diff options
Diffstat (limited to 'security/vuxml/vuln/2009.xml')
| -rw-r--r-- | security/vuxml/vuln/2009.xml | 6912 |
1 files changed, 6912 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2009.xml b/security/vuxml/vuln/2009.xml new file mode 100644 index 000000000000..4ed63453900d --- /dev/null +++ b/security/vuxml/vuln/2009.xml @@ -0,0 +1,6912 @@ + <vuln vid="751823d4-f189-11de-9344-00248c9b4be7"> + <topic>drupal -- multiple cross-site scripting</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.21</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Team reports:</p> + <blockquote cite="http://drupal.org/node/661586"> + <p>The Contact module does not correctly handle certain user input + when displaying category information. Users privileged to create + contact categories can insert arbitrary HTML and script code into the + contact module administration page. Such a cross-site scripting attack + may lead to the malicious user gaining administrative access.</p> + <p>The Menu module does not correctly handle certain user input when + displaying the menu administration overview. Users privileged to + create new menus can insert arbitrary HTML and script code into the + menu module administration page. Such a cross-site scripting attack + may lead to the malicious user gaining administrative access.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4370</cvename> + <url>http://drupal.org/node/661586</url> + </references> + <dates> + <discovery>2009-12-16</discovery> + <entry>2009-12-25</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="4d6076fe-ee7a-11de-9cd0-001a926c7637"> + <topic>fuser -- missing user's privileges check</topic> + <affects> + <package> + <name>fuser</name> + <range><lt>1142334561_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Denis Barov reports:</p> + <blockquote> + <p>sysutils/fuser allows user to send any signal to any process when + installed with suid bit.</p> + </blockquote> + </body> + </description> + <references> + <freebsdpr>ports/141852</freebsdpr> + </references> + <dates> + <discovery>2009-09-15</discovery> + <entry>2009-12-21</entry> + </dates> + </vuln> + + <vuln vid="4465c897-ee5c-11de-b6ef-00215c6a37bb"> + <topic>monkey -- improper input validation vulnerability</topic> + <affects> + <package> + <name>monkey</name> + <range><lt>0.9.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Census Labs reports:</p> + <blockquote cite="http://census-labs.com/news/2009/12/14/monkey-httpd/"> + <p>We have discovered a remotely exploitable + "improper input validation" vulnerability in the Monkey + web server that allows an attacker to perform denial of + service attacks by repeatedly crashing worker threads + that process HTTP requests.</p> + </blockquote> + </body> + </description> + <references> + <url>http://census-labs.com/news/2009/12/14/monkey-httpd/</url> + <url>http://groups.google.com/group/monkeyd/browse_thread/thread/055b4e9b83973861/</url> + </references> + <dates> + <discovery>2009-12-14</discovery> + <entry>2009-12-21</entry> + </dates> + </vuln> + + <vuln vid="39a25a63-eb5c-11de-b650-00215c6a37bb"> + <topic>php -- multiple vulnerabilities</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.2.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PHP developers reports:</p> + <blockquote cite="http://www.php.net/releases/5_2_12.php"> + <p>This release focuses on improving the stability of the + PHP 5.2.x branch with over 60 bug fixes, some of which + are security related. All users of PHP 5.2 are encouraged + to upgrade to this release.</p> + <p>Security Enhancements and Fixes in PHP 5.2.12:</p> + <ul> + <li>Fixed a safe_mode bypass in tempnam() identified by + Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)</li> + <li>Fixed a open_basedir bypass in posix_mkfifo() + identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)</li> + <li>Added "max_file_uploads" INI directive, which can + be set to limit the number of file uploads per-request + to 20 by default, to prevent possible DOS via temporary + file exhaustion, identified by Bogdan Calin. + (CVE-2009-4017, Ilia)</li> + <li>Added protection for $_SESSION from interrupt + corruption and improved "session.save_path" check, + identified by Stefan Esser. (CVE-2009-4143, Stas)</li> + <li>Fixed bug #49785 (insufficient input string + validation of htmlspecialchars()). (CVE-2009-4142, + Moriyoshi, hello at iwamot dot com)</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3557</cvename> + <cvename>CVE-2009-3558</cvename> + <cvename>CVE-2009-4017</cvename> + <cvename>CVE-2009-4142</cvename> + <cvename>CVE-2009-4143</cvename> + <url>http://www.php.net/releases/5_2_12.php</url> + </references> + <dates> + <discovery>2009-12-17</discovery> + <entry>2009-12-17</entry> + </dates> + </vuln> + + <vuln vid="e7bc5600-eaa0-11de-bd9c-00215c6a37bb"> + <topic>postgresql -- multiple vulnerabilities</topic> + <affects> + <package> + <name>postgresql-client</name> + <name>postgresql-server</name> + <range><ge>7.4</ge><lt>7.4.27</lt></range> + <range><ge>8.0</ge><lt>8.0.23</lt></range> + <range><ge>8.1</ge><lt>8.1.19</lt></range> + <range><ge>8.2</ge><lt>8.2.15</lt></range> + <range><ge>8.3</ge><lt>8.3.9</lt></range> + <range><ge>8.4</ge><lt>8.