Mandriva Linux Security Advisory 2015-150 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications performing LZO decompression on a compressed payload from the attacker.
7786a6d242b8ae14eeda3858a16f35b3268a4339417b51473b5e0f9fbc15c281
Mandriva Linux Security Advisory 2015-146 - An integer overflow in liblzo before 2.07 allows attackers to cause a denial of service or possibly code execution in applications using performing LZO decompression on a compressed payload from the attacker. The libvncserver library is built with a bundled copy of minilzo, which is a part of liblzo containing the vulnerable code. A malicious VNC server can trigger incorrect memory management handling by advertising a large screen size parameter to the VNC client. This would result in multiple memory corruptions and could allow remote code execution on the VNC client. A malicious VNC client can trigger multiple DoS conditions on the VNC server by advertising a large screen size, ClientCutText message length and/or a zero scaling factor parameter. A malicious VNC client can trigger multiple stack-based buffer overflows by passing a long file and directory names and/or attributes when using the file transfer message feature.
64a585715b6153f060300bd58af5f5fe21c455247b7446666263b01087c63c74
Mandriva Linux Security Advisory 2015-145 - Ilja van Sprundel discovered that libXfont incorrectly handled font metadata file parsing. A local attacker could use this issue to cause libXfont to crash, or possibly execute arbitrary code in order to gain privileges. Ilja van Sprundel discovered that libXfont incorrectly handled X Font Server replies. A malicious font server could return specially-crafted data that could cause libXfont to crash, or possibly execute arbitrary code. The bdf parser reads a count for the number of properties defined in a font from the font file, and allocates arrays with entries for each property based on that count. It never checked to see if that count was negative, or large enough to overflow when multiplied by the size of the structures being allocated, and could thus allocate the wrong buffer size, leading to out of bounds writes. If the bdf parser failed to parse the data for the bitmap for any character, it would proceed with an invalid pointer to the bitmap data and later crash when trying to read the bitmap from that pointer. The bdf parser read metrics values as 32-bit integers, but stored them into 16-bit integers. Overflows could occur in various operations leading to out-of-bounds memory access.
c03383e7af1d9662fd0fef548bfcc86b6af1db11d7f433937eb5eaede861ebc3
Joomla Gallery WD component suffers from a remote SQL injection vulnerability.
b474d36529f730c41b9a954fc193ce5a1b3d73db25832f3ec198d4787eed5909
Joomla Contact Form Maker component version 1.0.1 suffers from a remote SQL injection vulnerability.
c72c33feb4b25c9235eb9d9cbf2368498704c1d5d0f542f88ca3d988ddf92a7c
WebDepo CMS suffers from a remote SQL injection vulnerability.
f56f63f5febb8cdd466c97568d2d801a1f2724b2c57e61fbaf91feeeb476dc43
ProjectPier version 0.8.8 SP2 suffers from a cross site scripting vulnerability.
8405f0debc4bd59bdf121d4d4769a460a5529cb51ef81d22175d4907a68b8d03
HTTrack Website Copier version 3.48-21 suffers from a dll hijacking vulnerability.
5b24d7f3119441e77c5e3e6a20e6015752be4c78cb1e43d2901fe525ffef2574
WordPress Aspose Importer and Exporter plugin version 1.0 suffers from an arbitrary file download vulnerability.
8be70304bc73a2fce09d3c01c02b74c8a0d4d802ca303d85456977cb45bd45c8
BZR Player version 1.03 suffers from a dll hijacking vulnerability.
0fbb6fd6fe0814d46a51fcecaf7188da9a584d6adcd094845e90931c419be24a
UltraISO version 9.6.2.3059 suffers from a dll hijacking vulnerability.
76c71a688dbad49346ec895688927f92c9f86a3655403d3252cbd68166306a0c
WordPress Aspose PDF Exporter plugin suffers from an arbitrary file download vulnerability.
1ffd4f7657e572760a2a7a2208b972d910c2e268df6c4f7fc9817750e8daf078
WordPress Aspose Doc Exporter plugin suffers from an arbitrary file download vulnerability.
84dfbe2929095980e143d513dd3bd79f51a639dcb3c65727c539b46a251b7be7
ZIP Password Recovery Professional version 7.1 suffers from a dll hijacking vulnerability.
4aab9cb58a11f4c6355cf00d3b1ed0d38077aa67527637ae66e038677d2c47c9
GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities.
