Download
| Alert*
|
oval:org.mitre.oval:def:8149
Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when run from a set ... oval:org.mitre.oval:def:7855 Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user's RT session. oval:org.mitre.oval:def:7850 Several local/remote vulnerabilities have been discovered in two of the plugins for the Nagios network monitoring and management system. The Common Vulnerabilities and Exposures project identifies the following problems: A buffer overflow has been discovered in the parser for HTTP Location headers ( ... oval:org.mitre.oval:def:7971 Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. oval:org.mitre.oval:def:7962 A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code. oval:org.mitre.oval:def:7823 It was discovered that several buffer overflows in tcpreen, a tool for monitoring a TCP connection, may lead to denial of service. The old stable distribution (sarge) doesn't contain tcpreen. For the stable distribution (etch), this problem has been fixed in version 1.4.3-0.1etch1. For the unstable ... oval:org.mitre.oval:def:8069 Stefan Cornelius discovered a vulnerability in the Radiance High Dynamic Range (HDR) image parser in Blender, a 3D modelling application. The weakness could enable a stack-based buffer overflow and the execution of arbitrary code if a maliciously-crafted HDR file is opened, or if a directory contain ... oval:org.mitre.oval:def:7764 Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. oval:org.mitre.oval:def:7886 It was discovered that specially crafted regular expressions involving codepoints greater than 255 could cause a buffer overflow in the PCRE library (CVE-2008-0674). oval:org.mitre.oval:def:8178 Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code v ... oval:org.mitre.oval:def:8053 It was discovered that newsx, an NNTP news exchange utility, was affected by a buffer overflow allowing remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period. oval:org.mitre.oval:def:7870 Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: Missing input validation on a user supplied map queryfile name can be ... oval:org.mitre.oval:def:7621 It was discovered that ekg, a console Gadu Gadu client performs insufficient input sanitising in the code to parse contact descriptions, which may result in denial of service. oval:org.mitre.oval:def:7792 Erik Sjoumllund discovered a buffer overflow vulnerability in the Ogg Vorbis input plugin of the alsaplayer audio playback application. Successful exploitation of this vulnerability through the opening of a maliciously crafted Vorbis file could lead to the execution of arbitrary code. oval:org.mitre.oval:def:7785 Several local/remote vulnerabilities have been discovered in the image loading library for the Simple DirectMedia Layer 1.2. The Common Vulnerabilities and Exposures project identifies the following problems: Gynvael Coldwind discovered a buffer overflow in GIF image parsing, which could result in d ... oval:org.mitre.oval:def:7812 It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code. oval:org.mitre.oval:def:8109 Stefan Cornelius discovered two buffer overflows in Imlib"s - a powerful image loading and rendering library - image loaders for PNM and XPM images, which may result in the execution of arbitrary code. oval:org.mitre.oval:def:8229 Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library"s free routine, potentially leading to arbitrary code execution (CVE-2008-0888). oval:org.mitre.oval:def:8216 Multiple buffer overflows involving HTTP header and playlist parsing have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829). For the stable distribution (etch), these problems have been fixed in version 1.61.27-1+etch1. For the unstable distribution (sid) and the testing distribution (l ... oval:org.mitre.oval:def:7926 Several vulnerabilities have been discovered in Enscript, a converter from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities and Exposures project identifies the following problems: Ulf Harnhammer discovered that a buffer overflow may lead to the execution of arbitrary code. Kees Coo ... oval:org.mitre.oval:def:8151 Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714). oval:org.mitre.oval:def:7732 Joachim Breitner discovered that Subversion support in scponly is inherently insecure, allowing execution of arbitrary commands. Further investigation showed that rsync and Unison support suffer from similar issues. This set of issues has been assigned CVE-2007-6350. In addition, it was discovered t ... oval:org.mitre.oval:def:8025 It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. oval:org.mitre.oval:def:8143 It has been discovered that Slash, the Slashdot Like Automated Storytelling Homepage suffers from two vulnerabilities related to insufficient input sanitation, leading to execution of SQL commands (CVE-2008-2231) and cross-site scripting (CVE-2008-2553). oval:org.mitre.oval:def:7735 It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible. oval:org.mitre.oval:def:8016 Roundup, an issue tracking system, fails to properly escape HTML input, allowing an attacker to inject client-side code (typically JavaScript) into a document that may be viewed in the victim's browser. oval:org.mitre.oval:def:8251 "The-0utl4w" discovered that the Kronolith, calendar component for the Horde Framework, didn't properly sanitise URL input, leading to a cross-site scripting vulnerability in the add event screen. oval:org.mitre.oval:def:8252 It was discovered that phpGedView, an application to provide online access to genealogical data, performed insufficient input sanitising on some parameters, making it vulnerable to cross site scripting. oval:org.mitre.oval:def:7834 Several remote vulnerabilities have been discovered in the TYPO3 content management framework. Because of a not sufficiently secure default value of the TYPO3 configuration variable fileDenyPattern, authenticated backend users could upload files that allowed to execute arbitrary code as the webserve ... oval:org.mitre.oval:def:7712 Peter Huumlwe and Hanno Bouml ck discovered that Serendipity, a weblog manager, did not properly sanitise input to several scripts which allowed cross site scripting. The old stable distribution (sarge) does not contain a serendipity package. oval:org.mitre.oval:def:7703 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: The Backend subcomponent allows remote authenticated users to determine an encryption key via crafted input to a form ... oval:org.mitre.oval:def:8066 It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. The oldstable distribution (etch), t ... oval:org.mitre.oval:def:7694 Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities (CVE-2008-0808, CVE-2008-0809). The old stable distribution (sarge) did not contain an ikiwiki package. oval:org.mitre.oval:def:7579 Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting vulnerability in the export page allow for an attacker that can place crafted cookies w ... oval:org.mitre.oval:def:8083 Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that imp4 suffers from a cross-site scripting (XSS) attack via the user field in an IMAP session, which ... oval:org.mitre.oval:def:7939 Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution. Various cross site scripting issues in the Moodle codebase (CVE-2008-3326, CVE-2008-3325, ... oval:org.mitre.oval:def:8102 Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the information stored in the log tables was not properly sanitized, which could allow attackers to i ... oval:org.mitre.oval:def:8223 Masako Oono discovered that phpMyAdmin, a web-based administration interface for MySQL, insufficiently sanitises input allowing a remote attacker to gather sensitive data through cross site scripting, provided that the user uses the Internet Explorer web browser. This update also fixes a regression ... oval:org.mitre.oval:def:8100 Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to condu ... oval:org.mitre.oval:def:7808 Duncan Gilmore discovered that yarssr, an RSS aggregator and reader, performs insufficient input sanitising, which could result in the execution of arbitrary shell commands if a malformed feed is read. Due to a technical limitation of the archive management scripts, the fix for the old stable distri ... oval:org.mitre.oval:def:8213 It was discovered that php-mail, a PHP PEAR module for sending email, has insufficient input sanitising, which might be used to obtain sensitive data from the system that uses php-mail. oval:org.mitre.oval:def:7916 Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the mim ... oval:org.mitre.oval:def:7911 Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be by ... oval:org.mitre.oval:def:8315 It was discovered that znc, an IRC proxy/bouncer, does not properly sanitize input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands (CVE-2009-0759). oval:org.mitre.oval:def:8312 "unsticky" discovered that b2evolution, a blog engine, performs insufficient input sanitising, allowing for cross site scripting. oval:org.mitre.oval:def:8030 Stephen Gran and Mark Hymers discovered that some scripts run by GForge, a collaborative development tool, open files in write mode in a potentially insecure manner. This may be exploited to overwrite arbitrary files on the local system. oval:org.mitre.oval:def:7964 Dmitry E. Oboukhov discovered that the test.alert script used in one of the alert functions in mon, a system to monitor hosts or services and alert about problems, creates temporary files insecurely, which may lead to a local denial of service through symlink attacks. oval:org.mitre.oval:def:8067 Dmitry E. Oboukhov discovered that the "to-upgrade" plugin of Feta, a simpler interface to APT, dpkg, and other Debian package tools creates temporary files insecurely, which may lead to local denial of service through symlink attacks. oval:org.mitre.oval:def:7521 Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. The oldstable distribution (etch), this problem has been fixed in version 4.5.14-22etch13. oval:org.mitre.oval:def:8173 Luigi Auriemma discovered two buffer overflows in YaSSL, an SSL implementation included in the MySQL database package, which could lead to denial of service and possibly the execution of arbitrary code. The old stable distribution (sarge) doesn't contain mysql-dfsg-5.0. oval:org.mitre.oval:def:7801 Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root pri ... oval:org.mitre.oval:def:8316 Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary filenames, which may lead to a local denial of service through a symlink attack. oval:org.mitre.oval:def:7972 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. Marcus Krause and Michael Stucki from the TYPO3 security team discovered that the jumpUrl mechanism discloses secret hashes enabling a remote attacker to bypass access control by submitting the correct ... oval:org.mitre.oval:def:7977 It was discovered that lighttpd, a fast webserver with minimal memory footprint, would display the source to CGI scripts if their execution failed in some circumstances. oval:org.mitre.oval:def:7897 Julien Cayzac discovered that under certain circumstances lighttpd, a fast webserver with minimal memory footprint, might allow the reading of arbitrary files from the system. This problem could only occur with a non-standard configuration. oval:org.mitre.oval:def:7434 It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the stable distribution (etch), ... oval:org.mitre.oval:def:7818 It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection. oval:org.mitre.oval:def:7924 Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via ... oval:org.mitre.oval:def:8026 Damian Put discovered a vulnerability in the ClamAV anti-virus toolkit's parsing of Petite-packed Win32 executables. The weakness leads to an invalid memory access, and could enable an attacker to crash clamav by supplying a maliciously crafted Petite-compressed binary for scanning. In some configur ... oval:org.mitre.oval:def:8197 It was discovered that libfishsound, a simple programming interface that wraps Xiph.Org audio codecs, didn't correctly handle negative values in a particular header field. This could allow malicious files to execute arbitrary code. oval:org.mitre.oval:def:7893 Meder Kydyraliev discovered an integer overflow in the thumbnail handling of libexif, the EXIF/IPTC metadata manipulation library, which could result in the execution of arbitrary code. The old stable distribution (sarge) doesn't contain exiv2 packages. oval:org.mitre.oval:def:8059 Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet. oval:org.mitre.oval:def:8291 Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems: Insufficient validation and bounds checking of the Authorization: HTTP header enables a hea ... oval:org.mitre.oval:def:7797 It was discovered that an integer overflow in the "Probe Request" packet parser of the Ralinktech wireless drivers might lead to remote denial of service or the execution of arbitrary code. Please note that you need to rebuild your driver from the source package in order to set this update into effe ... oval:org.mitre.oval:def:8204 Greg MacManus discovered an integer overflow in the font handling of libfreetype, a FreeType 2 font engine, which might lead to denial of service or possibly the execution of arbitrary code if a user is tricked into opening a malformed font. For the old stable distribution (sarge) this problem will ... oval:org.mitre.oval:def:8207 Felipe Andres Manzano discovered that mplayer, a multimedia player, is vulnerable to several integer overflows in the Real video stream demuxing code. These flaws could allow an attacker to cause a denial of service (a crash) or potentially execution of arbitrary code by supplying a maliciously craf ... oval:org.mitre.oval:def:8313 Several local vulnerabilities have been discovered in the X Window system. The Common Vulnerabilities and Exposures project identifies the following problems: Lack of validation of the parameters of the SProcSecurityGenerateAuthorization and SProcRecordCreateContext functions makes it possible for a ... oval:org.mitre.oval:def:8258 Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters. oval:org.mitre.oval:def:8023 It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks (CVE-2009-0260). Another cross-site scripting vulnerability was discovered in the antispam feature (CVE-2009-0312). oval:org.mitre.oval:def:7854 It was discovered that the Horde web application framework permits arbitrary file inclusion by a remote attacker through the theme preference parameter. oval:org.mitre.oval:def:7719 Several remote