3816 matches found
AWStats: Remote execution of arbitrary code
Background AWStats is an advanced log file analyzer and statistics generator. Description Hendrik Weimer has found that if updating the statistics via the web frontend is enabled, it is possible to inject arbitrary code via a pipe character in the "migrate" parameter. Additionally, r0t has...
Dia: Format string vulnerabilities
Background Dia is a GTK+ based diagram creation program. Description KaDaL-X discovered a format string error within the handling of filenames. Hans de Goede also discovered several other format string errors in the processing of dia files. Impact By enticing a user to open a specially crafted...
Tor: Several vulnerabilities
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description Some integer overflows exist when adding elements to the smartlists. Non-printable characters received from the network are not properly sanitised before...
Pound: HTTP request smuggling
Background Pound is a reverse proxy, load balancer and HTTPS front-end. It allows to distribute the load on several web servers and offers a SSL wrapper for web servers that do not support SSL directly. Description Pound fails to handle HTTP requests with conflicting "Content-Length" and...
shadow: Privilege escalation
Background shadow provides a set of utilities to deal with user accounts. Description When the mailbox is created in useradd, the "open" function does not receive the three arguments it expects while OCREAT is present, which leads to random permissions on the created file, before fchmod is...
CherryPy: Directory traversal vulnerability
Background CherryPy is a Python-based, object-oriented web development framework. Description Ivo van der Wijk discovered that the "staticfilter" component of CherryPy fails to sanitize input correctly. Impact An attacker could exploit this flaw to obtain arbitrary files from the web server...
libTIFF: Multiple vulnerabilities
Background libTIFF provides support for reading and manipulating TIFF images. Description Multiple vulnerabilities, ranging from integer overflows and NULL pointer dereferences to double frees, were reported in libTIFF. Impact An attacker could exploit these vulnerabilities by enticing a user to...
libextractor: Two heap-based buffer overflows
Background libextractor is a library used to extract metadata from arbitrary files. Description Luigi Auriemma has found two heap-based buffer overflows in libextractor 0.5.13 and earlier: one of them occurs in the asfreadheader function in the ASF plugin, and the other occurs in the parsetrakato...
Quagga Routing Suite: Multiple vulnerabilities
Background The Quagga Routing Suite implements three major routing protocols: RIP v1/v2/v3, OSPF v2/v3 and BGP4. Description Konstantin V. Gavrilenko discovered two flaws in the Routing Information Protocol RIP daemon that allow the processing of RIP v1 packets carrying no authentication even whe...
MySQL: Information leakage
Background MySQL is a popular multi-threaded, multi-user SQL database server. Description The processing of the COMTABLEDUMP command by a MySQL server fails to properly validate packets that arrive from the client via a network socket. Impact By crafting specific malicious packets an attacker cou...
Quake 3 engine based games: Buffer Overflow
Background Quake 3 is a multiplayer first person shooter. Description landser discovered a vulnerability within the "remapShader" command. Due to a boundary handling error in "remapShader", there is a possibility of a buffer overflow. Impact An attacker could set up a malicious game server and...
pdnsd: Denial of Service and potential arbitrary code execution
Background pdnsd is a proxy DNS server with permanent caching that is designed to cope with unreachable DNS servers. Description The pdnsd team has discovered an unspecified buffer overflow vulnerability. The PROTOS DNS Test Suite, by the Oulu University Secure Programming Group OUSPG, has also...
Ruby: Denial of service
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. It comes bundled with HTTP "WEBrick" and XMLRPC server objects. Description Ruby uses blocking sockets for WEBrick and XMLRPC servers. Impact An attacker could send large amounts of data to an...
PHP: Multiple vulnerabilities
Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were discovered on PHP4 and PHP5 by Infigo, Tonu Samuel and Maksymilian Arciemowicz. These included a buffer overflow...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description Several vulnerabilities were found and fixed in Mozilla Thunderbird. Impact A remote attacker could craft malicious emails that would leverage these issues to inject and execute arbitrary scrip...
Nagios: Buffer overflow
Background Nagios is an open source host, service and network monitoring program. Description Sebastian Krahmer of the SuSE security team discovered a buffer overflow vulnerability in the handling of a negative HTTP Content-Length header. Impact A buffer overflow in Nagios CGI scripts under certa...
Mozilla Firefox: Potential remote code execution
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Martijn Wargers and Nick Mott discovered a vulnerability when rendering malformed JavaScript content. The Mozilla Firefox 1.0 line is not affected. Impact If JavaScript is enabled, by tricking a us...
rsync: Potential integer overflow
Background rsync is a server and client utility that provides fast incremental file transfers. It is used to efficiently synchronize files between hosts and is used by emerge to fetch Gentoo's Portage tree. Description An integer overflow was found in the receivexattr function from the extended...
ClamAV: Buffer overflow in Freshclam
Background ClamAV is a GPL virus scanner. Freshclam is a utility to download virus signature updates. Description Ulf Harnhammar and an anonymous German researcher discovered that Freshclam fails to check the size of the header data returned by a webserver. Impact By enticing a user to connect to...
phpWebSite: Local file inclusion
Background phpWebSite provides a complete web site content management system. Description rgod has reported that the "hubdir" parameter in "index.php" isn't properly verified. When "magicquotesgpc" is disabled, this can be exploited to include arbitrary files from local ressources. Impact If...
X.Org: Buffer overflow in XRender extension
Background X.Org is X.Org Foundation's public implementation of the X Window System. Description X.Org miscalculates the size of a buffer in the XRender extension. Impact An X.Org user could exploit this issue to make the X server execute arbitrary code with elevated privileges. Workaround There ...
MPlayer: Heap-based buffer overflow
Background MPlayer is a media player that supports many multimedia file types. Description Xfocus Team discovered multiple integer overflows that may lead to a heap-based buffer overflow. Impact An attacker could entice a user to play a specially crafted multimedia file, potentially resulting in...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Description Several vulnerabilities were found in Mozilla Suite. Version 1.7.13 was released to fix them. Impact A remote attacker could craft malicious web pages or emails that would leverage...
Ethereal: Multiple vulnerabilities in protocol dissectors
Background Ethereal is a feature-rich network protocol analyzer. Description Coverity discovered numerous vulnerabilities in versions of Ethereal prior to 0.99.0, including: buffer overflows in the ALCAP CVE-2006-1934, COPS CVE-2006-1935 and telnet CVE-2006-1936 dissectors. buffer overflows in th...
xine-ui: Format string vulnerabilities
Background xine-ui is a skin-based user interface for xine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Ludwig Nussel discovered that xine-ui incorrectly implements formatted printing. Impact By constructing a...
xine-lib: Buffer overflow vulnerability
Background xine-lib is the xine core engine. xine is a free multimedia player. It plays CDs, DVDs, and VCDs, and can also decode other common multimedia formats. Description Federico L. Bossi Bonin discovered that when handling MPEG streams xine-lib fails to make a proper boundary check of the...
Dia: Arbitrary code execution through XFig import
Background Dia is a GTK+ based diagram creation program. Description infamous41md discovered multiple buffer overflows in Dia's XFig file import plugin. Impact By enticing a user to import a specially crafted XFig file into Dia, an attacker could exploit this issue to execute arbitrary code with...
fbida: Insecure temporary file creation
Background fbida is a collection of image viewers and editors for the framebuffer console and X11. Description Jan Braun has discovered that the "fbgs" script provided by fbida insecurely creates temporary files in the "/var/tmp" directory. Impact A local attacker could create links in the...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description Several vulnerabilities were found in Mozilla Firefox. Versions 1.0.8 and 1.5.0.2 were released to fix them. Impact A remote attacker could craft malicious web pages that would leverage these issue...
Crossfire server: Denial of Service and potential arbitrary code execution
Background Crossfire is a cooperative multiplayer graphical adventure and role-playing game. The Crossfire game server allows various compatible clients to connect to participate in a cooperative game. Description Luigi Auriemma discovered a vulnerability in the Crossfire game server, in the...
Cyrus-SASL: DIGEST-MD5 Pre-Authentication Denial of service
Background Cyrus-SASL is an implementation of the Simple Authentication and Security Layer. Description Cyrus-SASL contains an unspecified vulnerability in the DIGEST-MD5 process that could lead to a Denial of Service. Impact An attacker could possibly exploit this vulnerability by sending...
zgv, xzgv: Heap overflow
Background xzgv and zgv are picture viewing utilities with a thumbnail based file selector. Description Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space...
libapreq2: Denial of Service vulnerability
Background libapreq is a shared library with associated modules for manipulating client request data via the Apache API. Description A vulnerability has been reported in the apreqparseheaders and apreqparseurlencoded functions of Apache2::Request. Impact A remote attacker could possibly exploit t...
