[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 85329 Download | Alert*

It was discovered that auth2db, an IDS logger, log viewer and alert generator, is prone to an SQL injection vulnerability, when used with multibyte character encodings. For the stable distribution , this problem has been fixed in version 0.2.5-2+dfsg-1+lenny1. The oldstable distribution doesn"t contain auth2db. For the testing distribution , this problem will be fixed soon. For the unstable distr ...

Tavis Ormandy discovered that the Tag Image File Format library is vulnerable to a buffer overflow triggered by a crafted OJPEG file which allows for a crash and potentially execution of arbitrary code. The oldstable distribution is not affected by this problem.

A cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.

It was discovered that OpenOffice.org would not properly process crafted document files, possibly leading to arbitrary code execution. CVE-2012-1149 Integer overflows in PNG image handling CVE-2012-2334 Integer overflow in operator new[] invocation and heap-based buffer overflow inside the MS-ODRAW parser

Stefan Bühler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version. As the fix is ...

Konstantin Belousov and Alan Cox discovered that insufficient permission checks in the memory management of the FreeBSD kernel could lead to privilege escalation.

Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementaton errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery. As already an ...

It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.

It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification.

Bryan Quigley discovered an integer underflow in the Xorg X server which could lead to denial of service or the execution of arbitrary code.

Pages:      Start    7891    7892    7893    7894    7895    7896    7897    7898    7899    7900    7901    7902    7903    7904    ..   8532

© SecPod Technologies