Getsocial, S.A. Security Vulnerabilities

Mandrake Linux Security Advisory : hylafax (MDKSA-2001:041)

A problem exists with the HylaFAX program, hfaxd. When hfaxd tries to change it's queue directory and fails, it prints an error message via syslog by directly passing user-supplied data as the format string. If hfaxd is installed setuid root, this behaviour can be exploited to gain root access...

Mandrake Linux Security Advisory : sgml-tools (MDKSA-2001:030-1)

Insecure handling of temporary file permissions can lead to other users on a multi-user system being able to read the documents being converted. This is due to sgml-tools creating temporary files without any special permissions. The updated packages create a secure temporary directory first, which....

Mandrake Linux Security Advisory : eperl (MDKSA-2001:027)

Several potential buffer overflows in the ePerl package have been found by Fumitoshi Ukai and Denis Barbier. When eperl is installed setuid root, it can switch to the UID/GID of the script's owner. Although Linux-Mandrake does not ship the program setuid root, this is a useful feature which some...

Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)

A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the...

Mandriva Linux Security Advisory : squid (MDVSA-2011:193)

A vulnerability has been discovered and corrected in squid : The idnsGrokReply function in Squid before 3.1.16 does not properly free memory, which allows remote attackers to cause a denial of service (daemon abort) via a DNS reply containing a CNAME record that references another CNAME record...

Mandriva Linux Security Advisory : pidgin (MDVSA-2012:029)

Multiple vulnerabilities has been discovered and corrected in pidgin : The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin before 2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by changing a nickname while in an XMPP chat...

Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:123)

A Security issue was identified and fixed in libreoffice : Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially crafted file in the Open Document Format for Office Applications (ODF) format which...

Mandriva Linux Security Advisory : python-django (MDVSA-2012:143)

Multiple vulnerabilities has been discovered and corrected in python-django : The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which might allow remote...

Mandriva Linux Security Advisory : libxml2 (MDVSA-2012:126)

A vulnerability was found and corrected in libxml2 : Multiple integer overflows in libxml2, on 64-bit Linux platforms allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors (CVE-2012-2807). The updated packages have been patched to correct....

Mandriva Linux Security Advisory : wireshark (MDVSA-2012:125)

Multiple vulnerabilities was found and corrected in Wireshark : It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file (CVE-2012-4048). It may be possible to make Wireshark consume excessive CPU...

Mandriva Linux Security Advisory : freeradius (MDVSA-2012:047)

A vulnerability has been found and corrected in freeradius : The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when OCSP is enabled, does not properly parse replies from OCSP responders, which allows remote attackers to bypass authentication by using the EAP-TLS protocol with a...

Mandriva Linux Security Advisory : libreoffice (MDVSA-2012:063)

An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had.....

Mandriva Linux Security Advisory : krb5 (MDVSA-2012:120)

A vulnerability has been discovered and corrected in krb5 : The MIT krb5 KDC (Key Distribution Center) daemon can free an uninitialized pointer while processing an unusual AS-REQ, corrupting the process heap and possibly causing the daemon to abnormally terminate. An attacker could use this...

Mandriva Linux Security Advisory : glibc (MDVSA-2011:179)

Multiple vulnerabilities was discovered and fixed in glibc : The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this...

Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:078)

Multiple vulnerabilities has been found and corrected in imagemagick : A flaw was found in the way ImageMagick processed images with malformed Exchangeable image file format (Exif) metadata. An attacker could create a specially crafted image file that, when opened by a victim, would cause...

Mandriva Linux Security Advisory : libgdata (MDVSA-2012:111)

A vulnerability has been discovered and corrected in libgdata : It was found that previously libgdata, a GLib-based library for accessing online service APIs using the GData protocol, did not perform SSL certificates validation even for secured connections. An application, linked against the...

Mandrake Linux Security Advisory : nmh (MDKSA-2000:000)

The nmh package contains a security bug in MIME headers parsing which can be exploited to trick mhshow into executing arbitrary shell...

Mandriva Linux Security Advisory : openldap (MDVSA-2012:130)

A vulnerability was found and corrected in openldap : slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an LDAP search query with attrsOnly set to true, which causes empty attributes to be returned (CVE-2012-1164). The...

Mandrake Linux Security Advisory : tcsh (MDKSA-2000:069)

A vulnerability exists with tcsh when using the in-here documents with the << syntax. When doing this, tcsh uses a temporary file to store the data. Unfortunately, the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary...

Mandrake Linux Security Advisory : gnupg (MDKSA-2000:063-1)

A problem exists in all versions of GnuPG prior to and including 1.0.3. Because of this problem, GnuPG may report files which have been signed with multiple keys (one or more of which may be incorrect) to be valid even if one of the signatures is in fact valid. Update : The previous packages...

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:139)

Multiple vulnerabilities has been discovered and corrected in postgresql : Prevent access to external files/URLs via contrib/xml2's xslt_process() (Peter Eisentraut). libxslt offers the ability to read and write both files and URLs through stylesheet commands, thus allowing unprivileged database...

Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2011:142)

Security issues were identified and fixed in mozilla firefox and thunderbird : Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote.....

Mandrake Linux Security Advisory : licq (MDKSA-2001:032-1)

Versions of Licq prior to 1.0.3 have a vulnerability involving the way Licq parses received URLs. The received URLs are passed to the web browser without any sanity checking by using the system() function. Because of the lack of checks on the URL, remote attackers can pipe other commands with the.....

Mandriva Linux Security Advisory : wireshark (MDVSA-2011:138)

This advisory updates wireshark to the latest version (1.6.2), fixing several security issues : The proto_tree_add_item function in Wireshark 1.6.1, when the IKEv1 protocol dissector is used, allows user-assisted remote attackers to cause a denial of service (infinite loop) via vectors involving a....

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:076)

Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote...

Mandriva Linux Security Advisory : openjpeg (MDVSA-2012:104)

Multiple vulnerabilities has been discovered and corrected in openjpeg : OpenJPEG allocated insufficient memory when encoding JPEG 2000 files from input images that have certain color depths. A remote attacker could provide a specially crafted image file that, when opened in an application linked.....

Mandriva Linux Security Advisory : krb5 (MDVSA-2012:102)

A vulnerability has been discovered and corrected in krb5 : Fix a kadmind denial of service issue (NULL pointer dereference), which could only be triggered by an administrator with the create privilege (CVE-2012-1013). The updated packages have been patched to correct this...

Mandriva Linux Security Advisory : libtiff (MDVSA-2012:101)

Multiple vulnerabilities has been discovered and corrected in libtiff : libtiff did not properly convert between signed and unsigned integer values, leading to a buffer overflow. An attacker could use this flaw to create a specially crafted TIFF file that, when opened, would cause an application...

Mandriva Linux Security Advisory : rsyslog (MDVSA-2012:100)

A vulnerability has been discovered and corrected in rsyslog : An integer signedness error, leading to heap based buffer overflow was found in the way the imfile module of rsyslog, an enhanced system logging and kernel message trapping daemon, processed text files larger than 64 KB. When the...

Mandriva Linux Security Advisory : mozilla (MDVSA-2012:088-1)

Security issues were identified and fixed in mozilla firefox and thunderbird : Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before...

Mandriva Linux Security Advisory : libxml2 (MDVSA-2012:098)

A vulnerability has been discovered and corrected in libxml2 : An Off-by-one error in libxml2 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors (CVE-2011-3102). The updated packages have been patched to correct.....

Mandriva Linux Security Advisory : net-snmp (MDVSA-2012:099)

A vulnerability has been discovered and corrected in net-snmp : An array index error, leading to out-of heap-based buffer read flaw was found in the way net-snmp agent performed entries lookup in the extension table. When certain MIB subtree was handled by the extend directive, a remote attacker...

Mandriva Linux Security Advisory : java-1.6.0-openjdk (MDVSA-2012:095)

Multiple security issues were identified and fixed in OpenJDK (icedtea6) : S7079902, CVE-2012-1711: Refine CORBA data models S7143617, CVE-2012-1713: Improve fontmanager layout lookup operations S7143614, CVE-2012-1716: SynthLookAndFeel stability improvement S7143606,...

Mandriva Linux Security Advisory : postgresql (MDVSA-2012:092)

Multiple vulnerabilities has been discovered and corrected in postgresql : Fix incorrect password transformation in contrib/pgcrypto's DES crypt() function (Solar Designer). If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be...

Mandriva Linux Security Advisory : php (MDVSA-2012:093)

Multiple vulnerabilities has been identified and fixed in php : There is a programming error in the DES implementation used in crypt() in ext/standard/crypt_freesec.c when handling input which contains characters that can not be represented with 7-bit ASCII. When the input contains characters with....

Societech S.A - SQL Injection Vulnerability

Exploit for php platform in category web...

Societech S.A. SQL Injection

...

Mandriva Linux Security Advisory : bind (MDVSA-2012:089)

A vulnerability was discovered and corrected in bind : ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a...

Mandriva Linux Security Advisory : nut (MDVSA-2012:087)

A vulnerability has been discovered and corrected in nut : Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string...

Mandriva Linux Security Advisory : acpid (MDVSA-2012:086)

A vulnerability has been discovered and corrected in acpid : acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2012:085)

A vulnerability has been discovered and corrected in tomcat5 : Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains.....

Mandriva Linux Security Advisory : ncpfs (MDVSA-2012:084)

Multiple vulnerabilities has been discovered and corrected in ncpfs : ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the /etc/mtab file and (2) ncpumount to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users.....

Mandriva Linux Security Advisory : util-linux (MDVSA-2012:083)

Multiple vulnerabilities has been discovered and corrected in util-linux : mount in util-linux 2.19 and earlier attempts to append to the /etc/mtab.tmp file without first checking whether resource limits would interfere, which allows local users to trigger corruption of the /etc/mtab file via a...

Mandriva Linux Security Advisory : sudo (MDVSA-2012:079)

A vulnerability has been found and corrected in sudo : A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed....

Mandriva Linux Security Advisory : imagemagick (MDVSA-2012:077)

Multiple vulnerabilities has been found and corrected in imagemagick : Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCORE_INSTALLED_SUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working.....

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2012:075)

Multiple vulnerabilities has been found and corrected in ffmpeg : The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote...

Mandriva Linux Security Advisory : openssl (MDVSA-2012:073)

A vulnerability has been found and corrected in openssl : A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can be exploited in a denial of service attack on both clients and servers (CVE-2012-2333). The updated packages have been patched to correct this...

Mandriva Linux Security Advisory : samba (MDVSA-2012:070)

A vulnerability has been found and corrected in samba : A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to a...

Mandriva Linux Security Advisory : cifs-utils (MDVSA-2012:069)

A vulnerability has been found and corrected in cifs-utils : A file existence dislosure flaw was found in the way mount.cifs tool of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS (Common Internet File System) filesystem. A local user, able to mount a remote CIFS share / target to.....

Mandriva Linux Security Advisory : php (MDVSA-2012:068-1)

A vulnerability has been found and corrected in php(-cgi) : PHP-CGI-based setups contain a vulnerability when parsing query string parameters from php files. A remote unauthenticated attacker could obtain sensitive information, cause a denial of service condition or may be able to execute...