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>PostgreSQL project reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4034"> + <p>PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, + 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, + and 8.4.x before 8.4.2 does not properly handle a '\0' character + in a domain name in the subject's Common Name (CN) field of an + X.509 certificate, which (1) allows man-in-the-middle attackers + to spoof arbitrary SSL-based PostgreSQL servers via a crafted + server certificate issued by a legitimate Certification Authority, + and (2) allows remote attackers to bypass intended client-hostname + restrictions via a crafted client certificate issued by a legitimate + Certification Authority, a related issue to CVE-2009-2408.</p> + </blockquote> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4136"> + <p>PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, + 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, + and 8.4.x before 8.4.2 does not properly manage session-local + state during execution of an index function by a database + superuser, which allows remote authenticated users to gain + privileges via a table with crafted index functions, as + demonstrated by functions that modify (1) search_path or + (2) a prepared statement, a related issue to CVE-2007-6600 + and CVE-2009-3230.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4034</cvename> + <cvename>CVE-2009-4136</cvename> + </references> + <dates> + <discovery>2009-11-20</discovery> + <entry>2009-12-17</entry> + </dates> + </vuln> + + <vuln vid="5486669e-ea9f-11de-bd9c-00215c6a37bb"> + <topic>tptest -- pwd Remote Stack Buffer Overflow</topic> + <affects> + <package> + <name>tptest</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33785"> + <p>TPTEST is prone to a remote stack-based buffer-overflow + vulnerability. An attacker can exploit this issue to + execute arbitrary code within the context of the affected + application. Failed exploit attempts will result in a + denial-of-service condition.</p> + </blockquote> + </body> + </description> + <references> + <bid>33785</bid> + </references> + <dates> + <discovery>2009-02-16</discovery> + <entry>2009-12-17</entry> + </dates> + </vuln> + + <vuln vid="01c57d20-ea26-11de-bd39-00248c9b4be7"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>3.5.*,1</gt><lt>3.5.6,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.16,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>3.0.16,1</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.0.1</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><ge>3.0</ge><lt>3.0.1</lt></range> + </package> + + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>MFSA 2009-71 GeckoActiveXObject exception messages can be used to + enumerate installed COM objects</p> + <p>MFSA 2009-70 Privilege escalation via chrome window.opener</p> + <p>MFSA 2009-69 Location bar spoofing vulnerabilities</p> + <p>MFSA 2009-68 NTLM reflection vulnerability</p> + <p>MFSA 2009-67 Integer overflow, crash in libtheora video + library</p> + <p>MFSA 2009-66 Memory safety fixes in liboggplay media library</p> + <p>MFSA 2009-65 Crashes with evidence of memory corruption (rv:1.9.1.6/ + 1.9.0.16)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3388</cvename> + <cvename>CVE-2009-3389</cvename> + <cvename>CVE-2009-3979</cvename> + <cvename>CVE-2009-3980</cvename> + <cvename>CVE-2009-3981</cvename> + <cvename>CVE-2009-3982</cvename> + <cvename>CVE-2009-3983</cvename> + <cvename>CVE-2009-3984</cvename> + <cvename>CVE-2009-3985</cvename> + <cvename>CVE-2009-3986</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-71.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-70.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-69.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-68.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-67.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-66.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-65.html</url> + </references> + <dates> + <discovery>2009-12-16</discovery> + <entry>2009-12-16</entry> + <modified>2010-01-21</modified> + </dates> + </vuln> + + <vuln vid="1b3f854b-e4bd-11de-b276-000d8787e1be"> + <topic>freeradius -- remote packet of death vulnerability</topic> + <affects> + <package> + <name>freeradius</name> + <range><lt>1.1.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>freeRADIUS Vulnerability Notifications reports:</p> + <blockquote cite="http://freeradius.org/security.html"> + <p>2009.09.09 v1.1.7 - Anyone who can send packets to + the server can crash it by sending a Tunnel-Password + attribute in an Access-Request packet. This + vulnerability is not otherwise exploitable. We have + released 1.1.8 to correct this vulnerability.</p> + <p>This issue is similar to the previous Tunnel-Password + issue noted below. The vulnerable versions are 1.1.3 + through 1.1.7. Version 2.x is not affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3111</cvename> + <url>http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3111</url> + <url>http://freeradius.org/security.html</url> + <url>http://www.milw0rm.com/exploits/9642</url> + </references> + <dates> + <discovery>2009-09-09</discovery> + <entry>2009-12-14</entry> + <modified>2009-12-14</modified> + </dates> + </vuln> + + <vuln vid="bec38383-e6cb-11de-bdd4-000c2930e89b"> + <topic>pligg -- Cross-Site Scripting and Cross-Site Request Forgery</topic> + <affects> + <package> + <name>pligg</name> + <range><lt>1.0.3b</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37349"> + <p>Russ McRee has discovered some vulnerabilities in Pligg, which can + be exploited by malicious people to conduct cross-site scripting and + request forgery attacks.