[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6585 Download | Alert*

It was discovered that the ocsinventory-agent which is part of the ocsinventory suite, a hardware and software configuration indexing service, is prone to an insecure perl module search path. As the agent is started via cron and the current directory is included in the default perl module path the agent scans every directory on the system for its perl modules. This enables an attacker to execute ...

It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images.

Due to the fact that advi, an active DVI previewer and presenter, statically links against camlimages it was neccessary to rebuilt it in order to incorporate the latest security fixes for camlimages, which could lead to integer overflows via specially crafted TIFF files or GIFF and JPEG images . For the stable distribution , these problems have been fixed in version 1.6.0-13+lenny2. Due to a bug ...

Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images. For the oldstable distribution , this problem has been f ...

It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images. For the o ...

It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.

Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. Tomas Hoger discovered that it is possible to cause a denial of service via invalid DNS head ...

Two denial of service vulnerabilities have been discovered in squid and squid3, a web proxy. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2855 Bastian Blank discovered that it is possible to cause a denial of service via a crafted auth header with certain comma delimiters. CVE-2010-0308 Tomas Hoger discovered that it is possible to cause a denial of ...

David Kierznowski discovered that libcurl, a multi-protocol file transfer library, when configured to follow URL redirects automatically, does not question the new target location. As libcurl also supports file:// and scp:// URLs - depending on the setup - an untrusted server could use that to expose local files, overwrite local files or even execute arbitrary code via a malicious URL redirect. Th ...

James Ralston discovered that the sasl_encode64() function of cyrus-sasl2, a free library implementing the Simple Authentication and Security Layer, suffers from a missing null termination in certain situations. This causes several buffer overflows in situations where cyrus-sasl2 itself requires the string to be null terminated which can lead to denial of service or arbitrary code execution. Impor ...


Pages:      Start    374    375    376    377    378    379    380    381    382    383    384    385    386    387    ..   658

© SecPod Technologies