Cacti: Multiple vulnerabilities in included ADOdb
Background Cacti is a complete web-based frontend to rrdtool. ADOdb is a PHP-based database abstraction layer which is included in Cacti. Description Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation...
ClamAV: Multiple vulnerabilities
Background ClamAV is a GPL virus scanner. Description ClamAV contains format string vulnerabilities in the logging code CVE-2006-1615. Furthermore Damian Put discovered an integer overflow in ClamAV's PE header parser CVE-2006-1614 and David Luyer discovered that ClamAV can be tricked into...
Doomsday: Format string vulnerability
Background Doomsday is a modern gaming engine for popular ID games like Doom, Heretic and Hexen. Description Luigi Auriemma discovered that Doomsday incorrectly implements formatted printing. Impact A remote attacker could exploit these vulnerabilities to execute arbitrary code with the rights of...
Kaffeine: Buffer overflow
Background Kaffeine is a graphical front-end for the xine-lib multimedia library. Description Kaffeine uses an unchecked buffer when fetching remote RAM playlists via HTTP. Impact A remote attacker could entice a user to play a specially-crafted RAM playlist resulting in the execution of arbitrar...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...
FreeRADIUS: Authentication bypass in EAP-MSCHAPv2 module
Background FreeRADIUS is an open source RADIUS authentication server implementation. Description FreeRADIUS suffers from insufficient input validation in the EAP-MSCHAPv2 state machine. Impact An attacker could cause the server to bypass authentication checks by manipulating the EAP-MSCHAPv2 clie...
Horde Application Framework: Remote code execution
Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Jan Schneider of the Horde team discovered a vulnerability in the...
bsd-games: Local privilege escalation in tetris-bsd
Background bsd-games is a collection of NetBSD games ported to Linux. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that the checkscores function in scores.c reads in the data from the /var/games/tetris-bsd.scores file without validation, rendering it vulnerable to...
OpenOffice.org: Heap overflow in included libcurl
Background OpenOffice.org is an office productivity suite, including word processing, spreadsheet, presentation, data charting, formula editing and file conversion facilities. libcurl, which is included in OpenOffice.org, is a free and easy-to-use client-side library for transferring files with U...
RealPlayer: Buffer overflow vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a buffer overflow when processing malicious SWF files. Impact By enticing a user to open a specially crafted SWF file an attacker could execute arbitrary code...
NetHack, Slash'EM, Falcon's Eye: Local privilege escalation
Background NetHack is the classic single player dungeon exploration game. Slash'EM and Falcon's Eye are NetHack variants. Description NetHack, Slash'EM and Falcon's Eye have been found to be incompatible with the system used for managing games on Gentoo Linux. As a result, they cannot be played...
Sendmail: Race condition in the handling of asynchronous signals
Background Sendmail is a popular mail transfer agent MTA. Description ISS discovered that Sendmail is vulnerable to a race condition in the handling of asynchronous signals. Impact An attacker could exploit this via certain crafted timing conditions. Workaround There is no known workaround at thi...
PHP: Format string and XSS vulnerabilities
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run on a web server with the modphp module or the CGI version and also stand-alone in a CLI. Description Stefan Esser of the Hardened PHP project has reported a few vulnerabilities found i...
Pngcrush: Buffer overflow
Background Pngcrush is an optimizer for PNG files. Description Carsten Lohrke of Gentoo Linux reported that Pngcrush contains a vulnerable version of zlib GLSA 200507-19. Impact By creating a specially crafted data stream, attackers can overwrite data structures for applications that use Pngcrush...
PeerCast: Buffer overflow
Background PeerCast is a Peer to Peer broadcasting technology for listening to radio and watching video on the Internet. Description INFIGO discovered a problem in the URL handling code. Buffers that are allocated on the stack can be overflowed inside of nextCGIarg function. Impact By sending a...
Macromedia Flash Player: Arbitrary code execution
Background The Macromedia Flash Player is a renderer for the popular SWF filetype which is commonly used to provide interactive websites, digital experiences and mobile content. Description The Macromedia Flash Player contains multiple unspecified vulnerabilities. Impact An attacker serving a...
cURL/libcurl: Buffer overflow in the handling of TFTP URLs
Background cURL is a command line tool for transferring files with URL syntax, supporting numerous protocols. libcurl is the corresponding client-side library. Description Ulf Harnhammar reported a possible buffer overflow in the handling of TFTP URLs in libcurl due to the lack of boundary checks...