</p> + <p>Input passed via the "Referer" HTTP header to various scripts (e.g. + admin/admin_config.php, admin/admin_modules.php, delete.php, editlink.php, + submit.php, submit_groups.php, user_add_remove_links.php, and + user_settings.php) is not properly sanitised before being returned to + the user. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected site.</p> + <p>The application allows users to perform certain actions via HTTP + requests without performing any validity checks to verify the requests. + This can be exploited to e.g. create an arbitrary user with administrative + privileges if a logged-in administrative user visits a malicious web + site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4786</cvename> + <cvename>CVE-2009-4787</cvename> + <cvename>CVE-2009-4788</cvename> + <url>http://secunia.com/advisories/37349/</url> + <url>http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/</url> + </references> + <dates> + <discovery>2009-12-02</discovery> + <entry>2009-12-12</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="fcbf56dd-e667-11de-920a-00248c9b4be7"> + <topic>piwik -- php code execution</topic> + <affects> + <package> + <name>piwik</name> + <range><lt>0.5.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37649"> + <p>Stefan Esser has reported a vulnerability in Piwik, which can be + exploited by malicious people to compromise a vulnerable system.</p> + <p>The vulnerability is caused due to the core/Cookie.php script using + "unserialize()" with user controlled input. This can be exploited to + e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" + methods of a serialized object passed via an HTTP cookie.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4137</cvename> + <url>http://secunia.com/advisories/37649/</url> + <url>http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html</url> + <url>http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/</url> + </references> + <dates> + <discovery>2009-12-10</discovery> + <entry>2009-12-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="30211c45-e52a-11de-b5cd-00e0815b8da8"> + <topic>dovecot -- Insecure directory permissions</topic> + <affects> + <package> + <name>dovecot</name> + <range><ge>1.2.*</ge><lt>1.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dovecot author reports:</p> + <blockquote cite="http://www.dovecot.org/list/dovecot-news/2009-November/000143.html"> + <p>Dovecot v1.2.x had been creating base_dir (and its parents if + necessary) with 0777 permissions. The base_dir's permissions get + changed to 0755 automatically at startup, but you may need to + chmod the parent directories manually.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3897</cvename> + <bid>37084</bid> + <url>http://secunia.com/advisories/37443</url> + </references> + <dates> + <discovery>2009-11-20</discovery> + <entry>2009-12-10</entry> + </dates> + </vuln> + + <vuln vid="3c1a672e-e508-11de-9f4a-001b2134ef46"> + <topic>linux-flashplugin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>linux-flashplugin</name> + <range><lt>9.0r260</lt></range> + </package> + <package> + <name>linux-f8-flashplugin</name> + <name>linux-f10-flashplugin</name> + <range><lt>10.0r42</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Adobe Product Security Incident Response Team reports:</p> + <blockquote cite="http://www.adobe.com/support/security/bulletins/apsb09-19.html"> + <p>Critical vulnerabilities have been identified in Adobe + Flash Player version 10.0.32.18 and earlier. These + vulnerabilities could cause the application to crash and + could potentially allow an attacker to take control of the + affected system.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3794</cvename> + <cvename>CVE-2009-3796</cvename> + <cvename>CVE-2009-3797</cvename> + <cvename>CVE-2009-3798</cvename> + <cvename>CVE-2009-3799</cvename> + <cvename>CVE-2009-3800</cvename> + <cvename>CVE-2009-3951</cvename> + <url>http://www.zerodayinitiative.com/advisories/ZDI-09-092/</url> + <url>http://www.zerodayinitiative.com/advisories/ZDI-09-093/</url> + <url>http://www.adobe.com/support/security/bulletins/apsb09-19.html</url> + </references> + <dates> + <discovery>2009-07-14</discovery> + <entry>2009-12-09</entry> + </dates> + </vuln> + + <vuln vid="eab8c3bd-e50c-11de-9cd0-001a926c7637"> + <topic>ruby -- heap overflow vulnerability</topic> + <affects> + <package> + <name>ruby</name> + <range><ge>1.9.1,1</ge><lt>1.9.1.376,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The official ruby site reports:</p> + <blockquote cite="http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/"> + <p>There is a heap overflow vulnerability in String#ljust, + String#center and String#rjust. This has allowed an attacker to run + arbitrary code in some rare cases.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4124</cvename> + <url>http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/</url> + </references> + <dates> + <discovery>2009-11-30</discovery> + <entry>2009-12-09</entry> + </dates> + </vuln> + + <vuln vid="714c1406-e4cf-11de-883a-003048590f9e"> + <topic>rt -- Session fixation vulnerability</topic> + <affects> + <package> + <name>rt</name> + <range><lt>3.8.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37546"> + <p>A vulnerability has been reported in RT, which can be exploited by + malicious people to conduct session fixation attacks. + The vulnerability is caused due to an error in the handling of + sessions and can be exploited to hijack another user's session by + tricking the user into logging in after following a specially crafted + link.</p> + </blockquote> + </body> + </description> + <references> + <bid>37162</bid> + <cvename>CVE-2009-3585</cvename> + </references> + <dates> + <discovery>2009-12-01</discovery> + <entry>2009-12-09</entry> + </dates> + </vuln> + + <vuln vid="5f030587-e39a-11de-881e-001aa0166822"> + <topic>expat2 -- Parser crash with specially formatted UTF-8 sequences</topic> + <affects> + <package> + <name>expat2</name> + <name>linux-f10-expat</name> + <range><lt>2.0.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720"> + <p>The updatePosition function in lib/xmltok_impl.c in + libexpat in Expat 2.0.1, as used in Python, PyXML, + w3c-libwww, and other software, allows context-dependent + attackers to cause a denial of service (application crash) + via an XML document with crafted UTF-8 sequences that + trigger a buffer over-read.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3720</cvename> + </references> + <dates> + <discovery>2009-01-17</discovery> + <entry>2009-12-08</entry> + </dates> + </vuln> + + <vuln vid="e9fca207-e399-11de-881e-001aa0166822"> + <topic>expat2 -- buffer over-read and crash</topic> + <affects> + <package> + <name>expat2</name> + <range><lt>2.0.1_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560"> + <p>The big2_toUtf8 function in lib/xmltok.c in libexpat in + Expat 2.0.1, as used in the XML-Twig module for Perl, allows + context-dependent attackers to cause a denial of service + (application crash) via an XML document with malformed UTF-8 + sequences that trigger a buffer over-read, related to the + doProlog function in lib/xmlparse.c.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3560</cvename> + </references> + <dates> + <discovery>2009-10-05</discovery> + <entry>2009-12-08</entry> + </dates> + </vuln> + + <vuln vid="6431c4db-deb4-11de-9078-0030843d3802"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <range><lt>10.10.20091120</lt></range> + </package> + <package> + <name>linux-opera</name> + <range><lt>10.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/unix/1010/"> + <ul> + <li>Fixed a heap buffer overflow in string to number conversion</li> + <li>Fixed an issue where error messages could leak onto unrelated + sites</li> + <li>Fixed a moderately severe issue, as reported by Chris Evans of + the Google Security Team; details will be disclosed at a later + date.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0689</cvename> + <cvename>CVE-2009-4071</cvename> + <url>http://www.opera.com/support/kb/view/941/</url> + <url>http://www.opera.com/support/kb/view/942/</url> + </references> + <dates> + <discovery>2009-11-23</discovery> + <entry>2009-12-01</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="77c14729-dc5e-11de-92ae-02e0184b8d35"> + <topic>libtool -- Library Search Path Privilege Escalation Issue</topic> + <affects> + <package> + <name>libtool</name> + <range><lt>2.2.6b</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia.com</p> + <blockquote cite="http://secunia.com/advisories/37414/"> + <p>Do not attempt to load an unqualified module.la file from the + current directory (by default) since doing so is insecure and is + not compliant with the documentation.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3736</cvename> + <url>http://secunia.com/advisories/37414/</url> + <url>http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html</url> + </references> + <dates> + <discovery>2009-11-25</discovery> + <entry>2009-11-28</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="94edff42-d93d-11de-a434-0211d880e350"> + <topic>libvorbis -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libvorbis</name> + <range><lt>1.2.3_1,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Ubuntu security team reports:</p> + <blockquote cite="http://www.ubuntu.com/usn/usn-861-1"> + <p>It was discovered that libvorbis did not correctly + handle certain malformed vorbis files. If a user were + tricked into opening a specially crafted vorbis file + with an application that uses libvorbis, an attacker + could cause a denial of service or possibly execute + arbitrary code with the user's privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-1420</cvename> + <cvename>CVE-2009-3379</cvename> + </references> + <dates> + <discovery>2009-11-24</discovery> + <entry>2009-11-24</entry> + </dates> + </vuln> + + <vuln vid="92ca92c1-d859-11de-89f9-001517351c22"> + <topic>bugzilla -- information leak</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.1</gt><lt>3.4.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4.3/"> + <p>When a bug is in a group, none of its information + (other than its status and resolution) should be visible + to users outside that group. It was discovered that + as of 3.3.2, Bugzilla was showing the alias of the bug + (a very short string used as a shortcut for looking up + the bug) to users outside of the group, if the protected + bug ended up in the "Depends On" or "Blocks" list of any + other bug.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3386</cvename> + <url>http://www.bugzilla.org/security/3.4.3/</url> + </references> + <dates> + <discovery>2009-11-18</discovery> + <entry>2009-11-23</entry> + </dates> + </vuln> + + <vuln vid="04104985-d846-11de-84e4-00215af774f0"> + <topic>cacti -- cross-site scripting issues</topic> + <affects> + <package> + <name>cacti</name> + <range><lt>0.8.7e4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The cacti development team reports:</p> + <blockquote cite="http://docs.cacti.net/#cross-site_scripting_fixes"> + <p>The Cross-Site Scripting patch has been posted.</p> + <p>This patch addresses cross-site scripting issues reported + by Moritz Naumann.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4032</cvename> + <url>http://docs.cacti.net/#cross-site_scripting_fixes</url> + </references> + <dates> + <discovery>2009-11-21</discovery> + <entry>2009-11-23</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="0640198a-d117-11de-b667-0030843d3802"> + <topic>wordpress -- multiple vulnerabilities</topic> + <affects> + <package> + <name>wordpress</name> + <range><lt>2.8.6,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <range><lt>2.8.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/37332/"> + <p>The security issue is caused due to the wp_check_filetype() + function in /wp-includes/functions.php improperly validating uploaded + files. This can be exploited to execute arbitrary PHP code by + uploading a malicious PHP script with multiple extensions.</p> + <p>Successful exploitation of this vulnerability requires that Apache + is not configured to handle the mime-type for media files with an e.g. + "gif", "jpg", "png", "tif", "wmv" extension.</p> + <p>Input passed via certain parameters to press-this.php is not + properly sanitised before being displayed to the user. This can be + exploited to insert arbitrary HTML and script code, which will be + executed in a user's browser session in context of an affected site + when the malicious data is being viewed.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3890</cvename> + <cvename>CVE-2009-3891</cvename> + <url>http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/</url> + <url>http://secunia.com/advisories/37332/</url> + </references> + <dates> + <discovery>2009-11-12</discovery> + <entry>2009-11-14</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="68bda678-caab-11de-a97e-be89dfd1042e"> + <topic>p5-HTML-Parser -- denial of service</topic> + <affects> + <package> + <name>p5-HTML-Parser</name> + <range><lt>3.63</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3627"> + <p>The decode_entities function in util.c in HTML-Parser before + 3.63 allows context-dependent attackers to cause a denial of service + (infinite loop) via an incomplete SGML numeric character reference, + which triggers generation of an invalid UTF-8 character.</p> + </blockquote> + </body> + </description> + <references> + <bid>36807</bid> + <cvename>CVE-2009-3627</cvename> + <url>http://secunia.com/advisories/37155</url> + </references> + <dates> + <discovery>2009-10-23</discovery> + <entry>2009-11-06</entry> + </dates> + </vuln> + + <vuln vid="4e8344a3-ca52-11de-8ee8-00215c6a37bb"> + <topic>gd -- '_gdGetColors' remote buffer overflow vulnerability</topic> + <affects> + <package> + <name>gd</name> + <range><lt>2.0.35_2,1</lt></range> + </package> + <package> + <name>php5-gd</name> + <range><lt>5.2.11_2</lt></range> + </package> + <package> + <name>php4-gd</name> + <range><lt>4.4.9_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3546"> + <p>The _gdGetColors function in gd_gd.c in PHP 5.2.11 and + 5.3.0, and the GD Graphics Library 2.x, does not properly + verify a certain colorsTotal structure member, which might + allow remote attackers to conduct buffer overflow or buffer + over-read attacks via a crafted GD file, a different + vulnerability than CVE-2009-3293.</p> + </blockquote> + </body> + </description> + <references> + <bid>36712</bid> + <cvename>CVE-2009-3546</cvename> + <url>http://secunia.com/advisories/37069</url> + <url>http://secunia.com/advisories/37080</url> + </references> + <dates> + <discovery>2009-10-15</discovery> + <entry>2009-11-05</entry> + <modified>2010-06-17</modified> + </dates> + </vuln> + + <vuln vid="6693bad2-ca50-11de-8ee8-00215c6a37bb"> + <topic>typo3 -- multiple vulnerabilities in TYPO3 Core</topic> + <affects> + <package> + <name>typo3</name> + <range><lt>4.2.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>TYPO3 develop team reports:</p> + <blockquote cite="http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/"> + <p>Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 + and below, 4.2.9 and below, 4.3.0beta1 and below.</p> + <p>SQL injection, Cross-site scripting (XSS), Information + disclosure, Frame hijacking, Remote shell command execution + and Insecure Install Tool authentication/session handling.</p> + </blockquote> + </body> + </description> + <references> + <bid>36801</bid> + <cvename>CVE-2009-3628</cvename> + <cvename>CVE-2009-3629</cvename> + <cvename>CVE-2009-3630</cvename> + <cvename>CVE-2009-3631</cvename> + <cvename>CVE-2009-3632</cvename> + <cvename>CVE-2009-3633</cvename> + <cvename>CVE-2009-3634</cvename> + <cvename>CVE-2009-3635</cvename> + <cvename>CVE-2009-3636</cvename> + <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/</url> + <url>http://secunia.com/advisories/37122/</url> + </references> + <dates> + <discovery>2009-10-22</discovery> + <entry>2009-11-05</entry> + </dates> + </vuln> + + <vuln vid="3149ab1c-c8b9-11de-b87b-0011098ad87f"> + <topic>vlc -- stack overflow in MPA, AVI and ASF demuxer</topic> + <affects> + <package> + <name>vlc</name> + <range><ge>0.5.0</ge><lt>1.0.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>VideoLAN reports:</p> + <blockquote cite="http://www.videolan.org/security/sa0901.html"> + <p>When parsing a MP4, ASF or AVI file with an overly deep box + structure, a stack overflow might occur. It would overwrite the + return address and thus redirect the execution flow.