6fb18dfd80ce463f675f713e9ebec9b8c5a991abc545cf1b1fbf82cc2f64697b
Appweb Web Server suffers from a denial of service vulnerability.
e59a4ebe08e7c3f7777a2c603a71d5db8d059f0c0ece77091aadd4aa5da52401
WordPress AB Google Map Travel (AB-MAP) plugin version 4.0 suffers from cross site request forgery and cross site scripting vulnerabilities.
dbd0939d53280d5f0c1443437fc3c64a3c5ad487379041dd2756ab5536b86ce4
MIMEDefang is a flexible MIME email scanner designed to protect Windows clients from viruses. Includes the ability to do many other kinds of mail processing, such as replacing parts of messages with URLs. It can alter or delete various parts of a MIME message according to a very flexible configuration file. It can also bounce messages with unacceptable attachments. MIMEDefang works with the Sendmail 8.11 and newer "Milter" API, which makes it more flexible and efficient than procmail-based approaches.
70d9c94ca2a62bcec53fa7a24c97e062048e24114aec3cc77bc65fbf40d8bf51
A remote unauthenticated user can change the password of any Manage Engine Desktop Central user with the Administrator role (DCAdmin).
4e564bd659684313462675a23bdcdb7cff6e5368a61d78b38a3ee71428ffb7f0
Mandriva Linux Security Advisory 2015-077 - f2py insecurely used a temporary file. A local attacker could use this flaw to perform a symbolic link attack to modify an arbitrary file accessible to the user running f2py.
f89f9be46e1441e3c3fc1a20beb2088a43bce60f5652ef7fd4db5c6aa2daa9ff
Mandriva Linux Security Advisory 2015-076 - Updated python3 packages fix security vulnerabilities. ZipExtFile.read goes into 100% CPU infinite loop on maliciously binary edited zips. A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. It was reported that a patch added to Python 3.2 caused a race condition where a file created could be created with world read/write permissions instead of the permissions dictated by the original umask of the process. This could allow a local attacker that could win the race to view and edit files created by a program using this call. Note that prior versions of Python, including 2.x, do not include the vulnerable _get_masked_mode() function that is used by os.makedirs() when exist_ok is set to True. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root.
ab76b20f26c250158d7fa23532b4b88bd262202a2dbe4ad2a031d1e8a96c39eb
Mandriva Linux Security Advisory 2015-075 - A vulnerability was reported in Python's socket module, due to a boundary error within the sock_recvfrom_into() function, which could be exploited to cause a buffer overflow. This could be used to crash a Python application that uses the socket.recvfrom_info() function or, possibly, execute arbitrary code with the permissions of the user running vulnerable Python code. This updates the python package to version 2.7.6, which fixes several other bugs, including denial of service flaws due to unbound readline() calls in the ftplib and nntplib modules. Denial of service flaws due to unbound readline() calls in the imaplib, poplib, and smtplib modules. A gzip bomb and unbound read denial of service flaw in python XMLRPC library. Python are susceptible to arbitrary process memory reading by a user or adversary due to a bug in the _json module caused by insufficient bounds checking. The bug is caused by allowing the user to supply a negative value that is used an an array index, causing the scanstring function to access process memory outside of the string it is intended to access. The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary scripts in the server's document root. Python before 2.7.8 is vulnerable to an integer overflow in the buffer type. When Python's standard library HTTP clients (httplib, urllib, urllib2, xmlrpclib) are used to access resources with HTTPS, by default the certificate is not checked against any trust store, nor is the hostname in the certificate checked against the requested host. It was possible to configure a trust root to be checked against, however there were no faculties for hostname checking. The python-pip and tix packages was added due to missing build dependencies.
3b0a1e39fae22b4d6476806ca1197785de85b0ad0d0836ae88ff10eef9f34bcf
Mandriva Linux Security Advisory 2015-074 - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service via an empty attribute list in a deref control in a search request. The updated packages provides a solution for these security issues.
b6b5087086a07ac0d1a6266398a8c4da950c64a0a6f16e0d111c0852f5dbde52
Mandriva Linux Security Advisory 2015-073 - The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service via an empty attribute list in a deref control in a search request. Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service via a crafted search query with a matched values control. The updated packages provides a solution for these security issues.
9994917c7655dd037858b35273207005fbbb62aef30bf1f07e8f084ef7d08641
Mandriva Linux Security Advisory 2015-072 - Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 3.1.x and gnutls 3.2.x. A version 1 intermediate certificate will be considered as a CA certificate by default. It was discovered that GnuTLS did not correctly handle certain errors that could occur during the verification of an X.509 certificate, causing it to incorrectly report a successful verification. An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker. A NULL pointer dereference flaw was discovered in GnuTLS's gnutls_x509_dn_oid_name(). The function, when called with the GNUTLS_X509_DN_OID_RETURN_OID flag, should not return NULL to its caller. However, it could previously return NULL when parsed X.509 certificates included specific OIDs. A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake. A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code. An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC certificates or certificate signing requests. A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
d54e07c39568448fc8ce57614a5d9fa432224b556e5e7e077010ba9803d59272