| MDVSA-2010-142 | Mandriva Linux Security Advisory 2010-142 - The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. OpenLDAP 2.4.22 allows remote attackers to cause a denial of service via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smr_normalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schema_init.c, as demonstrated using the Codenomicon LDAPv3 test suite. | 29/07/10 |
| secunia-autonomykvrp | Secunia Research has discovered two vulnerabilities in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused by boundary errors in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing certain records. This can be exploited to cause stack-based buffer overflows via specially crafted files. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomykvindex | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused by an error in the SpreadSheet Lotus 123 reader (wkssr.dll) when allocating an array of pointers during the parsing of a certain record type combined with how strings are later indexed. This can be exploited to corrupt memory via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-wkssriu | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused by an integer underflow error in the SpreadSheet Lotus 123 reader (wkssr.dll) when parsing the size of a specific record type. This can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomywosr | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error the WordPerfect 5.x reader (wosr.dll) when parsing data blocks and can be exploited to cause a heap-based buffer overflow via a specially crafted file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomyrtfsigned | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a signedness error when parsing the argument to the \\ls keyword within a list override table entry in RTF files. This can be exploited to cause a buffer overflow via a specially crafted RTF file. Successful exploitation may allow execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomywkssr | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error in the Spreadsheet Lotus 123 reader (wkssr.dll) when converting floating point values in certain record types. This can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| secunia-autonomycfp | Secunia Research has discovered a vulnerability in Autonomy KeyView, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused by a boundary error when parsing record data in compound documents. This can be exploited to cause a heap-based buffer overflow when an application using the vulnerable library parses e.g. a specially crafted Quattro Pro file. Successful exploitation allows execution of arbitrary code. Autonomy KeyView versions 10.4 and 10.9 are affected. | 29/07/10 |
| dsa-2076-1 | Debian Linux Security Advisory 2076-1 - It was discovered that GnuPG 2 uses a freed pointer when verify a signature or importing a certificate with many Subject Alternate Names, potentially leading to arbitrary code execution. | 28/07/10 |
| dsa-2075-1 | Debian Linux Security Advisory 2075-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | 28/07/10 |
| MDVSA-2010-141 | Mandriva Linux Security Advisory 2010-141 - The chain_reply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request with a certain 0x8003 field value. The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service (process crash), via a \\xff\\xff security blob length in a Session Setup AndX request. The updated packages provides samba 3.4.8 which is not vulnerable to these issues. | 28/07/10 |
| MDVSA-2010-140 | Mandriva Linux Security Advisory 2010-140 - This is a maintenance and security update that upgrades php to 5.3.3 for 2010.0/2010.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible resource destruction issues in shm_put_var(). Fixed a possible information leak because of interruption of XOR operator. Fixed a possible memory corruption because of unexpected call-time pass by reference and following memory clobbering through callbacks. Fixed a possible memory corruption in ArrayObject::uasort(). Fixed a possible memory corruption in parse_str(). Fixed a possible memory corruption in pack(). Fixed a possible memory corruption in substr_replace(). Fixed a possible memory corruption in addcslashes(). Fixed a possible stack exhaustion inside fnmatch(). Fixed a possible dechunking filter buffer overflow. Fixed a possible arbitrary memory access inside sqlite extension. Fixed string format validation inside phar extension. Fixed handling of session variable serialization on certain prefix characters. Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed SplObjectStorage unserialization problems. Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user. Fixed possible buffer overflows when handling error packets in mysqlnd. Additionally some of the third party extensions and required dependencies has been upgraded and/or rebuilt for the new php version. | 28/07/10 |
