malicious use of the sendcommand, stringutf16, getdata and getmediapacket functions. Impact A remote attacker...
libpng: Buffer overflow
Background libpng is an open, extensible image format library, with lossless compression. Description In pngrutil.c, the function pngdecompresschunk allocates insufficient space for an error message, potentially overwriting stack data, leading to a buffer overflow. Impact By enticing a user to lo...
SHOUTcast server: Multiple vulnerabilities
Background SHOUTcast server is a streaming audio server. Description The SHOUTcast server is vulnerable to a file disclosure when the server receives a specially crafted GET request. Furthermore it also fails to sanitize the input passed to the "Description", "URL", "Genre", "AIM", and "ICQ"...
PostgreSQL: SQL injection
Background PostgreSQL is an open source object-relational database management system. Description PostgreSQL contains a flaw in the string parsing routines that allows certain backslash-escaped characters to be bypassed with some multibyte character encodings. This vulnerability was discovered by...
libTIFF: Multiple buffer overflows
Background libTIFF provides support for reading and manipulating TIFF images. Description A buffer overflow has been found in the t2pwritepdfstring function in tiff2pdf, which can been triggered with a TIFF file containing a DocumentName tag with UTF-8 characters. An additional buffer overflow ha...
FreeType: Multiple integer overflows
Background FreeType is a portable font engine. Description Multiple integer overflows exist in a variety of files bdf/bdflib.c, sfnt/ttcmap.c, cff/cffgload.c, base/ftmac.c. Impact A remote attacker could exploit these buffer overflows by enticing a user to load a specially crafted font, which cou...
mpg123: Heap overflow
Background mpg123 is a real time audio player designed for the MPEG format. Description In httpdget.c, a variable is assigned to the heap, and is supposed to receive a smaller allocation. As this variable was not terminated properly, strncpy will overwrite the data assigned next in memory. Impact...
Kiax: Arbitrary code execution
Background Kiax is a graphical softphone supporting the IAX protocol Inter Asterisk eXchange, which allows PC users to make VoIP calls to Asterisk servers. Description The iaxnetread function in the iaxclient library fails to properly handle IAX2 packets with truncated full frames or mini-frames...
Horde Web Application Framework: XSS vulnerability
Background The Horde Web Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME, and more. Description Michael Marek discovered that the Horde Web Application...
Tikiwiki: SQL injection and multiple XSS vulnerabilities
Background Tikiwiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. Description Tikiwiki fails to properly sanitize user input before processing it, including in SQL statements. Impact An attacker could execute arbitrary SQL statements on the underlying...
Mutt: Buffer overflow
Background Mutt is a small but very powerful text-based mail client. Description TAKAHASHI Tamotsu has discovered that Mutt contains a boundary error in the "browsegetnamespace" function in browse.c, which can be triggered when receiving an overly long namespace from an IMAP server. Impact A...
EnergyMech: Denial of service
Background EnergyMech is an IRC bot programmed in C. Description A bug in EnergyMech fails to handle empty CTCP NOTICEs correctly, and will cause a crash from a segmentation fault. Impact By sending an empty CTCP NOTICE, a remote attacker could exploit this vulnerability to cause a Denial of...
Hashcash: Possible heap overflow
Background Hashcash is a utility for generating Hashcash tokens, a proof-of-work system to reduce the impact of spam. Description Andreas Seltenreich has reported a possible heap overflow in the arraypush function in hashcash.c, as a result of an incorrect amount of allocated memory for the "ARRA...
wv2: Integer overflow
Background wv2 is a filter library for Microsoft Word files, used in many Office suites. Description A boundary checking error was found in wv2, which could lead to an integer overflow. Impact An attacker could execute arbitrary code with the rights of the user running the program that uses the...
KDM: Symlink vulnerability
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. KDM is the KDE Display Manager and is part of the kdebase package. Description Ludwig Nussel discovered that KDM could be tricked into allowing users to read files that would otherwise not be...
aRts: Privilege escalation
Background aRts is a real time modular system for synthesizing audio used by KDE. artswrapper is a helper application used to start the aRts daemon. Description artswrapper fails to properly check whether it can drop privileges accordingly if setuid fails due to a user exceeding assigned resource...