</p> + <p>If successful, a malicious third party could trigger execution + of arbitrary code within the context of the VLC media player.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.videolan.org/security/sa0901.html</url> + </references> + <dates> + <discovery>2009-09-14</discovery> + <entry>2009-11-03</entry> + </dates> + </vuln> + + <vuln vid="6f358f5a-c7ea-11de-a9f3-0030843d3802"> + <topic>KDE -- multiple vulnerabilities</topic> + <affects> + <package> + <name>kdebase-runtime</name> + <range><ge>4.0.*</ge><lt>4.3.1_2</lt></range> + </package> + <package> + <name>kdelibs</name> + <range><ge>4.0.*</ge><lt>4.3.1_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>oCERT reports:</p> + <blockquote cite="http://www.ocert.org/advisories/ocert-2009-015.html"> + <p>Ark input sanitization errors: The KDE archiving tool, Ark, + performs insufficient validation which leads to specially crafted + archive files, using unknown MIME types, to be rendered using a KHTML + instance, this can trigger uncontrolled XMLHTTPRequests to remote + sites.</p> + <p>IO Slaves input sanitization errors: KDE protocol handlers perform + insufficient input validation, an attacker can craft malicious URI + that would trigger JavaScript execution. Additionally the 'help://' + protocol handler suffer from directory traversal. It should be noted + that the scope of this issue is limited as the malicious URIs cannot + be embedded in Internet hosted content.</p> + <p>KMail input sanitization errors: The KDE mail client, KMail, performs + insufficient validation which leads to specially crafted email + attachments, using unknown MIME types, to be rendered using a KHTML + instance, this can trigger uncontrolled XMLHTTPRequests to remote + sites.</p> + <p>The exploitation of these vulnerabilities is unlikely according to + Portcullis and KDE but the execution of active content is nonetheless + unexpected and might pose a threat.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.ocert.org/advisories/ocert-2009-015.html</url> + </references> + <dates> + <discovery>2009-10-30</discovery> + <entry>2009-11-02</entry> + </dates> + </vuln> + + <vuln vid="2fda6bd2-c53c-11de-b157-001999392805"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <range><lt>10.01.20091019</lt></range> + </package> + <package> + <name>linux-opera</name> + <range><lt>10.01</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team Reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/unix/1001/"> + <ul> + <li>Fixed an issue where certain domain names could allow execution + of arbitrary code, as reported by Chris Weber of Casaba Security</li> + <li>Fixed an issue where scripts can run on the feed subscription + page, as reported by Inferno</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3831</cvename> + <url>http://www.opera.com/support/kb/view/938/</url> + <url>http://www.opera.com/support/kb/view/939/</url> + </references> + <dates> + <discovery>2009-10-28</discovery> + <entry>2009-10-31</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="83d7d149-b965-11de-a515-0022156e8794"> + <topic>Enhanced cTorrent -- stack-based overflow</topic> + <affects> + <package> + <name>ctorrent</name> + <range><lt>3.3.2_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34584"> + <p>cTorrent and dTorrent are prone to a remote buffer-overflow + vulnerability because the software fails to properly + bounds-check user-supplied input before copying it to an + insufficiently sized memory buffer.</p> + <p>Successful exploits allow remote attackers to execute + arbitrary machine code in the context of a vulnerable + application. Failed exploit attempts will likely result in + denial-of-service conditions.</p> + </blockquote> + </body> + </description> + <references> + <bid>34584</bid> + <cvename>CVE-2009-1759</cvename> + <url>http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959</url> + </references> + <dates> + <discovery>2009-10-15</discovery> + <entry>2009-10-28</entry> + </dates> + </vuln> + + <vuln vid="c87aa2d2-c3c4-11de-ab08-000f20797ede"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>3.5.*,1</gt><lt>3.5.4,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.15,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>3.0.15</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>2.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-64 Crashes with evidence of memory + corruption (rv:1.9.1.4/ 1.9.0.15)</p> + <p>MFSA 2009-63 Upgrade media libraries to fix memory + safety bugs</p> + <p>MFSA 2009-62 Download filename spoofing with RTL + override</p> + <p>MFSA 2009-61 Cross-origin data theft through + document.getSelection()</p> + <p>MFSA 2009-59 Heap buffer overflow in string to + number conversion</p> + <p>MFSA 2009-57 Chrome privilege escalation in + XPCVariant::VariantDataToJS()</p> + <p>MFSA 2009-56 Heap buffer overflow in GIF color map + parser</p> + <p>MFSA 2009-55 Crash in proxy auto-configuration + regexp parsing</p> + <p>MFSA 2009-54 Crash with recursive web-worker calls</p> + <p>MFSA 2009-53 Local downloaded file tampering</p> + <p>MFSA 2009-52 Form history vulnerable to stealing</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3380</cvename> + <cvename>CVE-2009-3381</cvename> + <cvename>CVE-2009-3382</cvename> + <cvename>CVE-2009-3383</cvename> + <cvename>CVE-2009-3379</cvename> + <cvename>CVE-2009-3378</cvename> + <cvename>CVE-2009-3377</cvename> + <cvename>CVE-2009-3376</cvename> + <cvename>CVE-2009-3375</cvename> + <cvename>CVE-2009-1563</cvename> + <cvename>CVE-2009-3374</cvename> + <cvename>CVE-2009-3373</cvename> + <cvename>CVE-2009-3372</cvename> + <cvename>CVE-2009-3371</cvename> + <cvename>CVE-2009-3274</cvename> + <cvename>CVE-2009-3370</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-64.