| MDVSA-2010-139 | Mandriva Linux Security Advisory 2010-139 - This is a maintenance and security update that upgrades php to 5.2.14 for CS4/MES5/2008.0/2009.0/2009.1. Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs. Fixed a possible interruption array leak in strrchr(). Fixed a possible interruption array leak in strchr(), strstr(), substr(), chunk_split(), strtok(), addcslashes(), str_repeat(), trim(). Fixed a possible memory corruption in substr_replace(). Fixed SplObjectStorage unserialization problems. Fixed a possible stack exhaustion inside fnmatch(). Fixed a NULL pointer dereference when processing invalid XML-RPC requests. Fixed handling of session variable serialization on certain prefix characters. Fixed a possible arbitrary memory access inside sqlite extension. Reported by Mateusz Kocielski. Additionally some of the third party extensions has been upgraded and/or rebuilt for the new php version. | 28/07/10 |
| USN-964-1 | Ubuntu Security Notice 964-1 - Matt Weatherford discovered that Likewise Open did not correctly check password expiration for the local-provider account. A local attacker could exploit this to log into a system they would otherwise not have access to. | 27/07/10 |
| USN-930-6 | Ubuntu Security Notice 930-6 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | 27/07/10 |
| USN-957-2 | Ubuntu Security Notice 957-2 - USN-957-1 fixed vulnerabilities in Firefox and Xulrunner. Daniel Holbert discovered that the fix for CVE-2010-1214 introduced a regression which did not properly initialize a plugin pointer. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or run arbitrary code as the user invoking the program. This update fixes the problem. | 27/07/10 |
| LWSA-2010-011 | Likewise Security Advisory - A logic flaw has been found in the pam_lsass library from Likewise Open that, when run under the context of a root service (e.g. sshd, gdm, etc.), will allow any user to logon as a lsassd local-provider account (e.g. MACHINE\\Administrator) if the account's password is marked as expired. | 27/07/10 |
| nessus-xssdisclose | The Nessus nessusd_www_server.nbin file suffers from cross site scripting and version disclosure vulnerabilities. | 27/07/10 |
| macosxwebdav-dos | The Mac OS X WebDAV kernel extension is vulnerable to a denial of service issue that allows a local unprivileged user to trigger a kernel panic due to a memory overallocation. | 27/07/10 |
| foofus-20100726 | The Symantec Antivirus Corporate Edition AMS Intel Alert Handler service (hndlrsvc.exe) provides alert setup and response capabilities to AMS2. A design error in Symantec's implementation of this function allows an attacker who can establish a TCP connection to port 38292, on a vulnerable host to execute commands at system level on that host. Versions 10.1.8.8000 and below are affected. | 27/07/10 |
| USN-958-1 | Ubuntu Security Notice 958-1 - Several flaws were discovered in the browser engine of Thunderbird. An integer overflow was discovered in how Thunderbird processed CSS values. An integer overflow was discovered in how Thunderbird interpreted the XUL element. Aki Helin discovered that libpng did not properly handle certain malformed PNG images. Yosuke Hasegawa discovered that the same-origin check in Thunderbird could be bypassed by utilizing the importScripts Web Worker method. Chris Evans discovered that Thunderbird did not properly process improper CSS selectors. Soroush Dalili discovered that Thunderbird did not properly handle script error output. | 27/07/10 |
| MDVSA-2010-138 | Mandriva Linux Security Advisory 2010-138 - Ovidiu Mara reported a vulnerability in ping.c (iputils) that could cause ping to hang when responding to a malicious echo reply. The updated packages have been patched to correct these issues. | 24/07/10 |
| USN-930-5 | Ubuntu Security Notice 930-5 - USN-930-4 fixed vulnerabilities in Firefox and Xulrunner on Ubuntu 9.04 and 9.10. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2. It was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 24/07/10 |
| USN-930-4 | Ubuntu Security Notice 930-4 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides the corresponding updates for Ubuntu 9.04 and 9.10, along with additional updates affecting Firefox 3.6.6. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 24/07/10 |
| USN-927-8 | Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 24/07/10 |
| DSECRG-09-068 | SAP NetWeaver SLD versions 6.4 through 7.02 suffer from multiple cross site scripting vulnerabilities. | 24/07/10 |
| USN-957-1 | Ubuntu Security Notice 957-1 - Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. Various integer overflows and other issues have also been addressed. | 24/07/10 |
| USN-927-7 | Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 24/07/10 |
| USN-927-6 | Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 24/07/10 |
| ZDI-10-137 | Zero Day Initiative Advisory 10-137 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ov.dll module which is loaded by the webappmon.exe CGI program. This DLL defines a function execvp_nc which unsafely concatenates a controllable command string into a statically allocated stack buffer. By supplying overly large values to variables passed through an HTTP request a strcat_new can be made to overflow this buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver. | 22/07/10 |