Typespeed: Remote execution of arbitrary code
Background Typespeed is a game to test and practice 10-finger-typing. Network code allows two users to compete head-to-head. Description Niko Tyni discovered a buffer overflow in the addnewword function of Typespeed's network code. Impact By sending specially crafted network packets to a machine...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. For details, please consult the references below. Impact A remote attacker could craft malicious emails that would leverage...
PAM-MySQL: Multiple vulnerabilities
Background PAM-MySQL is a PAM module used to authenticate users against a MySQL backend. Description A flaw in handling the result of pamgetitem as well as further unspecified flaws were discovered in PAM-MySQL. Impact By exploiting the mentioned flaws an attacker can cause a Denial of Service an...
Sendmail: Denial of service
Background Sendmail is a popular mail transfer agent MTA. Description Frank Sheiness discovered that the mime8to7 function can recurse endlessly during the decoding of multipart MIME messages until the stack of the process is filled and the process crashes. Impact By sending specially crafted...
OpenLDAP: Buffer overflow
Background OpenLDAP is a suite of LDAP-related applications and development tools. It includes slapd the standalone LDAP server, slurpd the standalone LDAP replication server, various LDAP libraries, utilities and example clients. Description slurpd contains a buffer overflow when reading very lo...
Asterisk: IAX2 video frame buffer overflow
Background Asterisk is an open source implementation of a telephone private branch exchange PBX. Description Asterisk fails to properly check the length of truncated video frames in the IAX2 channel driver which results in a buffer overflow. Impact An attacker could exploit this vulnerability by...
DokuWiki: PHP code injection
Background DokuWiki is a simple to use wiki targeted at developer teams, workgroups and small companies. Description Stefan Esser discovered that the DokuWiki spell checker fails to properly sanitize PHP's "complex curly syntax". Impact A unauthenticated remote attacker may execute arbitrary PHP...
GDM: Privilege escalation
Background GDM is the GNOME display manager. Description GDM allows a normal user to access the configuration manager. Impact When the "face browser" in GDM is enabled, a normal user can use the "configure login manager" with his/her own password instead of the root password, and thus gain...
MySQL: SQL Injection
Background MySQL is a popular multi-threaded, multi-user SQL server. Description MySQL is vulnerable to an injection flaw in mysqlrealescape when used with multi-byte characters. Impact Due to a flaw in the multi-byte character process, an attacker is still able to inject arbitary SQL statements...
SpamAssassin: Execution of arbitrary code
Background SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin. Description When spamd is run with both the "--vpopmail" -v and "--paranoid" -P options, it is vulnerable to an unspecified issue. Impact With certain configuration...
JPEG library: Denial of service
Background The JPEG library is able to load, handle and manipulate images in the JPEG format. Description Tavis Ormandy of the Gentoo Linux Auditing Team discovered that the vulnerable JPEG library ebuilds compile JPEG without the --maxmem feature which is not recommended. Impact By enticing a us...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact By enticing the user to visit a malicious website, a remote attacker can...
Cscope: Many buffer overflows
Background Cscope is a developer's tool for browsing source code. Description Cscope does not verify the length of file names sourced in include statements. Impact A user could be enticed to source a carefully crafted file which will allow the attacker to execute arbitrary code with the permissio...
WordPress: Arbitrary command execution
Background WordPress is a PHP and MySQL based content management and publishing system. Description rgod discovered that WordPress insufficiently checks the format of cached username data. Impact An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially...
Vixie Cron: Privilege Escalation
Background Vixie Cron is a command scheduler with extended syntax over cron. Description Roman Veretelnikov discovered that Vixie Cron fails to properly check whether it can drop privileges accordingly if setuid in docommand.c fails due to a user exceeding assigned resource limits. Impact Local...
shadow: Privilege escalation
Background shadow provides a set of utilities to deal with user accounts. Description When the mailbox is created in useradd, the "open" function does not receive the three arguments it expects while OCREAT is present, which leads to random permissions on the created file, before fchmod is...