3816 matches found
Xpdf, Kpdf, GPdf: Denial of Service vulnerability
Background Xpdf, Kpdf and GPdf are PDF file viewers that run under the X Window System. Kpdf and GPdf both contain Xpdf code. Kpdf is also part of kdegraphics. Description Xpdf, Kpdf and GPdf do not handle a broken table of embedded TrueType fonts correctly. After detecting such a table, Xpdf, Kp...
Gaim: Remote execution of arbitrary code
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Brandon Perry discovered that Gaim is vulnerable to a heap-based buffer overflow when handling away messages CAN-2005-2103. Furthermore, Daniel Atallah discovered a...
Heartbeat: Insecure temporary file creation
Background Heartbeat is a component of the High-Availability Linux project. It it used to perform death-of-node detection, communications and cluster management. Description Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Impact A local...
Netpbm: Arbitrary code execution in pstopnm
Background Netpbm is a package of 220 graphics programs and a programming libraries, including pstopnm. pstopnm is a tool which converts PostScript files to PNM image files. Description Max Vozeler reported that pstopnm calls the GhostScript interpreter on untrusted PostScript files without...
nbSMTP: Format string vulnerability
Background nbSMTP is an SMTP client suitable to run in chroot jails, in embedded systems, laptops and workstations. Description Niels Heinen discovered a format string vulnerability. Impact An attacker can setup a malicious SMTP server and exploit this vulnerability to execute arbitrary code with...
ProFTPD: Format string vulnerabilities
Background ProFTPD is a configurable GPL-licensed FTP server software. Description "infamous42md" reported that ProFTPD is vulnerable to format string vulnerabilities when displaying a shutdown message containing the name of the current directory, and when displaying response messages to the clie...
Compress::Zlib: Buffer overflow
Background The Compress::Zlib is a Perl module which provides an interface to the zlib compression library. Description Compress::Zlib 1.34 contains a local vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers ca...
pstotext: Remote execution of arbitrary code
Background pstotext is a program that works with GhostScript to extract plain text from PostScript and PDF files. Description Max Vozeler reported that pstotext calls the GhostScript interpreter on untrusted PostScript files without specifying the -dSAFER option. Impact An attacker could craft a...
AMD64 x86 emulation base libraries: Buffer overflow
Background The x86 emulation base libraries for AMD64 emulate the x86 32-bit architecture on the AMD64 64-bit architecture. Description Earlier versions of emul-linux-x86-baselibs contain a vulnerable version of zlib, which may lead to a buffer overflow. Impact By creating a specially crafted...
Ethereal: Multiple vulnerabilities
Background Ethereal is a feature-rich network protocol analyzer. Description There are numerous vulnerabilities in versions of Ethereal prior to 0.10.12, including: The SMB dissector could overflow a buffer or exhaust memory CAN-2005-2365. iDEFENSE discovered that several dissectors are vulnerabl...
GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library
Background GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications created to support Gadu Gadu instant messaging protocol. libgadu is a library that implements the client side of the Gadu-Gadu protocol. Description GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an...
Mozilla Suite: Multiple vulnerabilities
Background The Mozilla Suite is an all-in-one Internet application suite including a web browser, an advanced e-mail and newsgroup client, IRC client and HTML editor. Description The following vulnerabilities were found and fixed in the Mozilla Suite: "mozbugra4" and "shutdown" discovered that th...
Clam AntiVirus: Integer overflows
Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Neel Mehta and Alex Wheeler discovered that Clam...
fetchmail: Buffer Overflow
Background fetchmail is a utility that retrieves and forwards mail from remote systems using IMAP, POP, and other protocols. Description fetchmail does not properly validate UIDs coming from a POP3 mail server. The UID is placed in a fixed length buffer on the stack, which can be overflown. Impac...
Kopete: Vulnerability in included Gadu library
Background KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete also part of kdenetwork is the KDE Instant Messenger. Description Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in...
sandbox: Insecure temporary file handling
Background sandbox is a Gentoo Linux utility used by the Portage package management system. Description The Gentoo Linux Security Audit Team discovered that the sandbox utility was vulnerable to multiple TOCTOU Time of Check, Time of Use file creation race conditions. Impact Local users may be ab...
zlib: Buffer overflow
Background zlib is a widely used free and patent unencumbered data compression library. Description zlib improperly handles invalid data streams which could lead to a buffer overflow. Impact By creating a specially crafted compressed data stream, attackers can overwrite data structures for...
Shorewall: Security policy bypass
Background Shorewall is a high level tool for configuring Netfilter, the firewall facility included in the Linux Kernel. Description Shorewall fails to enforce security policies if configured with "MACLISTDISPOSITION" set to "ACCEPT" or "MACLISTTTL" set to a value greater or equal to 0. Impact A...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to escape a parameter in the page move template correctly. Impact By enticing a user to visit a specially crafted URL, a remote attacker could exploit this vulnerability to...
Mozilla Thunderbird: Multiple vulnerabilities
Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: "mozbugra4" and "shutdown" discovered that Thunderbird was improperly cloning base objects MFSA 2005-56. "mozbugra4"...
Mozilla Firefox: Multiple vulnerabilities
Background Mozilla Firefox is the next-generation web browser from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Firefox: "mozbugra4" and "shutdown" discovered that Firefox was improperly cloning base objects MFSA 2005-56. Michael Krax reported tha...
dhcpcd: Denial of Service vulnerability
Background dhcpcd is a standards compliant DHCP client daemon. It requests an IP address and other information from the DHCP server, automatically configures the network interface, and tries to renew the lease time. Description infamous42md discovered that dhcpcd can be tricked to read past the e...
PHP: Script injection through XML-RPC
Background PHP is a general-purpose scripting language widely used to develop web-based applications. It can run inside a web server using the modphp module or the CGI version of PHP, or can run stand-alone in a CLI. Description James Bercegay has discovered that the XML-RPC implementation in PHP...
pam_ldap and nss_ldap: Plain text authentication leak
Background pamldap is a Pluggable Authentication Module which allows authentication against an LDAP directory. nssldap is a Name Service Switch module which allows 'passwd', 'group' and 'host' database information to be pulled from LDAP. TLS is Transport Layer Security, a protocol that allows...
Bugzilla: Unauthorized access and information disclosure
Background Bugzilla is a web-based bug-tracking system used by many projects. Description Bugzilla allows any user to modify the flags of any bug CAN-2005-2173. Bugzilla inserts bugs into the database before marking them as private, in connection with MySQL replication this could lead to a race...
MIT Kerberos 5: Multiple vulnerabilities
Background MIT Kerberos 5 is the free implementation of the Kerberos network authentication protocol by the Massachusetts Institute of Technology. Description Daniel Wachdorf discovered that MIT Kerberos 5 could corrupt the heap by freeing unallocated memory when receiving a special TCP request...
Ruby: Arbitrary command execution through XML-RPC
Background Ruby is an interpreted scripting language for quick and easy object-oriented programming. XML-RPC is a remote procedure call protocol encoded in XML. Description Nobuhiro IMAI reported that an invalid default value in "utils.rb" causes the security protections of the XML-RPC server to...
Adobe Acrobat Reader: Buffer overflow vulnerability
Background Adobe Acrobat Reader is a utility used to view PDF files. Description A buffer overflow has been discovered in the UnixAppOpenFilePerform function, which is called when Adobe Acrobat Reader tries to open a file with the "\Filespec" tag. Impact By enticing a user to open a specially...
phpGroupWare, eGroupWare: PHP script injection vulnerability
Background phpGroupWare and eGroupWare are web based collaboration software suites. Description The XML-RPC implementations of phpGroupWare and eGroupWare fail to sanitize input sent to the XML-RPC server using the "POST" method. Impact A remote attacker could exploit the XML-RPC vulnerability to...
phpWebSite: Multiple vulnerabilities
Background phpWebSite is a content management system written in PHP. Description phpWebSite fails to sanitize input sent to the XML-RPC server using the "POST" method. Other unspecified vulnerabilities have been discovered by Diabolic Crab of Hackers Center. Impact A remote attacker could exploit...
RealPlayer: Heap overflow vulnerability
Background RealPlayer is a multimedia player capable of handling multiple multimedia file formats. Description RealPlayer is vulnerable to a heap overflow when opening RealMedia files which make use of RealText. Impact By enticing a user to play a specially crafted RealMedia file an attacker coul...
zlib: Buffer overflow
Background zlib is a widely used free and patent unencumbered data compression library. Description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a buffer overflow in zlib. A bounds checking operation failed to take invalid data into account, allowing a specifically malformed...
