exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

Debian Linux Security Advisory 1631-1
Posted Aug 22, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1631-1 - Andreas Solberg discovered that libxml2, the GNOME XML library, could be forced to recursively evaluate entities, until available CPU & memory resources were exhausted.

tags | advisory
systems | linux, debian
advisories | CVE-2008-3281
SHA-256 | 6c9094554c9bda05ea0527025db2031ca7ecdcbbd3fbd883d35e2efbd4657bd8

Related Files

Debian Linux Security Advisory 1897-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1897-1 - Stefan Esser discovered that Horde, a web application framework providing classes for dealing with preferences, compression, browser detection, connection tracking, MIME, and more, is insufficiently validating and escaping user provided input. The Horde_Form_Type_image form element allows to reuse a temporary filename on reuploads which are stored in a hidden HTML field and then trusted without prior validation. An attacker can use this to overwrite arbitrary files on the system or to upload PHP code and thus execute arbitrary code with the rights of the webserver.

tags | advisory, web, arbitrary, php
systems | linux, debian
advisories | CVE-2009-3236
SHA-256 | 74849428a088e248caf5775fc100bbbb2aa65fc2d2b0257a92f72ae1150aacd1
Debian Linux Security Advisory 1896-1
Posted Sep 29, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1896-1 - Several vulnerabilities have been discovered in the opensaml and shibboleth-sp packages, as used by Shibboleth 1.x.

tags | advisory, vulnerability
systems | linux, debian
SHA-256 | aa895d29e6e58c4f1d35c30cda5514401b810940ffab3fcebc057625f9b8d1f6
Debian Linux Security Advisory 1895-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1895-1 - Several vulnerabilities have been discovered in the xmltooling packages, as used by Shibboleth. Chris Ries discovered that decoding a crafted URL leads to a crash (and potentially, arbitrary code execution). Ian Young discovered that embedded NUL characters in certificate names were not correctly handled, exposing configurations using PKIX trust validation to impersonation attacks. Incorrect processing of SAML metadata ignores key usage constraints. This minor issue also needs a correction in the opensaml2 packages, which will be provided in an upcoming stable point release (and, before that, via stable-proposed-updates).

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, debian
SHA-256 | 71456b05f7735fa8e830cae02f6d44efd6a7c08540df6c49cfbc6abb1b9847f7
Debian Linux Security Advisory 1894-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1894-1 - Miroslav Lichvar discovered that newt, a windowing toolkit, is prone to a buffer overflow in the content processing code, which can lead to the execution of arbitrary code.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2905
SHA-256 | 96323d6582be083e70c7ddf004194f5155a8cf56bd6df2b1cad95f09f821ffb1
Debian Linux Security Advisory 1893-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1893-1 - It was discovered that the SIEVE component of cyrus-imapd and kolab-cyrus-imapd, the Cyrus mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system. The update introduced by DSA 1881-1 was incomplete and the issue has been given an additional CVE id due to its complexity.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2632, CVE-2009-3235
SHA-256 | 7cc84f9d81089816b231888b54423e78094c839d60a333567463949319d07201
Debian Linux Security Advisory 1892-1
Posted Sep 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1892-1 - It was discovered that the SIEVE component of dovecot, a mail server that supports mbox and maildir mailboxes, is vulnerable to a buffer overflow when processing SIEVE scripts. This can be used to elevate privileges to the dovecot system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2632, CVE-2009-3235
SHA-256 | 1e397e9152a659f46c090079c2cfa537c94c26a24228f0d5373aa8bb6b50bc9a
Debian Linux Security Advisory 1891-1
Posted Sep 22, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1891-1 - Marek Grzybowski discovered that changetrack, a program to monitor changes to (configuration) files, is prone to shell command injection via metacharacters in filenames. The behaviour of the program has been adjusted to reject all filenames with metacharacters.

tags | advisory, shell
systems | linux, debian
advisories | CVE-2009-3233
SHA-256 | 26d0d2fd254bcd4648530949d77017afd8fb3135561a2783bc07f69c8c25a1f4
Debian Linux Security Advisory 1890-1
Posted Sep 19, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1890-1 - Tielei Wang has discovered an integer overflow in wxWidgets, the wxWidgets Cross-platform C++ GUI toolkit, which allows the execution of arbitrary code via a crafted JPEG file.

