exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 50 of 54 RSS Feed

Files from Open Source CERT

Email addressincidents at ocert.org
First Active2008-04-14
Last Active2016-05-30
Open Source CERT Security Advisory 2010.4
Posted Sep 29, 2010
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

The libavcodec library, an open source video encoding/decoding library part of the FFmpeg project, suffers from an arbitrary offset dereference vulnerability. The vulnerability affects the flic file format parser, insufficient restrictions on a writable buffer can be exploited to execute arbitrary code via the heap memory. A specific flic file can be crafted to trigger the vulnerability. Versions 0.6 and below are affected.

tags | advisory, arbitrary
advisories | CVE-2010-3429
SHA-256 | 91eb4e7bc98d45207f87d7999b2a67a127df42b8c0587aab9c0f0d5d54643137
Open Source CERT Security Advisory 2010.3
Posted Sep 18, 2010
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Free Simple CMS versions 1.0 and below suffer from a remote file inclusion vulnerability.

tags | advisory, remote, file inclusion
SHA-256 | 1f0bab6915c38374d04f3409e9cca75897c9d33487ecd6ea9df084d256e824ca
Open Source CERT Security Advisory 2010.2
Posted Jul 21, 2010
Authored by Open Source CERT | Site ocert.org

Joomla versions 1.5.19 and below suffer from cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
SHA-256 | 3b4fb9c3327b271275a41e8fc47c6c2e117dced54ae4efa6839e9540481a5804
Open Source CERT Security Advisory 2010.1
Posted May 19, 2010
Authored by Open Source CERT | Site ocert.org

lftp versions 4.0.5 and below, wget versions 1.12 and below and libwww-perl versions 5.034 and below all suffer from an unexpected download filename vulnerability.

tags | advisory, perl
SHA-256 | 5ed219b8e2a3ab25f425c235293340dcdc12aaef2f6702a1579c6025a9c9b1f7
Open Source CERT Security Advisory 2009.19
Posted Dec 17, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Ganeti versions greater than and equal to 1.2.9, 2.0.5, and 2.1.0-rc2 suffer from an arbitrary code execution vulnerability.

tags | advisory, arbitrary, code execution
advisories | CVE-2009-4261
SHA-256 | 38ad9fb8176a29c49ef7d6bc05a8b7d39a8a5f0fd8c68eab4b4ac8fe36fc89c9
Open Source CERT Security Advisory 2009.17
Posted Dec 1, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

PHP versions prior to 5.3.1 suffer from from several bugs that may pose a security risk. Issues such as buffer overflows, arbitrary memory reads, and more have been addressed.

tags | advisory, overflow, arbitrary, php
SHA-256 | c307d37e34d7297809aa54256b01c4c1dc7a04599f485122ab50a3cb3b7c3401
Open Source CERT Security Advisory 2009.15
Posted Oct 28, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

KDE suffers from multiple insufficient validation vulnerabilities that can result in the execution of active content. Versions below 4.3.2 are affected.

tags | advisory, vulnerability
SHA-256 | ecdec1474c60e06f8d03ae23981515ca996b2e57443237988e158fc66e77b190
Open Source CERT Security Advisory 2009.16
Posted Oct 23, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Both the Poppler and Xpdf projects are vulnerable to an integer overflow during heap memory allocation when processing a PDF file. In general, this results in unexpected process termination. If an application using this code is multi-threaded (or uses a crash signal handler), it may be possible to execute arbitrary code. Poppler versions below 0.12.1 are affected. Xpdf versions below 3.02p14 are affected.

tags | advisory, overflow, arbitrary
advisories | CVE-2009-3608
SHA-256 | aafbc29fb69700ddfede45739b89f53ecdd9feddad2b8b638abff600d022e08b
Open Source CERT Security Advisory 2009.14
Posted Oct 5, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

