[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 2936 Download | Alert*

Steve Kemp from the Debian Security Audit project discovered several local vulnerabilities in xwine, a graphical user interface for the WINE emulator. The Common Vulnerabilities and Exposures project identifies the following problems: The xwine command makes unsafe use of local temporary files when printing. This could allow the removal of arbitrary files belonging to users who invoke the program. ...

Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user.

Josh Triplett discovered that ikiwiki did not block Javascript in URLs, leading to cross-site scripting vulnerabilities (CVE-2008-0808, CVE-2008-0809). The old stable distribution (sarge) did not contain an ikiwiki package.

Peter Paul Elfferich discovered that turba2, a contact management component for horde framework, did not correctly check access rights before allowing users to edit addresses. This could result in valid users being able to alter private address records.

Frank Lichtenheld and Nico Golde discovered that WML, an off-line HTML generation toolkit, creates insecure temporary files in the eperl and ipp backends and in the wmg.cgi script, which could lead to a local denial of service by overwriting files. The old stable distribution (sarge) is not affected.

Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.

Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of o ...

Several buffer overflows have been discovered in the MPlayer movie player, which might lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Felipe Manzano and Anibal Sacco discovered a buffer overflow in the demuxer for MOV files. Reimar Doeffinger discovered a buffer overflow in the FLAC header parsing. Adam Bozanich discover ...

Felipe Sateler discovered that apt-listchanges, a package change history notification tool, used unsafe paths when importing its python libraries. This could allow the execution of arbitrary shell commands if the root user executed the command in a directory which other local users may write to.

It was discovered that a directory traversal vulnerability in CherryPy, a pythonic, object-oriented web development framework, may lead to denial of service by deleting files through malicious session IDs in cookies. The old stable distribution (sarge) doesn't contain python-cherrypy.

Pages:      Start    279    280    281    282    283    284    285    286    287    288    289    290    291    292    ..   293

© 2013 SecPod Technologies