TikiWiki: Arbitrary command execution through XML-RPC
Background TikiWiki is a web-based groupware and content management system CMS, using PHP, ADOdb and Smarty. TikiWiki includes vulnerable PHP XML-RPC code. Description TikiWiki is vulnerable to arbitrary command execution as described in GLSA 200507-01. Impact A remote attacker could exploit this...
phpBB: Arbitrary command execution
Background phpBB is an Open Source bulletin board package. Description Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code. Impact Successful exploitation would grant an attacker unrestricted access to the PHP exec or system functions, allowing the execution of...
WordPress: Multiple vulnerabilities
Background WordPress is a PHP and MySQL based content management and publishing system. Description James Bercegay of the GulfTech Security Research Team discovered that WordPress insufficiently checks data passed to the XML-RPC server. He also discovered that WordPress has several cross-site...
PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Background The PEAR XML-RPC and phpxmlrpc libraries are both PHP implementations of the XML-RPC protocol. Description James Bercegay of GulfTech Security Research discovered that the PEAR XML-RPC and phpxmlrpc libraries fail to sanatize input sent using the "POST" method. Impact A remote attacker...
Heimdal: Buffer overflow vulnerabilities
Background Heimdal is a free implementation of Kerberos 5 that includes a telnetd server. Description It has been reported that the "getterminaltype" function of Heimdal's telnetd server is vulnerable to buffer overflows. Impact An attacker could exploit this vulnerability to execute arbitrary co...
Clam AntiVirus: Denial of Service vulnerability
Background Clam AntiVirus is a GPL anti-virus toolkit, designed for integration with mail servers to perform attachment scanning. Clam AntiVirus also provides a command line scanner and a tool for fetching updates of the virus database. Description Andrew Toller and Stefan Kanthak discovered that...
sudo: Arbitrary command execution
Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...
Trac: File upload vulnerability
Background Trac is a minimalistic web-based project management, wiki and bug tracking system including a Subversion interface. Description Stefan Esser of the Hardened-PHP project discovered that Trac fails to validate the "id" parameter when uploading attachments to the wiki or the bug tracking...
Cacti: Several vulnerabilities
Background Cacti is a complete web-based frontend to rrdtool. Description Cacti fails to properly sanitize input which can lead to SQL injection, authentication bypass as well as PHP file inclusion. Impact An attacker could potentially exploit the file inclusion to execute arbitrary code with the...
SquirrelMail: Several XSS vulnerabilities
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail is vulnerable to several cross-site scripting issues, most reported by Martijn Brinkers. Impact By enticing a user to read a specially-crafted e-mail or using a manipulated...
Tor: Information disclosure
Background Tor is an implementation of second generation Onion Routing, a connection-oriented anonymizing communication service. Description A bug in Tor allows attackers to view arbitrary memory contents from an exit server's process space. Impact A remote attacker could exploit the memory...
SpamAssassin 3, Vipul's Razor: Denial of Service vulnerability
Background SpamAssassin is an extensible email filter which is used to identify junk email. Vipul's Razor is a client for a distributed, collaborative spam detection and filtering network. Description SpamAssassin and Vipul's Razor contain a Denial of Service vulnerability when handling special...
cpio: Directory traversal vulnerability
Background cpio is a file archival tool which can also read and write tar files. Description A vulnerability has been found in cpio that can potentially allow a cpio archive to extract its files to an arbitrary directory of the creator's choice. Impact An attacker could create a malicious cpio...
Sun and Blackdown Java: Applet privilege escalation
Background Sun and Blackdown both provide implementations of the Java Development Kit JDK and Java Runtime Environment JRE. Description Both Sun's and Blackdown's JDK and JRE may allow untrusted applets to elevate privileges. Impact A remote attacker could embed a malicious Java applet in a web...
PeerCast: Format string vulnerability
Background PeerCast is a media streaming system based on P2P technology. Description James Bercegay of the GulfTech Security Research Team discovered that PeerCast insecurely implements formatted printing when receiving a request with a malformed URL. Impact A remote attacker could exploit this...
webapp-config: Insecure temporary file handling
Background webapp-config is a Gentoo Linux utility to help manage the installation of web-based applications. Description Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact Successful exploitation of t...
MediaWiki: Cross-site scripting vulnerability
Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki incorrectly handles page template inclusions, rendering it vulnerable to cross-site scripting attacks. Impact A remote attacker could exploit this vulnerability to inject malicious...
Gaim: Denial of Service vulnerabilities
Background Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols. Description Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer code when being offered files with names containing non-ASCII characters CAN-2005-1269. Hugo de...