Hardened PHP Project Security Advisory - Dotdeb PHP versions below 5.2.0 revision 3 suffer from an email header injection vulnerability.
7aba22abbcde28fff1cae212fbfcccf3a83a9218f5ce24a5357f7b683d45e2bdDuring the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the file upload code, that allows overwriting the GLOBALS array when register_globals is turned on. Overwriting this array can lead to unexpected security holes in code assumed secure. This vulnerability can allow for remote PHP code execution. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
f8dc972de9ab9723e24e079bb1aa1db52acccf6b34d75a662360600fa9ba97a0During the development of the Hardening-Patch which adds security hardening features to the PHP codebase, several vulnerabilities within PHP were discovered. This advisory describes one of these flaws concerning a weakness in the implementation of the parse_str() function. Under certain conditions triggering the memory_limit request shutdown during a parse_str() call will result in the core of PHP believing that the register_globals directive is turned on (for the rest of the lifetime of the involved webserver process). This may allow an attacker to exploit security flaws in PHP applications that exist due to uninitialized global variables. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
10f101097fd39138422e2a7874bdb94d072b4fbdce038e8405003d6abe5001f5A weakness in PHP's phpinfo() function allows for cross site scripting attacks. Affected versions are PHP4 versions 4.4.0 and below and PHP5 versions 5.0.5 and below.
36fa6835dbeb10584c5e0f7fa40b5dfc12ef31a054c790a4bd79c93d91e4cddbphpBB versions 2.0.17 and below are susceptible to multiple cross site scripting and SQL injection flaws.
b87a7fdac987ea5f043c9ea4c2452f356b8ee2127f77b05d8e0b347a4f218b3eVarious Techno Dreams scripts are susceptible to sql injection flaws. Proof of concept examples provided.
366fb83d32315f71627422a527b6480b8afc654f0ebe44f9173576308a730e15KDE Security Advisory: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. Opening specially crafted RTF files in KWord can cause execution of arbitrary code. Affected are all KOffice releases starting from KOffice 1.2.0 up to and including KOffice 1.4.1.
d4ff9986f62282d33972361b743f867876d6b8bc485e2d9d18a63c4368ccba80KDE Security Advisory: Ilja van Sprundel from suresec.org notified the KDE security team about a serious lock file handling error in kcheckpass that can, in some configurations, be used to gain root access. In order for an exploit to succeed, the directory /var/lock has to be writeable for a user that is allowed to invoke kcheckpass. Affected are all KDE releases starting from KDE 3.2.0 up to including KDE 3.4.2.
e4126780e1718411fc8d987b510d320c1017a094f233983191e32430a74092d1A vulnerability in the PHP XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.1.1 and below are affected.
19d40733455dcea434023fe40242a8416ebdce81f0b0db82c65eaaf8dc985605A vulnerability in the PEAR XML-RPC libraries allows injection of arbitrary PHP code into eval() statements. Versions 1.3.3 and below are affected.
69e67d5d0d2809ee1dd8aab9cb442c8038040d14db81b9435a92088852571ec9KDE Security Advisory: kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains a vulnerability that causes it to write a file in $TMPDIR with almost infinite size, which can severly impact system performance. Systems affected are KDE 3.3.1 up to and including KDE 3.4.1.
2be88a931bccf813356cdff44b2770b38780fa147899f88ce3aa27638c7b3866UseBB versions 0.5.1 and below suffer from multiple SQL injection and cross site scripting vulnerabilities.
4d2114be500f23ebf091fb17d172b512c79677234c01f8a698f2554cef0dfe06Hardened-PHP Project Security Advisory - Cross site scripting, password hash disclosure, SQL injection, and information disclosure vulnerabilities exist in Contrexx versions below 1.0.5.
985524575ae9eb12bcd0909c15c66b452b539eef3a58d55153bc284f126f0949KDE Security Advisory: Kopete contains a copy of libgadu that is used if no compatible version is installed in the system. Several input validation errors have been reported in libgadu that can lead to integer overflows and remote DoS or arbitrary code execution. All versions of Kopete as included in KDE 3.3.x up to including 3.4.1 are affected. KDE 3.2.x and older are not affected.
027346c8598e574fe798a52a6591511bfa26e78e5c41c50df090371a163a0bdeKDE Security Advisory: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. All maintained versions of Kate and Kwrite as shipped with KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and KDE 3.4.1 and newer are not affected.
4d95c4fecfc491d82b51de3f8a19f89ae29adc0d27944b76e89e62661e35a65dSerendipity version 0.8.2 and below suffer from a remote command execution flaw.
2a4ee8e7ada42a56b8aed38fe317912c764aad12ca30260dd372fba5c27cd442A programming error exists in the function that parses commands in the Asterisk 1.0.7 system. This is used by the manager interface if the user is allowed to submit CLI commands. The coding error can result in the overflow of one of the parameters of the calling function.
1a50a0056a74c27fb6eb2b5b5d0116c261912d86824d5d8e0a21b4a8acf36b39During an evaluation of Trac, an input validation vulnerability was discovered which can lead to arbitrary uploading and downloading of files with the permission of the web server.
f3d29acb6264e7e52acb1152dda2f9156a367be10f0e8013ba0df3ffb4203fd1KDE Security Advisory: kimgio contains a PCX image file format reader that does not properly perform input validation. A source code audit performed by the KDE security team discovered several vulnerabilities in the PCX and other image file format readers, some of them exploitable to execute arbitrary code.
541b770d166d535ed31873d7fc040185169e96ce83b2851ceec63ccf5120c5feKDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code.
15c0b15e1f97fffefbb19b6f2354efaea247f2f23d0219684a0be903991619c5KDE Security Advisory: Sebastian Krahmer of the SUSE LINUX Security Team reported a local denial of service vulnerability in KDE's Desktop Communication Protocol (DCOP) daemon better known as dcopserver. Systems affected: All KDE version prior to KDE 3.4 on systems where multiple users have access.
4f12cb84df4ea525e8d75fed62c1760952046451f23e18cde30ede4ba590c810phpBB version 2.0.12 is susceptible a full path disclosure flaw.
4cec51e22df5d35b92aa11d5337c12048ed95450acaa2abeb85efe9d401bed9bImproper handling of several arguments in the moderate.php code in punbb version 1.2.1 allows a malicious moderator to inject arbitrary SQL statements.
6bdc9357ff20bb7f7303ff83fef6913311150b993239cb8d7c76abff375397bdDue to a flaw in punbb version 1.2.1, a remote attacker without an account can set the password of any user on the system to NULL, effectively shutting them out of the system.
3034c8b9bfd452eee66b4d3131399bf4eb4662a52606ffdf7b798f4fc2a8493fA remote attacker can cause register.php punbb version 1.2.1 to execute arbitrary SQL statements by supplying malicious values to the language or email parameters.
50193fa1b4c0adde13ec79fb65995c4f0740db19db311771e4c52fb259438b50KDE Security Advisory: The fliccd binary, when installed suid root, is susceptible to various stack overflows that allow for privilege escalation.
53f9d6c926d6c422e9bb5f1534c99d3014efb5c7eeb48ef4e09227b1bc874c15
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed