| census-2010-001 | Census Labs have discovered two improper input validation vulnerabilities in the FreeBSD kernel's NFS client-side implementation (FreeBSD 8.0-RELEASE, 7.3-RELEASE and 7.2-RELEASE) that allow local unprivileged users to escalate their privileges, or to crash the system by performing a denial of service attack. | 29/05/10 |
| multiplebrowser-dos | Denial of service vulnerabilities exist in the Mozilla Firefox, Internet Explorer 6, Internet Explorer 8, Google Chrome, and Opera browsers. | 29/05/10 |
| VMSA-2010-0009 | VMware Security Advisory - ESXi update for ntp and ESX Console OS (COS) updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo. | 29/05/10 |
| MDVSA-2010-110 | Mandriva Linux Security Advisory 2010-110 - The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. This update provides clamav 0.96.1 which is not vulnerable to these issues. | 28/05/10 |
| USN-945-1 | Ubuntu Security Notice 945-1 - It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS. | 28/05/10 |
| MDVSA-2010-109 | Mandriva Linux Security Advisory 2010-109 - gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times. This update fixes this issue. | 28/05/10 |
| FreeBSD-SA-10-06.nfsclient | FreeBSD Security Advisory - The NFS client subsystem fails to correctly validate the length of a parameter provided by the user when a filesystem is mounted. | 28/05/10 |
| FreeBSD-SA-10-04.jail | FreeBSD Security Advisory - The jail utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants. | 28/05/10 |
| FreeBSD-SA-10-05.opie | FreeBSD Security Advisory - A programming error in the OPIE library could allow an off-by-one buffer overflow to write a single zero byte beyond the end of an on-stack buffer. | 28/05/10 |
| cisco-sa-20100526-mediator | Cisco Security Advisory - Multiple vulnerabilities exist in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. | 27/05/10 |
| HPSBMA02442-SSRT090108 | HP Security Bulletin - Potential security vulnerabilities have been identified with HP Business Availability Center running Apache. The vulnerabilities could be remotely exploited to allow Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Denial of Service (DoS). | 27/05/10 |
| cyberoam-plaintext | Cyberoam SSL VPN Client version 1.0 suffers from a credential plain-text storage vulnerability. | 27/05/10 |
| HPSBGN02315-SSRT071487 | HP Security Bulletin - A potential vulnerability has been identified with HP TestDirector for Quality Center running on AIX, Linux and Solaris. The vulnerability could be exploited to allow remote unauthorized access. | 27/05/10 |
| MDVSA-2010-108 | Mandriva Linux Security Advisory 2010-108 - Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab Server before 2.2.3 allows attackers to have an unspecified impact via vectors related to an image upload form. This update fixes this issue. | 27/05/10 |
| ESA-2010-007 | A vulnerability exists in EMC Avamar which can be exploited by an unauthenticated remote user to cause denial of service. Versions 4.1.x and 5.0 are affected. | 27/05/10 |
| USN-944-1 | Ubuntu Security Notice 944-1 - Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. | 26/05/10 |
| MDVSA-2010-107 | Mandriva Linux Security Advisory 2010-107 - The server failed to check the table name argument of a COM_FIELD_LIST command packet for validity and compliance to acceptable table name standards. This could be exploited to bypass almost all forms of checks for privileges and table-level grants by providing a specially crafted table name argument to COM_FIELD_LIST. The server could be tricked into reading packets indefinitely if it received a packet larger than the maximum size of one packet. The server was susceptible to a buffer-overflow attack due to a failure to perform bounds checking on the table name argument of a COM_FIELD_LIST command packet. By sending long data for the table name, a buffer is overflown, which could be exploited by an authenticated user to inject malicious code. Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. The updated packages have been patched to correct these issues. | 26/05/10 |
| dsa-2053-1 | Debian Linux Security Advisory 2053-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation. | 26/05/10 |
| ie-fileread | Microsoft Internet Explorer 8 suffers from an arbitrary file read vulnerability. | 26/05/10 |
| dsa-2052-1 | Debian Linux Security Advisory 2052-1 - Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field. | 26/05/10 |
| Bkis-01-2010 | BigAce versions 2.7.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. | 26/05/10 |
| MDVSA-2010-106 | Mandriva Linux Security Advisory 2010-106 - A vulnerability was discovered in aria2 which allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file. This update fixes this issue. Packages for 2009.0 are provided as of the Extended Maintenance Program. | 26/05/10 |
| dsa-2051-1 | Debian Linux Security Advisory 2051-1 - Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. | 26/05/10 |
