[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6552 Download | Alert*

Ricardo Narvaja discovered that missing input sanitising in VLC, a multimedia player and streamer, could lead to the execution of arbitrary code if a user is tricked into opening a malformed media file. This update also provides updated packages for oldstable for vulnerabilities, which have already been addressed in Debian stable , either during the freeze or in DSA-2159

It was discovered that phpMyAdmin, a a tool to administer MySQL over the web, when the bookmarks feature is enabled, allowed to create a bookmarked query which would be executed unintentionally by other users.

Ansgar Burchardt discovered several vulnerabilities in DTC, a web control panel for admin and accounting hosting services. CVE-2011-0434 The bw_per_moth.php graph contains an SQL injection vulnerability. CVE-2011-0435 Insufficient checks in bw_per_month.php can lead to bandwidth usage information disclosure. CVE-2011-0436 After a registration, passwords are sent in cleartext email messages. CVE-20 ...

Several issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. CVE-2011-1022 libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink m ...

Stephane Chazelas discovered that the cronjob of the PHP 5 package in Debian suffers from a race condition which might be used to remove arbitrary files from a system . When upgrading your php5-common package take special care to _accept_ the changes to the /etc/cron.d/php5 file. Ignoring them would leave the system vulnerable.

Mathias Svensson discovered that tex-common, a package shipping a number of scripts and configuration files necessary for TeX, contains insecure settings for the "shell_escape_commands" directive. Depending on the scenario, this may result in arbitrary code execution when a victim is tricked into processing a malicious tex-file or this is done in an automated fashion. The oldstable distr ...

Emmanuel Bouillon discovered a double free in tgt, the Linux SCSI target user-space tools, which could lead to denial of service. The oldstable distribution doesn"t include tgt.

Two security issues have been discovered in Weechat a, fast, light and extensible chat client: CVE-2011-1428 X.509 certificates were incorrectly validated. CVE-2012-5534 The hook_process function in the plugin API allowed the execution of arbitrary shell commands.

Several problems have been discovered in mediawiki, a website engine for collaborative work. CVE-2011-1578 CVE-2011-1587 Masato Kinugawa discovered a cross-site scripting issue, which affects Internet Explorer clients only, and only version 6 and earlier. Web server configuration changes are required to fix this issue. Upgrading MediaWiki will only be sufficient for people who use Apache with All ...

Aliz Hammond discovered that the MP4 decoder plugin of vlc, a multimedia player and streamer, is vulnerable to a heap-based buffer overflow. This has been introduced by a wrong data type being used for a size calculation. An attacker could use this flaw to trick a victim into opening a specially crafted MP4 file and possibly execute arbitrary code or crash the media player. The oldstable distribut ...


Pages:      Start    374    375    376    377    378    379    380    381    382    383    384    385    386    387    ..   655

© SecPod Technologies