[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

 
 
Paid content will be excluded from the download.

Filter
Matches : 3255 Download | Alert*

Arand Nash discovered that applications linked to GLib did not correctly copy symlinks. If a user copied symlinks with GLib, the symlink target files would become world-writable, allowing local attackers to gain access to potentially sensitive information.

Russell Senior discovered that the system authentication module selection mechanism for PAM did not safely handle an empty selection. If an administrator had specifically removed the default list of modules or failed to chose a module when operating debconf in a very unlikely non-default configuration, PAM would allow any authentication attempt, which could lead to remote attackers gaining access ...

Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of the user invoking the program.

USN-847-1 fixed vulnerabilities in devscripts. This update provides the corresponding updates for Ubuntu 6.06 LTS. Original advisory details: Raphael Geissert discovered that uscan, a part of devscripts, did not properly sanitize its input when processing pathnames. If uscan processed a crafted filename for a file on a remote server, an attacker could execute arbitrary code with the privileges of ...

Steffen Joeris discovered that PyGreSQL 3.8 did not use PostgreSQL"s safe string and bytea functions in its own escaping functions. As a result, applications written to use PyGreSQL"s escaping functions are vulnerable to SQL injections when processing certain multi-byte character sequences. Because the safe functions require a database connection, to maintain backwards compatibility, pg.escape_str ...

It was discovered that KDE did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications.

It was discovered that Qt did not properly handle certificates with NULL characters in the Subject Alternative Name field of X.509 certificates. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications

It was discovered that Nagios did not properly parse certain commands submitted using the WAP web interface. An authenticated user could exploit this flaw and execute arbitrary programs on the server.

It was discovered that ImageMagick did not properly verify the dimensions of TIFF files. If a user or automated system were tricked into opening a crafted TIFF file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

Drew Yao discovered several flaws in the way OpenEXR handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that OpenEXR did not properly handle certain malformed EXR image fi ...


Pages:      Start    310    311    312    313    314    315    316    317    318    319    320    321    322    323    ..   325

© 2013 SecPod Technologies