All Android 1.5 RBxx versions suffer from two denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
advisories | CVE-2009-2999
SHA-256 | c995af456c843424b240f60482ba90ae28845ebea4d06ffb4d5017efb6ce1227
Open Source CERT Security Advisory 2009.13
Posted Sep 10, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

yTNEF, an open source filter program that decodes Transport Neutral Encapsulation Format (TNEF) e-mail attachments, and the Evolution TNEF attachment decoder plugin suffer from directory traversal and buffer overflow vulnerabilities.

tags | advisory, overflow, vulnerability
SHA-256 | 80741074c87446822e602dc6983c0d6583846d23887b4bd2bf282906fe5d80a3
Open Source CERT Security Advisory 2009.11
Posted Jul 17, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Android, an open source mobile phone platform, improperly checks permissions when applications access the camera and audio resources. All 1.5 GRBxx versions are affected.

tags | advisory
advisories | CVE-2009-2348
SHA-256 | 4b7c6f448acecc2ccbd344ea7c61afdac0b498f3432e5044a92d1cb41fd80890
Open Source CERT Security Advisory 2009.10
Posted Jul 14, 2009
Authored by Chris Evans, Damien Miller, Open Source CERT

The mimeTeX and mathTeX CGIs suffer from several buffer overflows as well as command injection which result in remote code execution. Unfortunately mimeTeX and mathTex are provided without version numbers by the maintainer, who releases version-less zip archives. It is therefore impossible to provide affected version numbers.

tags | advisory, remote, overflow, cgi, code execution
advisories | CVE-2009-1382, CVE-2009-1383
SHA-256 | 0181f431cd410e4c33142e0c3e7cd11c54e2c56b58df8719276e741e9c0c3aed
Open Source CERT Security Advisory 2009.12
Posted Jul 13, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

The libtiff image library tools suffer from integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The libtiff package ships a library, for reading and writing TIFF, as well as a small collection of tools for manipulating TIFF images. The cvt_whole_image function used in the tiff2rgba tool and the tiffcvt function used in the rgb2ycbcr tool do not properly validate the width and height of the image. Specific TIFF images with large width and height can be crafted to trigger the vulnerability.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2009-2347
SHA-256 | 9e9c7deaec9dd58d4d77399f154f17a206dba8d37ca5edc54e61b7f12217a6ad
Open Source CERT Security Advisory 2009.8
Posted Jul 6, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. Versions 2.1 and below are affected.

tags | advisory, web, overflow, arbitrary, code execution
advisories | CVE-2009-2294
SHA-256 | 0a9bd01bbd35cd229feb029c2a84091f982b71b8dbf99cb85b892b57eae472c1
Open Source CERT Security Advisory 2009.7
Posted Jul 6, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

FCKeditor, a web based open source HTML text editor, suffers from a remote file upload vulnerability. The input of several connector modules is not properly verified before being used, this leads to exposure of the contents of arbitrary directories on the server filesystem and allows file uploading to arbitrary locations. The affected code is remotely exposed before authentication. An attacker can exploit this vulnerability to install remote shells on the victim server among other things, it should be noted that this vulnerability is being actively exploited in the wild. Versions 2.6.4 and below are affected.

tags | advisory, remote, web, arbitrary, shell, file upload
advisories | CVE-2009-2265
SHA-256 | e8fb00e2c1d4004e9c9d5b6c8091560a3a8bc7b786b95c5a80061e93d79b8354
Open Source CERT Security Advisory 2009.9
Posted Jul 2, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2009-2295
SHA-256 | 6bce357007801b08db39f99787240e44b3e48ab2eb8fd2ac497872dcab4f8b7e
Open Source CERT Security Advisory 2009.6
Posted May 25, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier (uid) permission. Android versions greater and equal to 1.5 CRB17 and less than or equal to 1.5 CRB42 are affected.

tags | advisory
advisories | CVE-2009-1754
SHA-256 | 4529118996146152d1d83f69c6d70389ced40256af266233bb1f2cd14f0ae955
Open Source CERT Security Advisory 2009.4
Posted May 11, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

AjaxTerm suffers from a session id collision vulnerability. Versions 0.10 and below are affected.