vulnerabilities have been discovered in phpPgAdmin, a tool to administrate PostgreSQL database over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or ... oval:org.mitre.oval:def:8126 Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a ... oval:org.mitre.oval:def:8241 Will Drewry discovered that Horde allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting. oval:org.mitre.oval:def:8110 Several remote vulnerabilities have been discovered in wordpress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress allows remote authenticated administrato ... oval:org.mitre.oval:def:7891 Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems: A cross-site-scripting vulnerability has been discovered in attachment handling. Access control lists for calendars and inc ... oval:org.mitre.oval:def:8165 Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: Gunnar Wrobel discovered a directory traversal vulnerability, which allows attackers to include and execute arbitrary local file ... oval:org.mitre.oval:def:7998 It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies. The old stable distribution (sarge) doesn't contain python-cherrypy. oval:org.mitre.oval:def:7915 It was discovered that twiki, a web based collaboration platform, didn't properly sanitize the image parameter in its configuration script. This could allow remote users to execute arbitrary commands upon the system, or read any files which were readable by the webserver user. oval:org.mitre.oval:def:8226 It was discovered that eggdrop, an advanced IRC robot, was vulnerable to a buffer overflow which could result in a remote user executing arbitrary code. oval:org.mitre.oval:def:8336 Michael Krieger and Sam Trenholme discovered a programming error in MaraDNS, a simple security-aware Domain Name Service server, which might lead to denial of service through malformed DNS packets. For the old stable distribution (sarge), this problem has been fixed in version 1.0.27-2. For the stab ... oval:org.mitre.oval:def:8203 It was discovered that phpGedView, an application to provide online access to genealogical data, allowed remote attackers to gain administrator privileges due to a programming error. Note: this problem was a fundamental design flaw in the interface (API) to connect phpGedView with external programs ... oval:org.mitre.oval:def:7846 Joseacute Ramoacuten Palanco discovered that a cross site scripting vulnerability in GForge, a collaborative development tool, allows remote attackers to inject arbitrary web script or HTML in the context of a logged in user's session. The old stable distribution (sarge) is not affected by this prob ... oval:org.mitre.oval:def:7894 It was discovered that php-xajax, a library to develop Ajax applications, did not sufficiently sanitise URLs, which allows attackers to perform cross-site scripting attacks by using malicious URLs. For the stable distribution (etch) this problem has been fixed in version 0.2.4-2+etch1. For the testi ... oval:org.mitre.oval:def:7949 r0t discovered that gnatsweb, a web interface to GNU GNATS, did not correctly sanitize the database parameter in the main CGI script. This could allow the injection of arbitrary HTML, or JavaScript code. oval:org.mitre.oval:def:8120 Several local/remote vulnerabilities have been discovered in libarchive1, a single library to read/write tar, cpio, pax, zip, iso9660 archives. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libarchive1 would miscompute the length of a buff ... oval:org.mitre.oval:def:7845 Several remote vulnerabilities have been discovered in WordPress, a weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: Insufficient input sanitising allowed for remote attackers to redirect visitors to external websites. Multiple cross-site scripting ... oval:org.mitre.oval:def:7874 Daniel B. Cid discovered that fail2ban, a tool to block IP addresses that cause login failures, is too liberal about parsing SSH log files, allowing an attacker to block any IP address. The old stable distribution (sarge) doesn't contain fail2ban. For the stable distribution (etch), this problem has ... oval:org.mitre.oval:def:7399 It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL's DSA_verify() function. oval:org.mitre.oval:def:8070 Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user. The old stable distribution (sarge) is not affected by this problem. For the ... oval:org.mitre.oval:def:7776 It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string. oval:org.mitre.oval:def:8172 Oriol Carreras discovered that syslog-ng, a next generation logging daemon can be tricked into dereferencing a NULL pointer through malformed timestamps, which can lead to denial of service and the disguise of an subsequent attack, which would otherwise be logged. The old stable distribution (sarge) ... oval:org.mitre.oval:def:8157 Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user. oval:org.mitre.oval:def:7931 Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337). This update changes PowerDNS to respond with SERVFAIL responses instead. oval:org.mitre.oval:def:8247 Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process. oval:org.mitre.oval:def:8124 Ulf Hauml rnhammar discovered that the HTML filter of the Horde web application framework performed insufficient input sanitising, which may lead to the deletion of emails if a user is tricked into viewing a malformed email inside the Imp client. This update also provides backported bugfixes to the ... oval:org.mitre.oval:def:8049 Peter Paul Elfferich discovered that turba2, a contact management component for horde framework, did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records. oval:org.mitre.oval:def:8040 Anders Kaseorg discovered that afuse, an automounting file system in user-space, did not properly escape meta characters in paths. This allowed a local attacker with read access to the filesystem to execute commands as the owner of the filesystem. oval:org.mitre.oval:def:8095 Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. ... oval:org.mitre.oval:def:7673 Micha Lenk discovered that backup-manager, a command-line backup tool, sends the password as a command line argument when calling a FTP client, which may allow a local attacker to read this password (which provides access to all backed-up files) from the process listing. oval:org.mitre.oval:def:7429 Steve Kemp discovered that hf, an amateur-radio protocol suite using a soundcard as a modem, insecurely tried to execute an external command which could lead to the elevation of privileges for local users. oval:org.mitre.oval:def:8028 Several remote vulnerabilities have been discovered in phpBB, a web based bulletin board. The Common Vulnerabilities and Exposures project identifies the following problems: Private messaging allowed cross site request forgery, making it possible to delete all private messages of a user by sending t ... oval:org.mitre.oval:def:8145 Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitising allowing a user assisted remote attacker to execute code on the webserver. oval:org.mitre.oval:def:7948 Maksymilian Arciemowicz of securityreason.com reported that ProFTPD is vulnerable to cross-site request forgery (CSRF) attacks and executes arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser. oval:org.mitre.oval:def:8072 Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks. It was ... oval:org.mitre.oval:def:8155 Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administrate MySQL databases over the web. The Common Vulnerabilities and Exposures project identifies the following problems: Remote authenticated users could execute arbitrary code on the host running phpMyAdmin through m ... oval:org.mitre.oval:def:8091 Simon Willison discovered that in Django, a Python web framework, the feature to retain HTTP POST data during user reauthentication allowed a remote attacker to perform unauthorized modification of data through cross site request forgery. This is possible regardless of the Django plugin to prevent c ... oval:org.mitre.oval:def:7927 It has been discovered that ikiwiki, a Wiki implementation, does not guard password and content changes against cross-site request forgery (CSRF) attacks. oval:org.mitre.oval:def:8098 Dmitry Levin discovered a vulnerability in path handling code used by the cpio archive utility. The weakness could enable a denial of service (crash) or potentially the execution of arbitrary code if a vulnerable version of cpio is used to extract or to list the contents of a maliciously crafted arc ... oval:org.mitre.oval:def:8054 Prior to this update, the default configuration for Dovecot used by Debian runs the server daemons with group mail privileges. This means that users with write access to their mail directory on the server (for example, through an SSH login) could read and also delete via a symbolic link mailboxes ow ... oval:org.mitre.oval:def:8052 Don Armstrong discovered that ldapscripts, a suite of tools to manipulate user accounts in LDAP, sends the password as a command line argument when calling LDAP programs, which may allow a local attacker to read this password from the process listing. The old stable distribution (sarge) does not con ... oval:org.mitre.oval:def:7486 Chaskiel M Grundman discovered that opensc, a library and utilities to handle smart cards, would initialise smart cards with the Siemens CardOS M4 card operating system without proper access rights. This allowed everyone to change the card's PIN. With this bug anyone can change a user PIN without ha ... oval:org.mitre.oval:def:8031 Chris Howells discovered that policyd-weight, a policy daemon for the Postfix mail transport agent, created its socket in an insecure way, which may be exploited to overwrite or remove arbitrary files from the local system. oval:org.mitre.oval:def:7830 Luigi Auriemma, Alin Rad Pop, Reacute mi Denis-Courmont, Quovodis, Guido Landi, Felipe Manzano, Anibal Sacco and others discovered multiple vulnerabilities in vlc, an application for playback and streaming of audio and video. In the worst case, these weaknesses permit a remote, unauthenticated attac ... oval:org.mitre.oval:def:8013 Several local (remote) vulnerabilities have been discovered in libvorbis, a library for the Vorbis general-purpose compressed audio codec. The Common Vulnerabilities and Exposures project identifies the following problems: libvorbis does not properly handle a zero value which allows remote attackers ... oval:org.mitre.oval:def:7984 It was discovered that libxslt, an XSLT processing runtime library, could be coerced into executing arbitrary code via a buffer overflow when an XSL style sheet file with a long XSLT "transformation match" condition triggered a large number of steps. oval:org.mitre.oval:def:7744 Tavis Ormandy discovered that PCRE, the Perl-Compatible Regular Expression library, may encounter a heap overflow condition when compiling certain regular expressions involving in-pattern options and branches, potentially leading to arbitrary code execution. oval:org.secpod.oval:def:600398 Laurent Almeras and Guillaume Smet have discovered a possible SQL injection vulnerability and cross-site scripting vulnerabilities in gforge, a collaborative development tool. Due to insufficient input sanitising, it was possible to inject arbitrary SQL statements and use several parameters to condu ... oval:org.secpod.oval:def:600399 It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack via the backend parameter. For the oldstable distribution , this problem has been fixed in version 3.0-2+etch1. For the stable distribution , this problem has been fix ... oval:org.mitre.oval:def:7185 It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments or execute arbitrary commands on a system that uses php-net-ping. oval:org.secpod.oval:def:600274 Several vulnerabilities have been found in imp4, a webmail component for the horde framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4182 It was discovered that imp4 suffers from a cross-site scripting attack via the user field in an IMAP sessio ... oval:org.secpod.oval:def:600395 Marek Grzybowski discovered that changetrack, a program to monitor changes to files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters. For the stable distribution , this problem has been f ... oval:org.secpod.oval:def:600269 Several vulnerabilities have been discovered in mapserver, a CGI-based web framework to publish spatial data and interactive mapping applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0843 Missing input validation on a user supplied map queryfi ... oval:org.mitre.oval:def:7168 It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code. Please note that this only affects installations that are configured to use a p ... oval:org.secpod.oval:def:600382 Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn"t check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn"t affect installations that only use the mim ... oval:org.secpod.oval:def:600299 It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack. For the stable distribution , this problem has been fixed in version 1.4. ... oval:org.secpod.oval:def:600291 It was discovered that Lasso, a library for Liberty Alliance and SAML protocols performs incorrect validation of the return value of OpenSSL"s DSA_verify function. For the stable distribution , this problem has been fixed in version 0.6.5-3+etch1. For the upcoming stable distribution and the unstab ... oval:org.secpod.oval:def:600075 Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3237 It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inli ... oval:org.secpod.oval:def:600505 Michael Brooks discovered that phpMyAdmin, a tool to administrate MySQL over the web, performs insufficient input sanitising allowing a user assisted remote attacker to execute code on the webserver. For the stable distribution , this problem has been fixed in version 2.9.1.1-10. For the testing dis ... oval:org.secpod.oval:def:600504 Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0500 It was discovered that the information stored in the log tables was not properly sanitized, which could allow ... oval:org.secpod.oval:def:600409 Paul Szabo discovered that login, the system login tool, did not correctly handle symlinks while setting up tty permissions. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root pri ... oval:org.mitre.oval:def:7190 Stefan Cornelius discovered a buffer overflow in devil, a cross-platform image loading and manipulation toolkit, which could be triggered via a crafted Radiance RGBE file. This could potentially lead to the execution of arbitrary code. oval:org.secpod.oval:def:600406 It was discovered that gforge, collaborative development tool, is prone to a cross-site scripting attack via the helpname parameter. Beside fixing this issue, the update also introduces some additional input sanitising. However, there are no known attack vectors. For the stable distribution , these ... oval:org.secpod.oval:def:600405 Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0932 Gunnar Wrobel discovered a directory traversal vulnerability, which allows attackers to include and execute arbitr ... oval:org.mitre.oval:def:7069 Several vulnerabilities have been found in horde3, the horde web application framework. The Common Vulnerabilities and Exposures project identifies the following problems: It has been discovered that horde3 is prone to cross-site scripting attacks via crafted number preferences or inline MIME text p ... oval:org.secpod.oval:def:600437 Several remote vulnerabilities have been discovered in the zope, a feature-rich web application server written in python, that could lead to arbitrary code execution in the worst case. The Common Vulnerabilities and Exposures project identified the following problems: Due to a programming error an a ... oval:org.secpod.oval:def:600319 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3628 The Backend subcomponent allows remote authenticated users to determine an encryption key via crafted i ... oval:org.secpod.oval:def:600307 It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript streams via papd. This could lead to the execution of arbitrary code. Please note that this only affects installations that are configured to use a p ... oval:org.secpod.oval:def:600428 It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This ... oval:org.secpod.oval:def:600427 Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-3696 Cross-site scripting vulnerability allows remote attackers to inject arbitrary web script or ... oval:org.secpod.oval:def:600429 The previous update introduced a regression in main.php, causing the module to fail. This update corrects the flaw. For reference the original advisory text is below. It was discovered that sork-passwd-h3, a Horde3 module for users to change their password, is prone to a cross-site scripting attack ... oval:org.mitre.oval:def:7206 Two vulnerabilities have been found in lcms, a library and set of commandline utilities for image color management. The Common Vulnerabilities and Exposures project identifies the following problems: Inadequate enforcement of fixed-length buffer limits allows an attacker to overflow a buffer on the ... oval:org.secpod.oval:def:600457 Several local vulnerabilities have been discovered in the PAM module for MIT Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0360 Russ Allbery discovered that the Kerberos PAM module parsed configuration settings from enviromnent variables when ... oval:org.secpod.oval:def:600335 David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expos ... oval:org.secpod.oval:def:600338 It was discovered that GForge, a collaborative development tool, insufficiently sanitises some input allowing a remote attacker to perform SQL injection. For the stable distribution , this problem has been fixed in version 4.5.14-22etch10. For the testing and unstable distribution , this problem ha ... oval:org.secpod.oval:def:600331 Sylvain Beucler discovered that gforge, a collaborative development tool, is prone to a symlink attack, which allows local users to perform a denial of service attack by overwriting arbitrary files. For the stable distribution , this problem has been fixed in version 4.7~rc2-7lenny3. The oldstable d ... oval:org.secpod.oval:def:600451 It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. For the sta ... oval:org.mitre.oval:def:7317 Javier Fernandez-Sanguino Pena discovered that updatejail, a component of the chroot maintenance tool Jailer, creates a predictable temporary file name, which may lead to local denial of service through a symlink attack. oval:org.secpod.oval:def:600445 Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from the official KDE release, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.secpod.oval:def:600443 It was discovered that the AttachFile action in moin, a python clone of WikiWiki, is prone to cross-site scripting attacks . Another cross-site scripting vulnerability was discovered in the antispam feature . For the stable distribution these problems have been fixed in version 1.5.3-1.2etch2. For ... oval:org.secpod.oval:def:600328 Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing a ... oval:org.secpod.oval:def:600449 The previous wordpress update introduced a regression when fixing CVE-2008-4769 due to a function that was not backported with the patch. Please note that this regression only affects the oldstable distribution . For reference the original advisory text follows. Several vulnerabilities have been dis ... oval:org.secpod.oval:def:600355 Several remote vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1150 Cross site scripting vulnerability in the export page allow for an attacker that can place cra ... oval:org.secpod.oval:def:600471 It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments or execute arbitrary commands on a system that uses php-net-ping. For the stable distribution , this problem ... oval:org.mitre.oval:def:6966 It was discovered that firefox-sage, a lightweight RSS and Atom feed reader for Firefox, does not sanitise the RSS feed information correctly, which makes it prone to a cross-site scripting and a cross-domain scripting attack. oval:org.secpod.oval:def:600347 Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1578 Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive sessi ... oval:org.secpod.oval:def:600342 Mikal Gule discovered that request-tracker, an extensible trouble-ticket tracking system, is prone to an attack, where an attacker with access to the same domain can hijack a user"s RT session. For the stable distribution , this problem has been fixed in version 3.6.7-5+lenny3. For the oldstable dis ... oval:org.secpod.oval:def:600466 Stefan Cornelius discovered a buffer overflow in devil, a cross-platform image loading and manipulation toolkit, which could be triggered via a crafted Radiance RGBE file. This could potentially lead to the execution of arbitrary code. For the stable distribution , this problem has been fixed in ver ... oval:org.secpod.oval:def:600465 Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a ... oval:org.secpod.oval:def:600108 It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm. For the oldstable distribution , the problem has been fixed in version 0.9-2+etch1. For the s ... oval:org.mitre.oval:def:7366 It was discovered that roundup, an issue tracker with a command-line, web and email interface, allows users to edit resources in unauthorized ways, including granting themselves admin rights. This update introduces stricter access checks, actually enforcing the configured permissions and roles. This ... oval:org.mitre.oval:def:7244 Adam Zabrocki discovered that under certain circumstances mtr, a full screen ncurses and X11 traceroute tool, could be tricked into executing arbitrary code via overly long reverse DNS records. oval:org.secpod.oval:def:600254 Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execu ... oval:org.mitre.oval:def:6827 It was discovered that ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses ajaxterm. oval:org.secpod.oval:def:600490 The update in DSA 1704-1 was incomplete as it missed to escape a few important characters which enabled an attacker to overwrite arbitrary files. It was discovered that netatalk, an implementation of the AppleTalk suite, is affected by a command injection vulnerability when processing PostScript str ... oval:org.secpod.oval:def:600248 Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1382 Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute ar ... oval:org.secpod.oval:def:600368 It was discovered that an integer overflow in the "Probe Request" packet parser of the Ralinktech wireless drivers might lead to remote denial of service or the execution of arbitrary code. Please note that you need to rebuild your driver from the source package in order to set this update ... oval:org.secpod.oval:def:600364 It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. For the stable distribution , this problem has been ... oval:org.secpod.oval:def:600483 Several remote vulnerabilities have been discovered in the TYPO3 web content management framework. Marcus Krause and Michael Stucki from the TYPO3 security team discovered that the jumpUrl mechanism discloses secret hashes enabling a remote attacker to bypass access control by submitting the correct ... oval:org.mitre.oval:def:7228 It was discovered that a buffer overflow in the GIF image parsing code of Tk, a cross-platform graphical toolkit, could lead to a denial of service and potentially the execution of arbitrary code. oval:org.mitre.oval:def:8237 Several remote vulnerabilities have been discovered in network traffic analyzer Wireshark. The Common Vulnerabilities and Exposures project identifies the following problems: The GSM SMS dissector is vulnerable to denial of service. The PANA and KISMET dissectors are vulnerable to denial of service. ... oval:org.mitre.oval:def:8331 Alin Rad Pop discovered that Samba contained a buffer overflow condition when processing certain responses received while acting as a client, leading to arbitrary code execution (CVE-2008-1105). oval:org.mitre.oval:def:6983 Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start ... oval:org.secpod.oval:def:600292 Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3112, CVE-2007-3113 It was discovered that cacti is prone to a denial of service via the graph_hei ... oval:org.mitre.oval:def:7684 It has been discovered that proftpd-dfsg, a virtual-hosting FTP daemon, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 client certificate, when the dNSNameRequired TLS option is enabled. oval:org.mitre.oval:def:7674 Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or poss ... oval:org.mitre.oval:def:7842 Multiple vulnerabilities have been identified in libgd2, a library for programmatic graphics creation and manipulation. The Common Vulnerabilities and Exposures project identifies the following problems: Grayscale PNG files containing invalid tRNS chunk CRC values could cause a denial of service (cr ... oval:org.mitre.oval:def:7803 Several vulnerabilities have been discovered in the GNOME XML library. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that missing input sanitising in the xmlBufferResize() function may lead to an infinite loop, resulting in denial of service. ... oval:org.mitre.oval:def:7389 Multiple vulnerabilities have been identified in git-core, the core of the git distributed revision control system. Improper path length limitations in git's diff and grep functions, in combination with maliciously crafted repositories or changes, could enable a stack buffer overflow and potentially ... oval:org.secpod.oval:def:600436 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attac ... oval:org.mitre.oval:def:7699 It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities: Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality (CVE-2008-5916). Local users ... oval:org.secpod.oval:def:600343 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-5500 Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might tri ... oval:org.mitre.oval:def:7805 Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might ... oval:org.secpod.oval:def:600379 It was discovered that gitweb, the web interface for the Git version control system, contained several vulnerabilities: Remote attackers could use crafted requests to execute shell commands on the web server, using the snapshot generation and pickaxe search functionality . Local users with write acc ... oval:org.mitre.oval:def:8180 Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. For the old stable distribution (sarge), this problem has been fixed in version 2. ... oval:org.mitre.oval:def:8136 Peter Valchev (Google Security) discovered a series of integer overflow weaknesses in Cairo, a vector graphics rendering library used by many other applications. If an application uses cairo to render a maliciously crafted PNG image, the vulnerability allows the execution of arbitrary code. oval:org.mitre.oval:def:7422 Joel R. Voss discovered that the IAX2 module of Asterisk, a free software PBX and telephony toolkit performs insufficient validation of IAX2 protocol messages, which may lead to denial of service. oval:org.secpod.oval:def:600284 Michal Hlavinka discovered that the fix for code execution in the map_yp_alias function, known as CVE-2009-1579 and released in DSA 1802-1, was incomplete. This update corrects the fix for that function. For the old stable distribution , this problem has been fixed in version 1.4.9a-5. For the stabl ... oval:org.mitre.oval:def:8286 Ivan Markovic discovered that SquirrelMail, a webmail application, did not sufficiently sanitise incoming HTML email, allowing an attacker to perform cross site scripting through sending a malicious HTML email. oval:org.secpod.oval:def:600492 Several vulnerabilities have been discovered in libmodplug, the shared libraries for mod music based on ModPlug. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1438 It was discovered that libmodplug is prone to an integer overflow when processing a MED f ... oval:org.mitre.oval:def:8101 Colin Walters discovered that the dbus_signature_validate function in dbus, a simple interprocess messaging system, is prone to a denial of service attack. oval:org.secpod.oval:def:600341 Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences . As an additional precaution, this security update also disables font changing, user-defined keys, and X property changes ... oval:org.mitre.oval:def:8044 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that missing boundary checks on a reference counter for CSS objects can lead to the exec ... oval:org.mitre.oval:def:7636 Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman discovered that the layout engine is vulnerable to DoS attacks that might trigger memory co ... oval:org.mitre.oval:def:8254 Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution ... oval:org.secpod.oval:def:600325 Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1768 Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to ... oval:org.mitre.oval:def:7025 Several vulnerabilities have been discovered in NET SNMP, a suite of Simple Network Management Protocol applications. The