Next Page >>
large number
following problems:
CVE-2008-0983
lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
properly calculate the size of a file descriptor array, which allows
remote attackers to cause a denial of service (crash) via a large number
of connections, which triggers an out-of-bounds access.
CVE-2007-3948
connections.c in lighttpd before 1.4.16 might accept more connections
than the configured maximum, which allows remote attackers to cause a
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
No CVE id yet
Bogdan Calin discovered that a remote attacker could cause a denial
of service by uploading a large number of files in using multipart/
form-data requests, causing the creation of a large number of
temporary files.
To address this issue, the max_file_uploads option introduced in PHP
5.3.1 has been backported. This option limits the maximum number of
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers
to cause a denial of service (daemon crash or hang) via a client
disconnection during listing of a large number of print jobs, related
to improperly maintaining a reference count. NOTE: some of these
details are obtained from third party information (CVE-2009-3553).
Use-after-free vulnerability in the abstract file-descriptor handling
interface in the cupsdDoSelect function in scheduler/select.c in the
B.11.31 (64-bit) / Apache-CVE-2011-3192-Fix-IA-PA-64.depot
For customers not wanting to install this preliminary patch, we recommend that three work arounds be considered from the Apache Software Foundation.
1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request.
2) Limit the size of the request field to a few hundred bytes.
3) Use mod_headers to completely disallow the use of Range headers.
websecurity lists is below.
SUMMARY
Critical vulnerabilities exist in a large number of widely used web
authoring tools that automatically generate Shockwave Flash (SWF)
files, such as Adobe (r) Dreamweaver (r), Adobe Acrobat (r) Connect
(tm) (formerly Macromedia Breeze), InfoSoft FusionCharts, and
Techsmith Camtasia. The flaws render websites that host these
generated SWF files vulnerable to Cross-Site Scripting (XSS).
system hosting the database server. This is a critical vulnerability
since it does not require authentication and its exploitation may go
undetected.
Netvolution [1] is a commercial content management system by
ATCOM S.A. [2] with a large number of installations, most of them
belonging to Greek companies and organizations.
It appears that the Netvolution platform has both ASP and PHP
implementations. This advisory concerns a bug found in the ASP
implementation (version 2.5.8). We were unable to verify with the
Problem Description:
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float
data type.
This update corrects the problem.
_______________________________________________________________________
Taking in account that in plugin WordPress Database Backup there is no
protection against CSRF, then with help of this CSRF vulnerability it's
possible to attack admin. It can be done for forcing of backup, in order to
get the backup of site's DB via earlier mentioned Information Leakage
vulnerability, or for the purpose of creating of large number of backup
files, to occupy free space at the server. Or in order to receive backup on
email. These CSRF-attacks are possible if plugin WP-DB-Backup is activated.
With help of CSRF-attack it's possible to make backup of any tables, as all,
as selectively (e.g. table with users wp_users). In this exploit the backup
Hash: SHA1
Summary
=======
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers three security issues that have recently been
fixed in the Bugzilla code:
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* When a user creates a new account, Bugzilla doesn't correctly
reject email addresses containing non-ASCII characters, which
could be used to impersonate another user account.
prone to an error when optimizing character classes containing a
singleton UTF-8 sequence which might lead to a heap-based buffer
overflow (CVE-2007-4768).
Chris Evans also reported multiple integer overflow vulnerabilities in
PCRE when processing a large number of named subpatterns ("name_count")
or long subpattern names ("max_name_size") (CVE-2006-7227), and via
large "min", "max", or "duplength" values (CVE-2006-7228) both possibly
leading to buffer overflows. Another vulnerability was reported when
compiling patterns where the "-x" or "-i" UTF-8 options change within
the pattern, which might lead to improper memory calculations
Problem Description:
The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before
p173 allows context-dependent attackers to cause a denial of service
(application crash) via a string argument that represents a large
number, as demonstrated by an attempted conversion to the Float
data type.
This update corrects the problem.
_______________________________________________________________________
Problem Description:
The daemon in acpid before 1.0.10 allows remote attackers to cause a
denial of service (CPU consumption and connectivity loss) by opening
a large number of UNIX sockets without closing them, which triggers
an infinite loop (CVE-2009-0798).
The updated packages have been patched to prevent this.
_______________________________________________________________________
¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Wikipedia quote: "Apple Inc. (NASDAQ: AAPL) is an American multinational corporation which designs and manufactures consumer electronics and software products. The company's best-known hardware products include "
II. Description
¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨¨
Calling the CSS attr() attribute with a large number leads to memory corruption, heap spraying allows execution of code.
III. Impact
¨¨¨¨¨¨¨¨¨¨¨
Arbitrary remote code execution can be achieved by creating a special website and entice
the victim into visiting that site.