| dsa-2050-1 | Debian Linux Security Advisory 2050-1 - Several local vulnerabilities have been discovered in KPDF, a PDF viewer for KDE, which allow the execution of arbitrary code or denial of service if a user is tricked into opening a crafted PDF document. | 26/05/10 |
| secunia-ziproxy | Secunia Research has discovered two vulnerabilities in Ziproxy, which can be exploited by malicious people to compromise a vulnerable system. An integer overflow within the jpg2bitmap() function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images. An integer overflow within the png2bitmap() function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images. Ziproxy version 3.0.0 is affected. | 26/05/10 |
| dsa-2048-1 | Debian Linux Security Advisory 2048-1 - Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service (crash of the application), and possibly arbitrary code execution. | 26/05/10 |
| MOPS-2010-023.pdf | Month Of PHP Security - An SQL Injection vulnerability was discovered in Cacti that allows to retrieve all data from the database. In Cacti installations with publicly viewable graphs this vulnerability is a pre-auth SQL injection vulnerability. Cacti versions 0.8.7e and below are affected. | 26/05/10 |
| dsa-2049-1 | Debian Linux Security Advisory 2049-1 - It has been discovered that barnowl, a curses-based tty Jabber, IRC, AIM and Zephyr client, is prone to a buffer overflow via its CC: handling, which could lead to the execution of arbitrary code. | 26/05/10 |
| MDVSA-2010-105 | Mandriva Linux Security Advisory 2010-105 - This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes for integer and heap-based buffer overflows. | 26/05/10 |
| MDVSA-2010-102 | Mandriva Linux Security Advisory 2010-102 - Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. | 20/05/10 |
| USN-940-1 | Ubuntu Security Notice 940-1 - It was discovered that Kerberos did not correctly free memory in the GSSAPI and kdb libraries. If a remote attacker were able to manipulate an application using these libraries carefully, the service could crash, leading to a denial of service. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. | 20/05/10 |
| MDVSA-2010-101 | Mandriva Linux Security Advisory 2010-101 - It was possible for DROP TABLE of one MyISAM table to remove the data and index files of a different MyISAM table. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. | 20/05/10 |
| secunia-orbitdownloader | Secunia Research has discovered a vulnerability in Orbit Downloader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitizing the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. The vulnerability is confirmed in version 3.0.0.4 and 3.0.0.5. Other versions may also be affected. | 20/05/10 |
| MDVSA-2010-100 | Mandriva Linux Security Advisory 2010-100 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. | 20/05/10 |
| dlinkdi724p-xss | The D-Link DI-724P+ router suffers from a cross site scripting vulnerability. | 20/05/10 |
| HPSBUX02523-SSRT100036 | HP Security Bulletin - A potential security vulnerability has been identified with NFS/ONCplus running on HP-UX. The vulnerability could result in a remote Denial of Service (DoS) and increase in privilege. | 20/05/10 |
| USN-939-1 | Ubuntu Security Notice 939-1 - L. Minier discovered that xvfb-run did not correctly keep the X.org session cookie private. A local attacker could gain access to any local sessions started by xvfb-run. Ubuntu 9.10 was not affected. It was discovered that the X.org server did not correctly handle certain calculations. A remote attacker could exploit this to crash the X.org session or possibly run arbitrary code with root privileges. | 19/05/10 |
| MDVSA-2010-099 | Mandriva Linux Security Advisory 2010-099 - This advisory updates wireshark to the latest version(s), fixing several bugs and one security issue. The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. | 19/05/10 |
| MITKRB5-SA-2010-005 | MIT krb5 Security Advisory 2010-005 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. This is an implementation vulnerability in MIT krb5, and not a vulnerability in the Kerberos protocol. | 19/05/10 |
| HPSBMA02535-SSRT100029 | HP Security Bulletin - Potential security vulnerabilities have been identified with HP Performance Manager. The vulnerabilities could be exploited remotely to allow unauthorized access, cross site scripting (XSS), and Denial of Service (DoS). | 19/05/10 |
| MDVSA-2010-098 | Mandriva Linux Security Advisory 2010-098 - The name attribute of the file element of metalink files is not properly sanitized before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Packages for 2009.0 are provided due to the Extended Maintenance Program. The corrected packages solves these problems. | 19/05/10 |
| MDVSA-2010-097 | Mandriva Linux Security Advisory 2010-097 - The msn_emoticon_msg function in slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.7.0 allows remote attackers to cause a denial of service (application crash) via a custom emoticon in a malformed SLP message. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The updated packages have been patched to correct this issue. | 19/05/10 |