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-63.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-62.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-61.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-59.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-57.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-56.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-55.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-54.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-53.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-52.html</url> + </references> + <dates> + <discovery>2009-10-27</discovery> + <entry>2009-10-28</entry> + <modified>2009-12-14</modified> + </dates> + </vuln> + + <vuln vid="2544f543-c178-11de-b175-001cc0377035"> + <topic>elinks -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>elinks</name> + <range><lt>0.11.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/36574/discuss"> + <p>ELinks is prone to an off-by-one buffer-overflow vulnerability + because the application fails to accurately reference the last + element of a buffer.</p> + <p>Attackers may leverage this issue to execute arbitrary code in + the context of the application. Failed attacks will cause + denial-of-service conditions.</p> + </blockquote> + </body> + </description> + <references> + <bid>36574</bid> + <cvename>CVE-2008-7224</cvename> + <mlist msgid="20080204235429.GA28006@diku.dk">http://linuxfromscratch.org/pipermail/elinks-users/2008-February/001604.html</mlist> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=380347</url> + </references> + <dates> + <discovery>2006-07-29</discovery> + <entry>2009-10-25</entry> + </dates> + </vuln> + + <vuln vid="692ab645-bf5d-11de-849b-00151797c2d4"> + <topic>squidGuard -- multiple vulnerabilities</topic> + <affects> + <package> + <name>squidGuard</name> + <range><lt>1.4_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SquidGuard website reports:</p> + <blockquote cite="http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015"> + <p>Patch 20091015 fixes one buffer overflow problem + in sgLog.c when overlong URLs are requested. + SquidGuard will then go into emergency mode were + no blocking occurs. This is not required in this + situation.</p> + </blockquote> + <blockquote cite="http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019"> + <p>Patch 20091019 fixes two bypass problems with URLs + which length is close to the limit defined by MAX_BUF + (default: 4096) in squidGuard and MAX_URL (default: + 4096 in squid 2.x and 8192 in squid 3.x) in squid. + For this kind of URLs the proxy request exceeds MAX_BUF + causing squidGuard to complain about not being able to + parse the squid request. Increasing the buffer limit + to be higher than the one defined in MAX_URL solves the + issue.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3700</cvename> + <cvename>CVE-2009-3826</cvename> + <url>http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091015</url> + <url>http://www.squidguard.org/Downloads/Patches/1.4/Readme.Patch-20091019</url> + </references> + <dates> + <discovery>2009-10-15</discovery> + <entry>2009-10-22</entry> + <modified>2010-05-06</modified> + </dates> + </vuln> + + <vuln vid="8581189c-bd5f-11de-8709-0017a4cccfc6"> + <topic>Xpdf -- Multiple Vulnerabilities</topic> + <affects> + <package> + <name>xpdf</name> + <range><lt>3.02_11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/507261"> + <p>Some vulnerabilities have been reported in Xpdf, which can be + exploited by malicious people to potentially compromise a user's + system.</p> + <p>1) Multiple integer overflows in "SplashBitmap::SplashBitmap()" + can be exploited to cause heap-based buffer overflows.</p> + <p>2) An integer overflow error in "ObjectStream::ObjectStream()" + can be exploited to cause a heap-based buffer overflow.</p> + <p>3) Multiple integer overflows in "Splash::drawImage()" can be + exploited to cause heap-based buffer overflows.</p> + <p>4) An integer overflow error in "PSOutputDev::doImageL1Sep()" + can be exploited to cause a heap-based buffer overflow when + converting a PDF document to a PS file.</p> + <p>Successful exploitation of the vulnerabilities may allow execution + of arbitrary code by tricking a user into opening a specially crafted + PDF file.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.securityfocus.com/archive/1/507261</url> + <url>http://secunia.com/advisories/37053/</url> + </references> + <dates> + <discovery>2009-10-14</discovery> + <entry>2009-10-20</entry> + </dates> + </vuln> + + <vuln vid="87917d6f-ba76-11de-bac2-001a4d563a0f"> + <topic>django -- denial-of-service attack</topic> + <affects> + <package> + <name>py23-django</name> + <name>py24-django</name> + <name>py25-django</name> + <name>py26-django</name> + <name>py30-django</name> + <name>py31-django</name> + <range><lt>1.1.1</lt></range> + </package> + <package> + <name>py23-django-devel</name> + <name>py24-django-devel</name> + <name>py25-django-devel</name> + <name>py26-django-devel</name> + <name>py30-django-devel</name> + <name>py31-django-devel</name> + <range><lt>11603,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Django project reports:</p> + <blockquote cite="http://www.djangoproject.com/weblog/2009/oct/09/security/"> + <p>Django's forms library includes field types which perform + regular-expression-based validation of email addresses and + URLs. Certain addresses/URLs could trigger a pathological + performance case in these regular expression, resulting in + the server process/thread becoming unresponsive, and consuming + excessive CPU over an extended period of time. If deliberately + triggered, this could result in an effectively + denial-of-service attack.