| ZDI-10-136 | Zero Day Initiative Advisory 10-136 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Teaming. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tomcat server installed by default with Teaming. The server exposes an AJAX request handler which allows a remote user to upload an image via the upload_image_file operation. By crafting a specially formatted filename an attacker can bypass a name-mangling mechanism and traverse outside the intended temporary directory. By uploading a malicious JSP document to the web directory, an attacker can abuse this functionality to execute arbitrary code under the context of the SYSTEM user. | 22/07/10 |
| cisco-sa-20100721-spcdn | Cisco Security Advisory - The Cisco Internet Streamer application, part of the Cisco Content Delivery System, contains a directory traversal vulnerability on its web server component that allows for arbitrary file access. By exploiting this vulnerability, an attacker may be able to read arbitrary files on the device, outside of the web server document directory, by using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information, including the password files and system logs, which could be leveraged to launch subsequent attacks. Cisco has released free software updates that address this vulnerability. | 22/07/10 |
| hpovnnmov-overflow | VUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the ov.dll library when processing certain arguments supplied via CGI executables, which could be exploited by remote unauthenticated attackers to execute arbitrary code. | 22/07/10 |
| hpovnnmnnmrpt-overflow | VUPEN Vulnerability Research Team discovered a critical vulnerability in HP OpenView Network Node Manager (OV NNM). This vulnerability is caused by a buffer overflow error in the nnmrptconfig.exe CGI when processing an overly long parameter value, which could be exploited by remote unauthenticated attackers to execute arbitrary code. | 22/07/10 |
| ESA-2010-011 | RSA(r) Federated Identity Manager may be impacted by potential arbitrary URL redirection vulnerability that may be exploited by malicious people to bypass certain security restrictions. Versions 4.0 and 4.1 are affected. | 22/07/10 |
| USN-940-2 | Ubuntu Security Notice 940-2 - USN-940-1 fixed vulnerabilities in Kerberos. This update provides the corresponding updates for Ubuntu 10.04. Joel Johnson, Brian Almeida, and Shawn Emery discovered that Kerberos did not correctly verify certain packet structures. An unauthenticated remote attacker could send specially crafted traffic to cause the KDC or kadmind services to crash, leading to a denial of service. | 22/07/10 |
| dsa-2074-1 | Debian Linux Security Advisory 2074-1 - Aki Helin discovered an integer underflow in ncompress, the original Lempel-Ziv compress/uncompress programs. This could lead to the execution of arbitrary code when trying to decompress a crafted LZW compressed gzip archive. | 22/07/10 |
| oCERT-2010-002 | Joomla versions 1.5.19 and below suffer from cross site scripting vulnerabilities. | 22/07/10 |
| HPSBMA02558-SSRT010158 | HP Security Bulletin - A potential security vulnerability has been identified with HP OpenView Network Node Manager (OV NNM). The vulnerability could be exploited remotely to execute arbitrary code under the context of the user running the web server. | 22/07/10 |
| HPSBMA02557-SSRT100025 | HP Security Bulletin - A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running on Windows. The vulnerability could be exploited remotely to execute arbitrary code. | 22/07/10 |
| dsa-2073-1 | Debian Linux Security Advisory 2073-1 - Florian Streibelt reported a a directory traversal flaw in the way the Mailing List Managing Made Joyful mailing list manager processed users' requests originating from the administrator web interface without enough input validation. A remote, authenticated attacker could use these flaws to write and / or delete arbitrary files. | 22/07/10 |
| ZDI-10-135 | Zero Day Initiative Advisory 10-135 - This vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Novell Groupwise WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within handling html messages sent to a Novell Groupwise WebAccess user. Messages are improperly sanitized allowing client side script to be supplied to the user's web browser resulting in the user's WebAccess credentials being compromised. | 21/07/10 |
| ZDI-10-134 | Zero Day Initiative Advisory 10-134 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists due to a workaround that was implemented in order to support recursive cloning of attribute nodes. If an event is added to the first attribute node, the application can be made to free the node, and then later access a reference to it. This can lead to code execution under the context of the application. | 21/07/10 |
| ZDI-10-133 | Zero Day Initiative Advisory 10-133 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of references to external font resources. A value is used as a 16 bit integer in an array allocation and later as 32 bit when iterating over and then populating these fields. By creating enough references, a remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. | 21/07/10 |
| ZDI-10-132 | Zero Day Initiative Advisory 10-132 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the browser's method for parsing child elements out of a particular tag. The application will use a 32-bit index to enumerate them, but will store it in a 16-bit signed integer and then use it to allocate space for a cache. When populating the cache a buffer overflow will occur. This can lead to code execution under the context of the application. | 21/07/10 |
| OSA-2010-006 | Onapsis Security Advisory - The SAP J2EE Engine contains a Web Services Navigator interface, which enables the interaction with the deployed Web Services in the server. This interface suffers from a Cross-Site Scripting vulnerability, which may enable malicious parties to perform different kind of attacks over SAP users. | 21/07/10 |
| ZDI-10-131 | Zero Day Initiative Advisory 10-131 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of XUL element's selection attribute. There is an integer overflow when calculating the bounds of a new selection range. When calling adjustSelection on this manged range both ranges are deleted leaving a dangling reference. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. | 21/07/10 |
| ZDI-10-130 | Zero Day Initiative Advisory 10-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the NodeIterator interface for traversal of the Document Object Model. Due to the implementation requiring a javascript callback, an attacker can utilize the callback in order to manipulate the contents of the page. By doing so in an unexpected manner, an attacker can cause the process to corrupt memory. Successful exploitation will lead to code execution under the context of the application. | 21/07/10 |
| ut3steamer-adv | Unreal Tournament III suffers from an uninitialized pointer vulnerability. | 21/07/10 |
| USN-963-1 | Ubuntu Security Notice 963-1 - Robert Swiecki discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could execute arbitrary code with user privileges. | 21/07/10 |
| VMSA-2010-0012 | VMware Security Advisory - The default version of the Jetty Web server in Update Manager is version 6.1.6 for which the following relevant vulnerabilities are reported. A directory traversal vulnerability in Jetty allows for obtaining files from the system where Update Manager is installed by a remote, unauthenticated attacker. The attacker would need to be on the same network as the system where Update Manager is installed. A cross-site scripting vulnerability in Jetty allows for running JavaScript in the browser of the user who clicks a URL containing a malicious request to Update Manager. For an attack to be successful the attacker would need to lure the user into clicking the malicious URL. | 20/07/10 |
| hpqc-xss | HP Quality Center suffers from multiple cross site scripting vulnerabilities. | 20/07/10 |
| MDVSA-2010-137 | Mandriva Linux Security Advisory 2010-137 - Multiple integer underflows/overflows and heap buffer overflows was discovered and fixed. A heap buffer overflow was discovered in the bytecode support. The bytecode support is NOT enabled per default in Mandriva due to previous patent claims, but packages by PLF is affected. The updated packages have been patched to correct these issues. | 20/07/10 |
| dsa-2072-1 | Debian Linux Security Advisory 2072-1 - Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. | 20/07/10 |
| ZDI-10-129 | Zero Day Initiative Advisory 10-129 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Groupwise Internet Agent. Authentication is required to exploit this vulnerability. The flaw exists within the IMAP functionality included with GWIA. When provided with an overly long mailbox name to the CREATE verb, the IMAP server can be forced to overflow a buffer on the stack. Successful exploitation leads to remote code execution under the context of the server. | 17/07/10 |
| ZDI-10-128 | Zero Day Initiative Advisory 10-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within SMTPDLL.dll (called by queuemgr.exe). When handling a message queued for remote delivery user supplied data can be used to specify additional format specifiers to a vsprintf call. This can be accomplished by providing a specially crafted -NOTIFY argument to the SMTP RCPT TO: argument. Additionally, the destination buffer supplied to vsprintf is a local stack buffer and can also be overflowed with a large -NOTIFY argument. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. | 16/07/10 |
| ZDI-10-127 | Zero Day Initiative Advisory 10-127 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication might be required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message subject contains a ?Q? operator the string following that sequence is copied to a local stack buffer. No validation of the data or data length is done. In order to reach this code path a mailing list must be password protected (authentication required) or have previously had a password configured (no authentication required). A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. | 16/07/10 |