Common Vulnerabilities and Exposures project identifies the following problems: Wes Hardaker reported that the SNMPv3 HMAC verification relies on the client to specify the HMAC l ... oval:org.mitre.oval:def:8361 It was discovered that the Host Manager web application performed insufficient input sanitising, which could lead to cross-site scripting. oval:org.mitre.oval:def:7922 Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service or the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Drew Yao discovered that multiple integer overflows in th ... oval:org.mitre.oval:def:7991 It was discovered that malformed cache update replies against the Squid WWW proxy cache could lead to the exhaustion of system memory, resulting in potential denial of service. oval:org.mitre.oval:def:7232 A weakness has been discovered in squid, a caching proxy server. The flaw was introduced upstream in response to CVE-2007-6239, and announced by Debian in DSA-1482-1. The flaw involves an over-aggressive bounds check on an array resize, and could be exploited by an authorized client to induce a deni ... oval:org.mitre.oval:def:7965 Multiple vulnerabilities have been discovered in xine-lib, a library which supplies most of the application functionality of the xine multimedia player. The Common Vulnerabilities and Exposures project identifies the following three problems: Integer overflow vulnerabilities exist in xine's FLV, Qui ... oval:org.mitre.oval:def:7757 Several local vulnerabilities have been discovered in Xine, a media player library, allowed for a denial of service or arbitrary code execution, which could be exploited through viewing malicious content. The Common Vulnerabilities and Exposures project identifies the following problems: The DMO_Vid ... oval:org.mitre.oval:def:8162 Several remote vulnerabilities have been discovered in the Iceape internet suite, an unbranded version of the Seamonkey Internet Suite. The Common Vulnerabilities and Exposures project identifies the following problems: Jesse Ruderman, Kai Engert, Martijn Wargers, Mats Palmgren and Paul Nickerson di ... oval:org.mitre.oval:def:8307 Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer, which may lead to denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: The RPL dissector could be tricked into an infinite loop. The CIP dissector could be ... oval:org.mitre.oval:def:7957 Takashi Iwai supplied a fix for a memory leak in the snd_page_alloc module. Local users could exploit this issue to obtain sensitive information from the kernel (CVE-2007-4571). oval:org.mitre.oval:def:7811 Several local/remote vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the privilege validation for the source table of CREATE TABLE LIKE statements was insufficiently enforced ... oval:org.mitre.oval:def:8118 Two vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or arbitrary code execution. The Common Vulnerabilities and Exposures project identifies the following problems: Wei Wang from McAfee reported a potential heap overflow in the ASN.1 decode code that is ... oval:org.mitre.oval:def:8158 Several remote vulnerabilities have been discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. The Common Vulnerabilities and Exposures project identifies the following problems: Thomas Sesselmann discovered that slapd could be crashed by a malformed modify requ ... oval:org.mitre.oval:def:8019 Several vulnerabilities were found in the Vorbis General Audio Compression Codec, which may lead to denial of service or the execution of arbitrary code, if a user is tricked into opening a malformed Ogg Audio file with an application linked against libvorbis. oval:org.mitre.oval:def:8413 Several remote vulnerabilities have been discovered in SquirrelMail, a webmail application. The Common Vulnerabilities and Exposures project identifies the following problems: Cross site scripting was possible through a number of pages which allowed an attacker to steal sensitive session data. Code ... oval:org.mitre.oval:def:7900 Paul Szabo discovered that xterm, a terminal emulator for the X Window System, places arbitrary characters into the input buffer when displaying certain crafted escape sequences (CVE-2008-2383). As an additional precaution, this security update also disables font changing, user-defined keys, and X p ... oval:org.mitre.oval:def:7996 A buffer overflow has been discovered in the HTTP parser of the No-IP.com Dynamic DNS update client, which may result in the execution of arbitrary code. oval:org.mitre.oval:def:8347 Two SQL injection vulnerabilities have been found in courier-authlib, the courier authentification library. The MySQL database interface used insufficient escaping mechanisms when constructing SQL statements, leading to SQL injection vulnerabilities if certain charsets are used (CVE-2008-2380). A si ... oval:org.mitre.oval:def:8150 Cameron Hotchkies discovered that the OpenLDAP server slapd, a free implementation of the Lightweight Directory Access Protocol, could be crashed by sending malformed ASN1 requests. oval:org.mitre.oval:def:8062 It was discovered that crashes in the JavaScript engine of Iceape, an unbranded version of the Seamonkey internet suite could potentially lead to the execution of arbitrary code. oval:org.mitre.oval:def:7849 Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to. oval:org.mitre.oval:def:7601 Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: Olaf Kock discovered that HTTPS encryption was insufficiently enforced for single-sign-on cookies, which could result in infor ... oval:org.mitre.oval:def:7988 Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It w ... oval:org.mitre.oval:def:7989 Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that single quotes (') in cookies were treated as a delimiter, which could lead to an information leak. It w ... oval:org.mitre.oval:def:7851 It was discovered that loop-aes-utils, tools for mounting and manipulating filesystems, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. oval:org.mitre.oval:def:8090 It was discovered that util-linux, miscellaneous system utilities, didn't drop privileged user and group permissions in the correct order in the mount and umount commands. This could potentially allow a local user to gain additional privileges. oval:org.mitre.oval:def:8076 It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. oval:org.mitre.oval:def:7929 It was discovered that BIND, an implementation of the DNS protocol suite, does not properly check the result of an OpenSSL function which is used to verify DSA cryptographic signatures. As a result, incorrect DNS resource records in zones protected by DNSSEC could be accepted as genuine. oval:org.mitre.oval:def:7628 A symlink traversal vulnerability was discovered in MySQL, a relational database server. The weakness could permit an attacker having both CREATE TABLE access to a database and the ability to execute shell commands on the database server to bypass MySQL access controls, enabling them to write to tab ... oval:org.mitre.oval:def:7917 Sergei Golubchik discovered that MySQL, a widely-deployed database server, did not properly validate optional data or index directory paths given in a CREATE TABLE statement, nor would it (under proper conditions) prevent two databases from using the same paths for data or index files. This permits ... oval:org.mitre.oval:def:7753 Multiple weaknesses have been identified in PyDNS, a DNS client implementation for the Python language. Dan Kaminsky identified a practical vector of DNS response spoofing and cache poisoning, exploiting the limited entropy in a DNS transaction ID and lack of UDP source port randomization in many DN ... oval:org.mitre.oval:def:7682 Dan Kaminsky and Moxie Marlinspike discovered that kdelibs, core libraries from the official KDE release, does not properly handle a "\0" character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers ... oval:org.mitre.oval:def:8092 Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting. This update changes Debian's BIND 9 packages to implement the recommended countermeasure ... oval:org.mitre.oval:def:7660 In DSA-1603-1, Debian released an update to the BIND 9 domain name server, which introduced UDP source port randomization to mitigate the threat of DNS cache poisoning attacks (identified by the Common Vulnerabilities and Exposures project as CVE-2008-1447). The fix, while correct, was incompatible ... oval:org.mitre.oval:def:8231 An integer overflow has been discovered in the image validation code of cupsys, the Common UNIX Printing System. An attacker could trigger this bug by supplying a malicious graphic that could lead to the execution of arbitrary code. oval:org.mitre.oval:def:8015 Marcus Meissner discovered that the PulseAudio sound server performed insufficient checks when dropping privileges, which could lead to local privilege escalation. The old stable distribution (sarge) doesn't contain pulseaudio. oval:org.secpod.oval:def:600280 It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof operator an attacker is able to pass a negative length to snprintf calls resulting in large positi ... oval:org.secpod.oval:def:600087 Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using them ... oval:org.mitre.oval:def:7013 Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them: Control field names and values were not sanitised before using them in certain operations that could lead to directo ... oval:org.mitre.oval:def:8232 Several remote vulnerabilities have been discovered in libnet-dns-perl. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that libnet-dns-perl generates very weak transaction IDs when sending queries (CVE-2007-3377). This update switches transactio ... oval:org.secpod.oval:def:600296 Several vulnerabilities have been found in the MIT reference implementation of Kerberos V5, a system for authenticating users and services on a network. The Common Vulnerabilities and Exposures project identified the following problems: The Apple Product Security team discovered that the SPNEGO GSS- ... oval:org.mitre.oval:def:7938 Martin von Gagern discovered that GNUTLS, an implementation of the TLS/SSL protocol, handles verification of X.509 certificate chains incorrectly if a self-signed certificate is configured as a trusted certificate. This could cause clients to accept forged server certificates as genuine. (CVE-2008-4 ... oval:org.secpod.oval:def:600469 Martin von Gagern discovered that GNUTLS, an implementation of the TLS/SSL protocol, handles verification of X.509 certificate chains incorrectly if a self-signed certificate is configured as a trusted certificate. This could cause clients to accept forged server certificates as genuine. In additio ... oval:org.secpod.oval:def:600512 Tavis Ormandy discovered several integer overflows in FreeType, a library to process and access font files, resulting in heap- or stack-based buffer overflows leading to application crashes or the execution of arbitrary code via a crafted font file. For the oldstable distribution , this problem has ... oval:org.mitre.oval:def:8045 Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. oval:org.secpod.oval:def:600496 Peter Valchev discovered an error in expat, an XML parsing C library, when parsing certain UTF-8 sequences, which can be exploited to crash an application using the library. For the old stable distribution , this problem has been fixed in version 1.95.8-3.4+etch1. For the stable distribution , this ... oval:org.secpod.oval:def:600475 Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they"re no longer considered cryptographically secure. For the stable distribution , this problem has been fixed in version 0.9.8g-15+lenny5. For the old stable distribution , this problem has been fixed in version 0.9.8c ... oval:org.secpod.oval:def:600278 Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0255 Chris John Riley discovered that the TYPO3-wide used encryption key is generated with an ... oval:org.mitre.oval:def:8128 Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: Chris John Riley discovered that the TYPO3-wide used encryption key is generated with an insufficiently ... oval:org.mitre.oval:def:8142 Two vulnerabilities have been found in uw-imap, an IMAP implementation. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that several buffer overflows can be triggered via a long folder extension argument to the tmail or dmail program. This could ... oval:org.mitre.oval:def:8239 It was discovered that php-json-ext, a JSON serialiser for PHP, is prone to a denial of service attack, when receiving a malformed string via the json_decode function. oval:org.secpod.oval:def:600256 It was discovered that php-json-ext, a JSON serialiser for PHP, is prone to a denial of service attack, when receiving a malformed string via the json_decode function. For the oldstable distribution , this problem has been fixed in version 1.2.1-3.2+etch1. The stable distribution does not contain a ... oval:org.mitre.oval:def:8041 Several remote vulnerabilities have been discovered in phpMyAdmin, an application to administrate MySQL over the WWW. The Common Vulnerabilities and Exposures project identifies the following problems: Attackers with CREATE table permissions were allowed to read arbitrary files readable by the webse ... oval:org.mitre.oval:def:7775 Chris Evans discovered a buffer overflow in the color space handling code of the Ghostscript PostScript/PDF interpreter, which might result in the execution of arbitrary code if a user is tricked into processing a malformed file. oval:org.secpod.oval:def:600276 Robin Park and Dmitri Vinokurov discovered that the daemon component of the ntp package, a reference implementation of the NTP protocol, is not properly reacting to certain incoming packets. An unexpected NTP mode 7 packets with spoofed IP data can lead ntpd to reply with a mode 7 response to the s ... oval:org.mitre.oval:def:7981 Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, whi ... oval:org.mitre.oval:def:7901 Several vulnerabilities have been discovered in the interpreter for the Python language. The Common Vulnerabilities and Exposures project identifies the following problems: David Remahl discovered several integer overflows in the stringobject, unicodeobject, bufferobject, longobject, tupleobject, st ... oval:org.mitre.oval:def:7946 Luciano Bello discovered that the random number generator in Debian's openssl package is predictable. This is caused by an incorrect Debian-specific change to the openssl package (CVE-2008-0166). As a result, cryptographic key material may be guessable. This is a Debian-specific vulnerability which ... |