| HPSBMA02534-SSRT090180 | HP Security Bulletin - Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows. These vulnerabilities could be exploited remotely to allow unauthorized information disclosure, unauthorized data modification, Denial of Service (DoS). | 19/05/10 |
| dsa-2038-2 | Debian Linux Security Advisory 2038-2 - The packages for Pidgin released as DSA 2038-1 had a regression, as they unintentionally disabled the Zephyr instant messaging protocol. This update restores Zephyr functionality. | 19/05/10 |
| dsa-2047-1 | Debian Linux Security Advisory 2047-1 - A vulnerability was discovered in aria2, a download client. The name attribute of the file element of metalink files is not properly sanitised before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory. | 19/05/10 |
| MDVSA-2010-096 | Mandriva Linux Security Advisory 2010-096 - Multiple vulnerabilities have been discovered and fixed in tetex. The corrected packages solves these problems. | 19/05/10 |
| springsourcetc-bypass | The SpringSource tc Server suffers from an unauthenticated remote access vulnerability in relation to the JMX interface. | 19/05/10 |
| oCERT-2010-001 | lftp versions 4.0.5 and below, wget versions 1.12 and below and libwww-perl versions 5.034 and below all suffer from an unexpected download filename vulnerability. | 19/05/10 |
| phpgroupware-sql | phpGroupWare versions 0.9.16.015 and below suffer from local file inclusion and remote SQL injection vulnerabilities. | 19/05/10 |
| HPSBPI02532-SSRT100111 | HP Security Bulletin - A potential security vulnerability has been identified with HP MFP Digital Sending Software running on Windows. The vulnerability could be exploited by a local user to gain unauthorized access to Send to e-mail and other functionality of an HP Multifunction Peripheral (MFP) controlled by the HP Digital Sending Software. | 17/05/10 |
| dsa-2046-1 | Debian Linux Security Advisory 2046-1 - Several remote vulnerabilities have been discovered in phpgroupware, a Web based groupware system written in PHP. | 17/05/10 |
| secunia-aria2ml | Secunia Research has discovered a vulnerability in aria2, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application not properly sanitising the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. aria2 version 1.9.1 build2 is affected. | 17/05/10 |
| secunia-fdmml | Secunia Research has discovered a vulnerability in Free Download Manager, which can be exploited by malicious people to compromise a user's system. The name attribute of the file element of metalink files is not properly sanitised before being used to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. Free Download Manager version 3.0 build 850 is affected. | 17/05/10 |
| secunia-fdmbo | Secunia Research has discovered four vulnerabilities in Free Download Manager, which can be exploited by malicious people to compromise a user's system. Free Download Manager version 3.0 build 850 is affected. | 17/05/10 |
| secunia-kdekget | Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to KGet not properly sanitising the name attribute of the file element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. KDE version 4.4.2 is affected. | 17/05/10 |
| secunia-kdekgetifo | Secunia Research has discovered a vulnerability in KDE, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused by KGet downloading files without the user's acknowledgment, overwriting existing files of the same name when displaying a dialog box that allows a user to choose the file to download out of the options offered by a metalink file. KDE version 4.4.2 is affected. | 17/05/10 |
| USN-938-1 | Ubuntu Security Notice 938-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution. | 17/05/10 |
| MDVSA-2010-095 | Mandriva Linux Security Advisory 2010-095 - There's a race condition in libXext that causes apps that use the X shared memory extensions to occasionally crash. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages solves this problem. | 17/05/10 |
| MDVSA-2010-094 | Mandriva Linux Security Advisory 2010-094 - Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long.bib bibliography file. Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted virtual font (VF) file associated with a DVI file. Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed DVI file. Integer overflow in the predospecial function in dospecial.c in dvips in (1) TeX Live and (2) teTeX might allow user-assisted remote attackers to execute arbitrary code via a crafted DVI file that triggers a heap-based buffer overflow. Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739. Packages for 2008.0 and 2009.0 are provided due to the Extended Maintenance Program for those products. The corrected packages solves these problems. | 17/05/10 |