| sap-heapcorruption | The SAPGui BI component version 7100.1.400.8 suffers from a heap corruption vulnerability that can result in the execution of arbitrary code. | 16/07/10 |
| ZDI-10-126 | Zero Day Initiative Advisory 10-126 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail List Mailer. Authentication is not required to exploit this vulnerability. The specific flaw exists within imailsrv.exe which is invoked to handle messages sent to the imailsrv. When a message contains multiple Reply-To: headers the imailsrv.exe process concatenates these into a single fixed length buffer on the stack. No validation of the data or data length is done. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user. | 16/07/10 |
| MDVSA-2010-134 | Mandriva Linux Security Advisory 2010-134 - Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver. Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter. As a precaution ghostscriptc has been rebuilt to link against the system libpng library which was fixed with MDVSA-2010:133. | 16/07/10 |
| USN-962-1 | Ubuntu Security Notice 962-1 - Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands with user privileges. | 16/07/10 |
| secunia-gigaarray | Secunia Research has discovered a vulnerability in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by missing input validation of the item argument passed to the SetDLInfo() method and can be exploited via array-indexing errors to corrupt memory. Successful exploitation allows execution of arbitrary code. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected. | 16/07/10 |
| MDVSA-2010-133 | Mandriva Linux Security Advisory 2010-133 - Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | 16/07/10 |
| secunia-gigaunsafe | Secunia Research has discovered some vulnerabilities in GIGABYTE Dldrv2 ActiveX Control, which can be exploited by malicious people to compromise a user's system. The unsafe method dl() allows automatically downloading and executing an arbitrary file. Combined usage of the unsafe methods SetDLInfo() and Bdl() allows automatically downloading an arbitrary file to an arbitrary location on the user's system. GIGABYTE Dldrv2 ActiveX Control version 1.4.206.11 is affected. | 16/07/10 |
| HPSBUX02556-SSRT100014 | HP Security Bulletin - A potential security vulnerability has been identified with HP-UX running rpc.ttdbserver. The vulnerability could be exploited remotely to execute arbitrary code. | 16/07/10 |
| dsa-2071-1 | Debian Linux Security Advisory 2071-1 - Dyon Balding discovered buffer overflows in the MikMod sound library, which could lead to the execution of arbitrary code if a user is tricked into opening malformed Impulse Tracker or Ultratracker sound files. | 15/07/10 |
| dsa-2070-1 | Debian Linux Security Advisory 2070-1 - Robert Swiecki discovered several vulnerabilities in the FreeType font library, which could lead to the execution of arbitrary code if a malformed font file is processed. | 15/07/10 |
| major_rls76 | Conpresso CMS version 4.1.1 suffers from a cross site scripting vulnerability. | 15/07/10 |
| outlook-exec | It has been discovered that certain e-mail messages cause Outlook to create Windows shortcut-like attachments or messages within Outlook. Through specially crafted TNEF streams with certain MAPI attachment properties, it is possible to set a path name to files to be executed. | 15/07/10 |
| MDVSA-2010-132 | Mandriva Linux Security Advisory 2010-132 - Multiple integer overflows in audioop.c in the audioop module in Ptthon allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. The audioop module in Python does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. | 15/07/10 |
| IS-2010-006 | A buffer overflow condition can be triggered on the D-Link DAP-1160 by setting URL filtering for an overly long URL, leading to possible arbitrary code execution or denial of service. Successful authentication is required in order to exploit the vulnerability, but attackers can leverage other vulnerabilities for achieving unauthenticated remote exploitation. | 15/07/10 |
| ZDI-10-125 | Zero Day Initiative Advisory 10-125 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM solidDB. Authentication is not required to exploit this vulnerability. The specific flaw exists within the solid.exe process which listens by default on TCP port 1315. The code responsible for parsing the first handshake packet does not properly validate the length of the username field. By crafting an overly long value in the request an attacker can exploit this to execute arbitrary code under the context of the SYSTEM user. | 14/07/10 |
| ZDI-10-124 | Zero Day Initiative Advisory 10-124 - This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary running on port 443. Due to improper filtering of user data a specially crafted request could lead to arbitrary commands being executed under the credentials of the service. | 14/07/10 |
