Mandriva Linux Security Advisory 2015-150 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.
7786a6d242b8ae14eeda3858a16f35b3268a4339417b51473b5e0f9fbc15c281Mandriva Linux Security Advisory 2015-146 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature.
64a585715b6153f060300bd58af5f5fe21c455247b7446666263b01087c63c74Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.
c03383e7af1d9662fd0fef548bfcc86b6af1db11d7f433937eb5eaede861ebc3Joomla Gallery WD component suffers from a remote SQL injection vulnerability.
b474d36529f730c41b9a954fc193ce5a1b3d73db25832f3ec198d4787eed5909Joomla Contact Form Maker component version 1.0.1 suffers from a remote SQL injection vulnerability.
c72c33feb4b25c9235eb9d9cbf2368498704c1d5d0f542f88ca3d988ddf92a7cWebDepo CMS suffers from a remote SQL injection vulnerability.
f56f63f5febb8cdd466c97568d2d801a1f2724b2c57e61fbaf91feeeb476dc43ProjectPier version 0.8.8 SP2 suffers from a cross site scripting vulnerability.
8405f0debc4bd59bdf121d4d4769a460a5529cb51ef81d22175d4907a68b8d03HTTrack Website Copier version 3.48-21 suffers from a dll hijacking vulnerability.
5b24d7f3119441e77c5e3e6a20e6015752be4c78cb1e43d2901fe525ffef2574WordPress Aspose Importer and Exporter plugin version 1.0 suffers from an arbitrary file download vulnerability.
8be70304bc73a2fce09d3c01c02b74c8a0d4d802ca303d85456977cb45bd45c8BZR Player version 1.03 suffers from a dll hijacking vulnerability.
0fbb6fd6fe0814d46a51fcecaf7188da9a584d6adcd094845e90931c419be24aUltraISO version 9.6.2.3059 suffers from a dll hijacking vulnerability.
76c71a688dbad49346ec895688927f92c9f86a3655403d3252cbd68166306a0cWordPress Aspose PDF Exporter plugin suffers from an arbitrary file download vulnerability.
1ffd4f7657e572760a2a7a2208b972d910c2e268df6c4f7fc9817750e8daf078WordPress Aspose Doc Exporter plugin suffers from an arbitrary file download vulnerability.
84dfbe2929095980e143d513dd3bd79f51a639dcb3c65727c539b46a251b7be7ZIP Password Recovery Professional version 7.1 suffers from a dll hijacking vulnerability.
4aab9cb58a11f4c6355cf00d3b1ed0d38077aa67527637ae66e038677d2c47c9GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities.
6fb18dfd80ce463f675f713e9ebec9b8c5a991abc545cf1b1fbf82cc2f64697bAppweb Web Server suffers from a denial of service vulnerability.
e59a4ebe08e7c3f7777a2c603a71d5db8d059f0c0ece77091aadd4aa5da52401WordPress AB Google Map Travel (AB-MAP) plugin version 4.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
dbd0939d53280d5f0c1443437fc3c64a3c5ad487379041dd2756ab5536b86ce4MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
70d9c94ca2a62bcec53fa7a24c97e062048e24114aec3cc77bc65fbf40d8bf51A remote unauthenticated user can change the password of any Manage Engine Desktop Central user with the Administrator role (DCAdmin).
4e564bd659684313462675a23bdcdb7cff6e5368a61d78b38a3ee71428ffb7f0Mandriva Linux Security Advisory 2015-077 - f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py.
f89f9be46e1441e3c3fc1a20beb2088a43bce60f5652ef7fd4db5c6aa2daa9ffMandriva Linux Security Advisory 2015-076 - Updated python3 packages fix security vulnerabilities. ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips. A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root.
ab76b20f26c250158d7fa23532b4b88bd262202a2dbe4ad2a031d1e8a96c39ebMandriva Linux Security Advisory 2015-075 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules. Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules. A gzip bomb and unbound read denial of service flaw in python XMLRPC library. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type. When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking. The python-pip and tix packages was added due to missing build dependencies.
3b0a1e39fae22b4d6476806ca1197785de85b0ad0d0836ae88ff10eef9f34bcfMandriva Linux Security Advisory 2015-074 - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service via an empty attribute list in a deref control in a search request. The updated packages provides a solution for these security issues.
b6b5087086a07ac0d1a6266398a8c4da950c64a0a6f16e0d111c0852f5dbde52Mandriva Linux Security Advisory 2015-073 - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service via an empty attribute list in a deref control in a search request. Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service via a crafted search query with a matched values control. The updated packages provides a solution for these security issues.
9994917c7655dd037858b35273207005fbbb62aef30bf1f07e8f084ef7d08641Mandriva Linux Security Advisory 2015-072 - Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
d54e07c39568448fc8ce57614a5d9fa432224b556e5e7e077010ba9803d59272
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed