what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Debian Linux Security Advisory 1080-1
Posted May 29, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1080-1: A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users.

tags | advisory, imap, info disclosure
systems | linux, debian
MD5 | 0c032fc7bbb81b62a3da0d4bab948b1a

Related Files

Debian Linux Security Advisory 1897-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2009-3236
MD5 | 1cc29d8e7c72d67ccea9c6e02738dee6
Debian Linux Security Advisory 1896-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1896-1 - Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x.

tags | advisory, vulnerability
systems | linux, debian
MD5 | 3014d69530bd3bfd933fffd576302ad7
Debian Linux Security Advisory 1895-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1895-1 - Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth. Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release (and, before that, via stable-proposed-updates).

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, debian
MD5 | dba30c5387674fa70ae8cc5ee9ec9f79
Debian Linux Security Advisory 1894-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1894-1 - Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2905
MD5 | 44dd3c474a31a7fd75b512d93fb3c351
Debian Linux Security Advisory 1893-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1893-1 - It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2632, CVE-2009-3235
MD5 | acd9c5064b255ba1f6b94c87c501315f
Debian Linux Security Advisory 1892-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2632, CVE-2009-3235
MD5 | 24fcc494e560c14ce2103f8b7b68cf7b
Debian Linux Security Advisory 1891-1
Posted Sep 22, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1891-1 - Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2009-3233
MD5 | 9f6a7d9c793b58cb8ad87d00192ab75a
Debian Linux Security Advisory 1890-1
Posted Sep 19, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1890-1 - Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2369
MD5 | 5745c08939e7a4f5ab6578d97fada668
Debian Linux Security Advisory 1889-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1889-1 - It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0153
MD5 | ad728d70d34a95e3489e91c38dd2a34f
Debian Linux Security Advisory 1888-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1888-1 - Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2409
MD5 | 2064131fec58e5ed45bdc20da5c2b1ec
Debian Linux Security Advisory 1887-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1887-1 - Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.

tags | advisory, web, xss, ruby
systems | linux, debian
advisories | CVE-2009-3009
MD5 | d2dbf14152b60394d3766025b69f52e2
Debian Linux Security Advisory 1886-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1886-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-1310, CVE-2009-3079
MD5 | 57fc82a450ea38c45cd1148d06f6dec6
Debian Linux Security Advisory 1885-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1885-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078
MD5 | 99e045412ddb46df82f414930cac1429
Debian Linux Security Advisory 1884-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1884-1 - Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.

tags | advisory, web, denial of service, arbitrary, imap
systems | linux, debian
advisories | CVE-2009-2629
MD5 | 023c0084cc696f8b16033d81b5f8eaf0
Debian Linux Security Advisory 1883-2
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.

tags | advisory, cgi
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
MD5 | 53d166fa5a305cc2caea3ee34165ca11
Gentoo Linux Security Advisory 200909-12
Posted Sep 15, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-12 - Multiple insecure calls to the sscanf() function in HTMLDOC might result in the execution of arbitrary code. ANTHRAX666 reported an insecure call to the sscanf() function in the set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the write_type1() function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in htmldoc/htmllib.cxx. Versions less than 1.8.27-r1 are affected.

tags | advisory, arbitrary
systems | linux, debian, gentoo
advisories | CVE-2009-3050
MD5 | 23e39b43f27ab5646201de66a42782d8
Debian Linux Security Advisory 1878-2
Posted Sep 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1878-2 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update corrects regressions introduced by the devscripts security update, DSA-1878-1.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2009-2946
MD5 | 5ec96b664432122f4fff644b954ff3de
Debian Linux Security Advisory 1883-1
Posted Sep 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-1 - Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
MD5 | 7f9687ac8229d6dd967de049ca4a28f4
Debian Linux Security Advisory 1882-1
Posted Sep 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1882-1 - It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.

tags | advisory, web, cgi, xss
systems | linux, debian
advisories | CVE-2009-2947
MD5 | f8006609d4a9f9ab0613b06ad97879df
Debian Linux Security Advisory 1881-1
Posted Sep 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1881-1 - It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.

tags | advisory, overflow, arbitrary
systems | linux, debian
MD5 | 7d12070049cdacd89ac6cff57694ffd4
Debian Linux Security Advisory 1880-1
Posted Sep 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory DSA 1880-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139
MD5 | 7135f915168762d85f9c485d7ca01bd6
Debian Linux Security Advisory 1879-1
Posted Sep 4, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1879-1 - Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-7159, CVE-2008-7160, CVE-2009-3051
MD5 | c3cd55a231279ef355dab6a2c67c556a
Debian Linux Security Advisory 1878-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1878-1 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2009-2946
MD5 | 1b27c41bc3131b0a7fdce32ed5dd7d45
Debian Linux Security Advisory 1877-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1877-1 - In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2009-2446
MD5 | 873a47b09680e2a19114208c1aabc81d
Debian Linux Security Advisory 1876-1
Posted Sep 2, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1876-1 - Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-2957, CVE-2009-2958
MD5 | 2b6cdd9904d4ffdbdce2ce0e40ce13e1
Page 1 of 4
Back1234Next

File Archive:

March 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    2 Files
  • 2
    Mar 2nd
    18 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    12 Files
  • 5
    Mar 5th
    19 Files
  • 6
    Mar 6th
    8 Files
  • 7
    Mar 7th
    1 Files
  • 8
    Mar 8th
    1 Files
  • 9
    Mar 9th
    11 Files
  • 10
    Mar 10th
    15 Files
  • 11
    Mar 11th
    9 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    13 Files
  • 14
    Mar 14th
    10 Files
  • 15
    Mar 15th
    13 Files
  • 16
    Mar 16th
    27 Files
  • 17
    Mar 17th
    15 Files
  • 18
    Mar 18th
    23 Files
  • 19
    Mar 19th
    25 Files
  • 20
    Mar 20th
    10 Files
  • 21
    Mar 21st
    6 Files
  • 22
    Mar 22nd
    1 Files
  • 23
    Mar 23rd
    22 Files
  • 24
    Mar 24th
    15 Files
  • 25
    Mar 25th
    23 Files
  • 26
    Mar 26th
    20 Files
  • 27
    Mar 27th
    15 Files
  • 28
    Mar 28th
    10 Files
  • 29
    Mar 29th
    1 Files
  • 30
    Mar 30th
    18 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close