tags | advisory
SHA-256 | a26a4d03be722182ca819bc2bda3f25b415f54ecefc7b262acaebd030d3024e0
Open Source CERT Security Advisory 2009.1
Posted May 8, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Pango suffers from an integer overflow during heap allocation size calculations.

tags | advisory, overflow
advisories | CVE-2009-1194
SHA-256 | 25824ba2d7dd0a37d1a590740cc4a39088732380d9d9c415e4dc4d4617ab7682
Open Source CERT Security Advisory 2009.3
Posted Mar 24, 2009
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

LittleCMS, an open source color management engine, suffers from several integer errors, resulting in stack based buffer overflows and various heap errors as well as dangerous memory leaks. Decoding a specially crafted image file will result in unexpected process termination, Denial Of Service conditions or arbitrary code execution due to stack overflow. Versions 1.17 and below are affected.

tags | advisory, denial of service, overflow, arbitrary, code execution, memory leak
advisories | CVE-2009-0723, CVE-2009-0581, CVE-2009-0733
SHA-256 | 5d153924342e064a181f332c2fe5c861183cf0ba99258a99b23ce5e1958ba492
Open Source CERT Security Advisory 2008.15
Posted Mar 12, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predate glib are vulnerable due to the commonality of this flawed code.

tags | advisory, arbitrary, vulnerability, code execution
advisories | CVE-2008-4316, CVE-2009-0585, CVE-2009-0586, CVE-2009-0587
SHA-256 | 53bba693225b9b5a30ee3d26bab42447350b5931b378ef7725720712448ef169
Open Source CERT Security Advisory 2009.2
Posted Feb 9, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

The OpenCORE multimedia decoding subsystem suffers from an insufficient bounds checking vulnerability during MP3 decoding. Versions 2.0 and below are affected.

tags | advisory
advisories | CVE-2009-0475
SHA-256 | b7188685b4ebf996c46ba261e28de1087393ed44b83cbc02bbce72508eb66d36
Open Source CERT Security Advisory 2008.16
Posted Jan 7, 2009
Authored by Will Drewry, Open Source CERT | Site ocert.org

Several functions inside the OpenSSL library incorrectly check the result after calling the EVP_VerifyFinal function. This bug allows a malformed signature to be treated as a good signature rather than as an error. This issue affects the signature checks on DSA and ECDSA keys used with SSL/TLS. The flaw may be exploited by a malicious server or a man-in-the-middle attack that presents a malformed SSL/TLS signature from a certificate chain to a vulnerable client, bypassing validation.

tags | advisory
advisories | CVE-2008-5077, CVE-2008-0021, CVE-2008-0025
SHA-256 | f5724c1eba1778218b03f1b5af75356b08e95a08bbe2b92274df7f31dea9d59a
Open Source CERT Security Advisory 2008.13
Posted Sep 29, 2008
Authored by Andrea Barisani, Open Source CERT | Site ocert.org

The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video file can be crafted in order to make the stream_read function reading or writing arbitrary amounts of memory. Versions 1.0 RC2 and below are affected.

tags | advisory, overflow, arbitrary, code execution
advisories | CVE-2008-3827
SHA-256 | f47bbc552774c9b5545581209953d5f8219b79416c8f70eb63e89a8fd31e6423
Open Source CERT Security Advisory 2008.12
Posted Sep 11, 2008
Authored by Will Drewry, Open Source CERT | Site ocert.org

Two cross-site scripting (XSS) vulnerabilities were reported in Horde Framework. The first of which is that the Horde framework fails to properly sanitize the filename of MIME attachments on received emails. The second vulnerability has a wider impact. Horde relies on code similar to Popoon's externalinput.php to filter out potential XSS attacks on user-supplied input. This filter, and the original, fail to fully sanitize user data.

tags | advisory, php, vulnerability, xss
advisories | CVE-2008-3823, CVE-2008-3824
SHA-256 | acda1d56ba4b8127f008b4511f6c73504b17ce52451cced4c4ab5e70aa2f8410
Page 2 of 3
Back123Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close