tags | advisory, overflow, arbitrary
systems | linux, debian
advisories | CVE-2009-2369
SHA-256 | ed775f49cb58cbce91017bb067a323a636d2226e812c374bf0745a565ce2f3d7
Debian Linux Security Advisory 1889-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1889-1 - It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms.

tags | advisory
systems | linux, debian
advisories | CVE-2009-0153
SHA-256 | 277aed8c3f2483c166a48f232c68ddb6bd9d03ddca2b3593d77879a6ee12254e
Debian Linux Security Advisory 1888-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1888-1 - Certificates with MD2 hash signatures are no longer accepted by OpenSSL, since they're no longer considered cryptographically secure.

tags | advisory
systems | linux, debian
advisories | CVE-2009-2409
SHA-256 | 88d5f8e0192f0be8665ed90a45aa84ccb48c9ed00b752dea60a8068421209f01
Debian Linux Security Advisory 1887-1
Posted Sep 16, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1887-1 - Brian Mastenbrook discovered that rails, the MVC ruby based framework geared for web application development, is prone to cross-site scripting attacks via malformed strings in the form helper.

tags | advisory, web, xss, ruby
systems | linux, debian
advisories | CVE-2009-3009
SHA-256 | e9db881d48510c6e213b5d71a715500f7af077e97ce065212eede46bfda25193
Debian Linux Security Advisory 1886-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1886-1 - Several remote vulnerabilities have been discovered in the Iceweasel web browser, an unbranded version of the Firefox browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-1310, CVE-2009-3079
SHA-256 | 3eaefad0cc0c351f2dbd5cc7dce487b59196ec57f291512162c7b8ce6a016078
Debian Linux Security Advisory 1885-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1885-1 - Several remote vulnerabilities have been discovered in Xulrunner, a runtime environment for XUL applications, such as the Iceweasel web browser.

tags | advisory, remote, web, vulnerability
systems | linux, debian
advisories | CVE-2009-3070, CVE-2009-3071, CVE-2009-3072, CVE-2009-3074, CVE-2009-3075, CVE-2009-3076, CVE-2009-3077, CVE-2009-3078
SHA-256 | 80de2c0b557f6e5717d38ffd78c9467933d23a93d076c485051905d0e4998edf
Debian Linux Security Advisory 1884-1
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1884-1 - Chris Ries discovered that nginx, a high-performance HTTP server, reverse proxy and IMAP/POP3 proxy server, is vulnerable to a buffer underflow when processing certain HTTP requests. An attacker can use this to execute arbitrary code with the rights of the worker process (www-data on Debian) or possibly perform denial of service attacks by repeatedly crashing worker processes via a specially crafted URL in an HTTP request.

tags | advisory, web, denial of service, arbitrary, imap
systems | linux, debian
advisories | CVE-2009-2629
SHA-256 | 1419e6a12847d769f87454f95d9dcca030059bae87b601f27e6e4beb3aa3d9ca
Debian Linux Security Advisory 1883-2
Posted Sep 15, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-2 - The previous nagios2 update introduced a regression, which caused status.cgi to segfault when used directly without specifying the 'host' variable. This update fixes the problem.

tags | advisory, cgi
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
SHA-256 | aea50dbf0f0cc940482bdf833e1a6968c13cf817e8c311dd451e904dd17e6204
Gentoo Linux Security Advisory 200909-12
Posted Sep 15, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200909-12 - Multiple insecure calls to the sscanf() function in HTMLDOC might result in the execution of arbitrary code. ANTHRAX666 reported an insecure call to the sscanf() function in the set_page_size() function in htmldoc/util.cxx. Nico Golde of the Debian Security Team found two more insecure calls in the write_type1() function in htmldoc/ps-pdf.cxx and the htmlLoadFontWidths() function in htmldoc/htmllib.cxx. Versions less than 1.8.27-r1 are affected.

tags | advisory, arbitrary
systems | linux, debian, gentoo
advisories | CVE-2009-3050
SHA-256 | 880ab8ed72c53b68d1cb6961bd59140a3c52d0b87c9ae0304b7b6397ae2f4721
Debian Linux Security Advisory 1878-2
Posted Sep 11, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1878-2 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update corrects regressions introduced by the devscripts security update, DSA-1878-1.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2009-2946
SHA-256 | 3b1b40fb5fbd7b62d4ca8cadc1b1d71d6cbbcffcc47448316d4bc800398bd578
Debian Linux Security Advisory 1883-1
Posted Sep 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1883-1 - Several vulnerabilities have been found in nagios2, ahost/service/network monitoring and management system.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-5624, CVE-2007-5803, CVE-2008-1360
SHA-256 | 6e440b48d4c410923ccd6b7ef36e82228cf34cf35e1d2b938e5ae5944fed419e
Debian Linux Security Advisory 1882-1
Posted Sep 10, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1882-1 - It was discovered that xapian-omega, a CGI interface for searching xapian databases, is not properly escaping user supplied input when printing exceptions. An attacker can use this to conduct cross-site scripting attacks via crafted search queries resulting in an exception and steal potentially sensitive data from web applications running on the same domain or embedding the search engine into a website.

tags | advisory, web, cgi, xss
systems | linux, debian
advisories | CVE-2009-2947
SHA-256 | 22225bc789297b6ae05b63cb9307569e0036a8f82d2fad3417050d3a1278810d
Debian Linux Security Advisory 1881-1
Posted Sep 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1881-1 - It was discovered that the SIEVE component of cyrus-imapd, a highly scalable enterprise mail system, is vulnerable to a buffer overflow when processing SIEVE scripts. Due to incorrect use of the sizeof() operator an attacker is able to pass a negative length to snprintf() calls resulting in large positive values due to integer conversion. This causes a buffer overflow which can be used to elevate privileges to the cyrus system user. An attacker who is able to install SIEVE scripts executed by the server is therefore able to read and modify arbitrary email messages on the system.

tags | advisory, overflow, arbitrary
systems | linux, debian
SHA-256 | 4dbb891cf168c0f7a2bc7cccc3d456dab123abd15c3057dad702ee6c76058555
Debian Linux Security Advisory 1880-1
Posted Sep 7, 2009
Authored by Debian | Site debian.org

Debian Security Advisory DSA 1880-1 - Several vulnerabilities have been discovered in the OpenOffice.org office suite.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2009-0200, CVE-2009-0201, CVE-2009-2139
SHA-256 | 29d09b914cb9584b866faa18a74e4edaa0df13b895e27f21ce6be1454b4c8f67
Debian Linux Security Advisory 1879-1
Posted Sep 4, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1879-1 - Several vulnerabilities have been discovered in the software suite for the SILC protocol, a network protocol designed to provide end-to-end security for conferencing services.

tags | advisory, vulnerability, protocol
systems | linux, debian
advisories | CVE-2008-7159, CVE-2008-7160, CVE-2009-3051
SHA-256 | a579706ca3462dbced3ea936bf4e6108a3458c47e92f30831ef87990788d6e50
Debian Linux Security Advisory 1878-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1878-1 - Raphael Geissert discovered that uscan, a program to check for availability of new source code versions which is part of the devscripts package, runs Perl code downloaded from potentially untrusted sources to implement its URL and version mangling functionality. This update addresses this issue by reimplementing the relevant Perl operators without relying on the Perl interpreter, trying to preserve backwards compatibility as much as possible.

tags | advisory, perl
systems | linux, debian
advisories | CVE-2009-2946
SHA-256 | 0e5b49376f380b031a0382734cc1ecfa180e9025483df749a9270e25194e7209
Debian Linux Security Advisory 1877-1
Posted Sep 3, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1877-1 - In MySQL 4.0.0 through 5.0.83, multiple format string vulnerabilities in the dispatch_command() function in libmysqld/sql_parse.cc in mysqld allow remote authenticated users to cause a denial of service (daemon crash) and potentially the execution of arbitrary code via format string specifiers in a database name in a COM_CREATE_DB or COM_DROP_DB request.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2009-2446
SHA-256 | c6595e9f744ae0389206fcafbac3f076fad7a798140df27ea637268e1d32af18
Debian Linux Security Advisory 1876-1
Posted Sep 2, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1876-1 - Several remote vulnerabilities have been discovered in the TFTP component of dnsmasq.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-2957, CVE-2009-2958
SHA-256 | 36010b3ebf6aaa4e8d14eb64498f1cbf648f2ece54116457175bf93b46dcf33c
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close