Multiple vulnerabilities has been found and corrected in libneon0.27:
neon before 0.28.6, when expat is used, does not properly detect
recursion during entity expansion, which allows context-dependent
attackers to cause a denial of service (memory and CPU consumption)
via a crafted XML document containing a large number of nested entity
references, a similar issue to CVE-2003-1564 (CVE-2009-2473).
neon before 0.28.6, when OpenSSL is used, does not properly handle a
'\0' (NUL) character in a domain name in the subject's Common Name
(CN) field of an X.509 certificate, which allows man-in-the-middle
Description:
A use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG
could allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code by tricking a user into importing a
certificate with a large number of Subject Alternate Names. This
has been fixed.
http://wiki.rpath.com/Advisories:rPSA-2010-0076
Copyright 2010 rPath, Inc.
Hash: SHA1
Summary
=======
Bugzilla is a Web-based bug-tracking system, used by a large number of
software projects.
This advisory covers a critical security issue that has recently been
fixed in the Bugzilla code:
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).
This update provides a solution to this vulnerability.
Update:
/out.php?title=-99%27 UNION SELECT 1 FROM pligg_users WHERE user_id=1 AND
MID(user_pass,1,1)=concat(char(97))/*
The above url will allow an attacker to enumerate database data as
discussed earlier, and eventually gain admin credentials. Due to the large
number of SQL Injection issues in Pligg I will identify the remaining
issues with some simple examples of exploitation.
---[ login.php ]------------------------------------------------
/* Post Request */
processlogin=3&username=-99' UNION SELECT
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot
1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,
allow context-dependent attackers to cause a denial of service
(crash) and possibly execute arbitrary code via a crafted SIEVE
script, as demonstrated by forwarding an e-mail message to a large
number of recipients, a different vulnerability than CVE-2009-2632
(CVE-2009-3235).
This update provides a solution to this vulnerability.
_______________________________________________________________________
Summary
=======
Bugzilla is a Web-based bug-tracking system used by a large number of
software projects. The following security issues have been discovered
in Bugzilla:
* When viewing tabular or graphical reports as well as new charts,
an XSS vulnerability is possible in debug mode.
May 14, 2009
I. BACKGROUND
Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below.
Stack-based buffer overflow in the push_subg function in parser.y
(lib/graph/parser.c) in Graphviz 2.20.2, and possibly earlier versions,
allows user-assisted remote attackers to cause a denial of service
(memory corruption) or execute arbitrary code via a DOT file with a
large number of Agraph_t elements (CVE-2008-4555).
This update provides a fix for this vulnerability.
_______________________________________________________________________
References:
function, as demonstrated by a crash of the Apache HTTP Server
(CVE-2012-0788). Note: this was fixed with php-5.3.10
The php_register_variable_ex function in php_variables.c in PHP
5.3.9 allows remote attackers to execute arbitrary code via a request
containing a large number of variables, related to improper handling
of array variables. NOTE: this vulnerability exists because of an
incorrect fix for CVE-2011-4885 (CVE-2012-0830). Note: this was fixed
with php-5.3.10
PHP before 5.3.10 does not properly perform a temporary change
http://projects.cerias.purdue.edu/stc2009/
Built on the continuous success of ACM STC'06, STC'07 and STC'08, this
workshop focuses on fundamental technologies of trusted computing (in
a broad sense, with or without TPMs) and its applications in
large-scale systems -- those involving large number of users and
parties with varying degrees of trust. The workshop is intended to
serve as a forum for researchers as well as practitioners to
disseminate and discuss recent advances and emerging issues.
=
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Description
CERT-FI published an advisory with a large number of samples of crafted
archives.
The file with the md5sum b6046d890e6bd304e3756c88b989559a (named
b6046d890e6bd304e3756c88b989559a.arj) hangs clamav with high load.
If you're running clamav on a mailserver, an attacker can DoS your Server
May 14, 2009
I. BACKGROUND
Oracle Corp.'s Outside In Technology is a document conversion engine
supporting a large number of binary file formats. Prior to Oracle's
acquisition, the software was maintained by Stellent Inc. The software
appears to have originated from "QuickView" for Windows 98, but later
spun off. It is used by various software packages, one of which is
Motorola Inc.'s Good Mobile Messaging Server. For more information,
visit the vendors' sites at the URLs provided below.
When kept up-to-date with the latest virus-definition (DAT) files,
LinuxShield is an important part of your network security. We recommend
that you set up an anti-virus security policy for your network,
incorporating as many protective measures as possible.
LinuxShield uses a web-browser interface, and a large number of
LinuxShield installations can be centrally controlled by ePolicy
Orchestrator.
(Product description from LinuxShield Product Guide)
Alternatives to Installing the Preliminary Patch
The Apache Software Foundation has documented work arounds. For customers not wanting to install the preliminary patch, the following are recommended.
Note: that no patch is available for Apache 2.0.64.01.
1) Use SetEnvIf or mod_rewrite to detect a large number of ranges and then either ignore the Range: header or reject the request.
2) Limit the size of the request field to a few hundred bytes.
3) Use mod_headers to completely disallow the use of Range headers.
Next Page>>
|