| HPSBOV02539-SSRT090267 | HP Security Bulletin - A potential security vulnerability has been identified with HP OpenVMS Auditing. The vulnerability could result in a local disclosure of information or elevation of privilege. In addition, a potential vulnerability has been identified with HP OpenVMS on Itanium platforms. This vulnerability could be exploited locally resulting in a Denial of Service (DoS). | 14/07/10 |
| TA10-194B | Technical Cyber Security Alert 2010-194B - A large amount of Oracle products and components are affected by multiple vulnerabilities. The impacts of these vulnerabilities include remote execution of arbitrary code, information disclosure, and denial of service. | 14/07/10 |
| tooltalk-overflow | There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to compromise of the vulnerable system. This vulnerability can be triggered by creating a fake database (.rec file) on the system and calling remote procedure 7 of ToolTalk database server pointing to this database, leading to a heap overflow. | 14/07/10 |
| HPSBMA02555-SSRT100064 | HP Security Bulletin - A potential vulnerability has been identified with HP Client Automation Enterprise Infrastructure (Radia). The default configuration allows remote disclosure of information. | 14/07/10 |
| winampflv-overflow | VUPEN Vulnerability Research Team discovered multiple vulnerabilities in Winamp. These issues are caused by integer and buffer overflow errors within the vp6.w5s component when parsing malformed Flash Video data, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted FLV file. Versions 5.572 and below are affected. | 14/07/10 |
| TPTI-10-04 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Secure Backup. User interaction is not required to exploit this vulnerability. The specific flaw exists in the parsing of commands sent to the obscheduled.exe service listening by default on TCP port 1026, or 1027. Due to a lack of bounds checking on a specific command sequence the program stack can be overwritten with user controlled data. Successful exploitation can lead to remote system compromise under the SYSTEM credentials. | 14/07/10 |
| ZDI-10-123 | Zero Day Initiative Advisory 10-123 - This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Secure Backup. The specific flaw exists within the register globals emulation layer which allows attackers to specify values for arbitrary program variables. When specific parameters are specified via the URI it is possible for an attacker to bypass the authentication mechanism and reach functionality otherwise inaccessible without proper credentials. This can be leveraged by remote attackers to trigger what were post-auth vulnerabilities without valid credentials. | 14/07/10 |
| TA10-194A | Technical Cyber Security Alert 2010-194A - Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Office. | 14/07/10 |
| MDVSA-2010-131 | Mandriva Linux Security Advisory 2010-131 - Multiple format string and buffer overflow vulnerabilities has been found and corrected in iscsitarget. The updated packages have been patched to correct these issues. | 13/07/10 |
| nuralstorm-shellxssdisclose | NuralStorm Webmail version 0.985b suffers from cross site scripting, disclosure and shell upload vulnerabilities. | 13/07/10 |
| malware-orkut.pdf | Brief whitepaper detailing a malware epidemic that has broken out on Orkut. | 13/07/10 |
| dsa-2069-1 | Debian Linux Security Advisory 2069-1 - It was discovered that znc, an IRC bouncer, is vulnerable to denial of service attacks via a NULL pointer dereference when traffic statistics are requested while there is an unauthenticated connection. | 13/07/10 |
| dsa-2068-1 | Debian Linux Security Advisory 2068-1 - Matt Giuca discovered a buffer overflow in python-cjson, a fast JSON encoder/decoder for Python. This allows a remote attacker to cause a denial of service (application crash) through a specially-crafted Python script. | 13/07/10 |
| CVE-2010-2227 | Apache Tomcat suffers from denial of service and information disclosure vulnerabilities. Versions 5.5.0 through 5.5.29, 6.0.0 through 6.0.27 and 7.0.0 are affected. | 10/07/10 |
| USN-960-1 | Ubuntu Security Notice 960-1 - It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. | 09/07/10 |
| grawful-adv | Ghost Recon Advanced Warfighter versions 1 and 2 suffer from integer and array indexing overflows. | 08/07/10 |
| MDVSA-2010-130 | Mandriva Linux Security Advisory 2010-130 - Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct this issue. | 08/07/10 |
| MDVSA-2010-129 | Mandriva Linux Security Advisory 2010-129 - The krshd and v4rcp applications in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion. The ftpd and ksu programs in MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. Certain invalid GSS-API tokens can cause a GSS-API acceptor (server) to crash due to a null pointer dereference in the GSS-API library. The updated packages have been patched to correct these issues. | 08/07/10 |
| modxcmf-xss | MODx CMF versions 1.0.3 and 1.0.4 suffer from a cross site scripting vulnerability. | 08/07/10 |
| cisco-sa-20100707-snmp | Cisco Security Advisory - Cisco Industrial Ethernet 3000 (IE 3000) Series switches running Cisco IOS Software releases 12.2(52)SE or 12.2(52)SE1, contain a vulnerability where well known SNMP community names are hard-coded for both read and write access. The hard-coded community names are public and private. Cisco recommends that all administrators deploy the mitigation measures outlined in the Workarounds section or perform a Cisco IOS Software upgrade. Cisco has released free software updates that address this vulnerability. | 08/07/10 |
| USN-959-1 | Ubuntu Security Notice 959-1 - Denis Excoffier discovered that the PAM MOTD module in Ubuntu did not correctly handle path permissions when creating user file stamps. A local attacker could exploit this to gain root privileges. | 08/07/10 |
| citibank-java | Citibank CitiDirect Online Banking software forces use of a vulnerable version of the Java Runtime Environment. | 08/07/10 |
| MDVSA-2010-128 | Mandriva Linux Security Advisory 2010-128 - The get1 command, as used by lftpget, in LFTP before 4.0.6 does not properly validate a server-provided filename before determining the destination filename of a download, which allows remote servers to create or overwrite arbitrary files via a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory. The updated packages have been patched to correct this issue. | 08/07/10 |
| pamcaptcha-enumerate | PAM CAPTCHA suffers from a user enumeration vulnerability. | 08/07/10 |
| USN-943-1 | Ubuntu Security Notice 943-1 - Martin Barbella discovered an integer overflow in an XSLT node sorting routine. An attacker could exploit this to overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. An integer overflow was discovered in Thunderbird. If a user were tricked into viewing malicious content, an attacker could overflow a buffer and cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. If was discovered that Thunderbird could be made to access freed memory. If a user were tricked into viewing a malicious site, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. | 08/07/10 |
| secunia-joomlalibrary | Secunia Research has discovered a vulnerability in the BookLibrary From Same Author module for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the id parameter to index.php (when option is set to com_booklibrary and task is set to view ) is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Version 1.5 is affected. | 07/07/10 |
| dsa-2059-2 | Debian Linux Security Advisory 2059-2 - It was discovered that PCSCD, a daemon to access smart cards, was vulnerable to a buffer overflow allowing a local attacker to elevate his privileges to root. The update for PCSCD caused a regression with some card readers. This update corrects that regression. | 07/07/10 |
| cfnetworkblackberry-attacks | TEHTRI-Security has released advisories discussing a stack overflow inside the iPhone iOS4 CFNetwork API, a client-side attack for BlackBerry devices, a client-side attack for HTC Windows Mobile cellphones, a client-side attack for the iPad and security issues related to trains. | 04/07/10 |
| iscsitarget-overflow | A stack buffer overflow vulnerability exist in iscsitarget, an open implementation of iSCSI Enterprise Target. The vulnerability is caused by insufficient boundary checking while processing iSNS messages. A remote attacker can leverage this vulnerability to inject and execute arbitrary code on a vulnerable system. | 04/07/10 |
| dsa-2067-1 | Debian Linux Security Advisory 2067-1 - Several vulnerabilities were discovered in mahara, an electronic portfolio, weblog, and resume builder. | 04/07/10 |
| zoph-xss | Zoph versions prior to 0.8.0.3 and 0.8.1.1 suffer from cross site scripting vulnerabilities. | 04/07/10 |
| MDVSA-2010-127 | Mandriva Linux Security Advisory 2010-127 - imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several heap and stack based buffer overflows - partly due to integer overflows. The updated packages have been patched to correct this issue. | 04/07/10 |
| wpuseronline-xssdisclose | WP-UserOnline version 2.62 for WordPress suffers from cross site scripting and path disclosure vulnerabilities. | 04/07/10 |
| dsa-2066-1 | Debian Linux Security Advisory 2066-1 - Several remote vulnerabilities have been discovered in the Wireshark network traffic analyzer. It was discovered that null pointer dereferences, buffer overflows and infinite loops in the SMB, SMB PIPE, ASN1.1 and SigComp dissectors could lead to denial of service or the execution of arbitrary code. | 02/07/10 |
| DDIVRT-2010-29 | ALPHA Ethernet Adapter II Web-Manager version 3.40.2 suffers from an authentication bypass vulnerability. | 02/07/10 |
| Bkis-03-2010 | Flash Slideshow Maker versions prior to 5.00 suffers from a buffer overflow vulnerability. | 02/07/10 |
| USN-956-1 | Ubuntu Security Notice 956-1 - Evan Broder and Anders Kaseorg discovered that sudo did not properly sanitize its environment when configured to use secure_path (the default in Ubuntu). A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program that interpreted the PATH environment variable. | 01/07/10 |
| USN-930-3 | Ubuntu Security Notice 930-3 - USN-930-1 fixed vulnerabilities in Firefox. Due to a software packaging problem, the Firefox 3.6 update could not be installed when the firefox-2 package was also installed. This update fixes the problem and updates apturl for the change. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 01/07/10 |
| adobearpushstring-corrupt | VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a memory corruption error when processing the pushstring (bytecode 0x2C) or debugfile (bytecode 0xF1) operators while parsing Flash content within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious PDF file. | 01/07/10 |
| adobearnewfunction-corrupt | VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a memory corruption error when processing the newfunction operator (bytecode 0x44) while parsing Flash content within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious PDF file. | 01/07/10 |
| adobearnewclass-corrupt | VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. This vulnerability is caused by a memory corruption error when processing the newclass operator (bytecode 0x58) while parsing Flash content within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious PDF file. | 01/07/10 |
| adobear1023-overflow | VUPEN Vulnerability Research Team discovered a critical vulnerability in Adobe Acrobat and Reader. The vulnerability is caused by a buffer overflow error when processing the undocumented #1023 (3FFh) tag while parsing Flash content within a PDF document, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a malicious PDF. | 01/07/10 |
| ZDI-10-116 | Zero Day Initiative Advisory 10-116 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when the application parses a PDF file containing a malformed CLOD Progressive Mesh Continuation Resolution Update. Specific values can cause a memory corruption during floating point operations which can be subsequently leveraged to achieve arbitrary code execution under the privileges of the current user. | 01/07/10 |
| secunia-joomlabl | Secunia Research has discovered multiple vulnerabilities in the BookLibrary component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. BookLibrary version 1.5.3 Basic is affected. | 01/07/10 |
| secunia-argif | Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in AcroForm.api when parsing GIF image data. This can be exploited to bypass a size check to cause a heap-based buffer overflow when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected. | 01/07/10 |
| secunia-arjpeg | Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an uninitialized memory error in AcroForm.api when processing JPEG image data. This can be exploited to dereference out-of-bounds memory when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected. | 01/07/10 |
| USN-930-2 | Ubuntu Security Notice 930-2 - USN-930-1 fixed vulnerabilities in Firefox and Xulrunner. This update provides updated packages for use with Firefox 3.6 and Xulrunner 1.9.2 on Ubuntu 8.04 LTS. If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 01/07/10 |
| USN-930-1 | Ubuntu Security Notice 930-1 - If was discovered that Firefox could be made to access freed memory. A flaw was discovered in the way plugin instances interacted. An integer overflow was discovered in Firefox. Martin Barbella discovered an integer overflow in an XSLT node sorting routine. Michal Zalewski discovered that the focus behavior of Firefox could be subverted. Ilja van Sprundel discovered that the 'Content-Disposition: attachment' HTTP header was ignored when 'Content-Type: multipart' was also present. | 01/07/10 |
| USN-927-5 | Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 01/07/10 |
| USN-927-4 | Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it. | 01/07/10 |
| secuniataskfreak-xss | Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the tznMessage parameter in logout.php is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 0.6.3 is affected. | 01/07/10 |
| secunia-taskfreak | Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the password parameter to login.php (when username is set to a valid user) is not properly sanitized before being used in a SQL query in include/classes/tzn_user.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism, but requires that magic_quotes_gpc is disabled. Version 0.6.3 is affected. | 01/07/10 |
| 06.21.10-1 | iDefense Security Advisory 06.21.10 - Remote exploitation of a stack buffer overflow vulnerability in version 3.9.2 of LibTIFF, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user. This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution. iDefense has confirmed the existence of this vulnerability in version 3.9.2 of libTIFF. Previous versions are not affected. | 01/07/10 |
| dsa-2065-1 | Debian Linux Security Advisory 2065-1 - Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack. | 01/07/10 |
| dsa-2064-1 | Debian Linux Security Advisory 2064-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications. | 01/07/10 |
| nuance-libraries | Omnipage 16 Professional comes with multiple vulnerable libraries. | 01/07/10 |