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3695</cvename> + <url>http://www.djangoproject.com/weblog/2009/oct/09/security/</url> + </references> + <dates> + <discovery>2009-10-09</discovery> + <entry>2009-10-16</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="4769914e-b844-11de-b159-0030843d3802"> + <topic>phpmyadmin -- XSS and SQL injection vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>3.2.2.1</lt></range> + </package> + <package> + <name>phpMyAdmin211</name> + <range><lt>2.11.9.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin Team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php"> + <p>Cross-site scripting (XSS) vulnerability allows remote attackers to + inject arbitrary web script or HTML via a crafted MySQL table name.</p> + <p>SQL injection vulnerability allows remote attackers to inject SQL via + various interface parameters of the PDF schema generator feature.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3696</cvename> + <cvename>CVE-2009-3697</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php</url> + </references> + <dates> + <discovery>2009-10-13</discovery> + <entry>2009-10-13</entry> + </dates> + </vuln> + + <vuln vid="437a68cf-b752-11de-b6eb-00e0815b8da8"> + <topic>php5 -- Multiple security issues</topic> + <affects> + <package> + <name>php5</name> + <range><lt>5.2.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Vendor reports</p> + <blockquote cite="http://www.php.net/releases/5_2_11.php"> + <p>Security Enhancements and Fixes in PHP 5.2.11: + Fixed certificate validation inside + php_openssl_apply_verification_policy. + Fixed sanity check for the color index in imagecolortransparent. + Added missing sanity checks around exif processing. + Fixed bug 44683 popen crashes when an invalid mode is passed.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.php.net/releases/5_2_11.php</url> + <cvename>CVE-2009-3291</cvename> + <cvename>CVE-2009-3292</cvename> + <cvename>CVE-2009-3293</cvename> + </references> + <dates> + <discovery>2009-09-17</discovery> + <entry>2009-10-12</entry> + </dates> + </vuln> + + <vuln vid="ebeed063-b328-11de-b6a5-0030843d3802"> + <topic>virtualbox -- privilege escalation</topic> + <affects> + <package> + <name>virtualbox</name> + <range><lt>3.0.51.r22902_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Sun reports:</p> + <blockquote cite="http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"> + <p>A security vulnerability in the VBoxNetAdpCtl configuration tool + for certain Sun VirtualBox 3.0 packages may allow local unprivileged + users who are authorized to run VirtualBox to execute arbitrary + commands with root privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3692</cvename> + <url>http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1</url> + <url>http://secunia.com/advisories/36929</url> + </references> + <dates> + <discovery>2009-10-07</discovery> + <entry>2009-10-07</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="50383bde-b25b-11de-8c83-02e0185f8d72"> + <topic>FreeBSD -- Devfs / VFS NULL pointer race condition</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_13</lt></range> + <range><ge>6.4</ge><lt>6.4_7</lt></range> + <range><ge>7.1</ge><lt>7.1_8</lt></range> + <range><ge>7.2</ge><lt>7.2_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Due to the interaction between devfs and VFS, a race condition + exists where the kernel might dereference a NULL pointer.</p> + <h1>Impact:</h1> + <p>Successful exploitation of the race condition can lead to local + kernel privilege escalation, kernel data corruption and/or + crash.</p> + <p>To exploit this vulnerability, an attacker must be able to run + code with user privileges on the target system.</p> + <h1>Workaround:</h1> + <p>An errata note, FreeBSD-EN-09:05.null has been released + simultaneously to this advisory, and contains a kernel patch + implementing a workaround for a more broad class of + vulnerabilities. However, prior to those changes, no workaround + is available.</p> + </body> + </description> + <references> + <freebsdsa>SA-09:14.devfs</freebsdsa> + </references> + <dates> + <discovery>2009-10-02</discovery> + <entry>2009-10-06</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="90d2e58f-b25a-11de-8c83-02e0185f8d72"> + <topic>FreeBSD -- kqueue pipe race conditions</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.4_7</lt></range> + <range><ge>6.4</ge><lt>6.3_13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>A race condition exists in the pipe close() code relating + to kqueues, causing use-after-free for kernel memory, which + may lead to an exploitable NULL pointer vulnerability in the + kernel, kernel memory corruption, and other unpredictable + results.</p> + <h1>Impact:</h1> + <p>Successful exploitation of the race condition can lead to + local kernel privilege escalation, kernel data corruption + and/or crash.</p> + <p>To exploit this vulnerability, an attacker must be able to + run code on the target system.</p> + <h1>Workaround</h1> + <p>An errata notice, FreeBSD-EN-09:05.null has been released + simultaneously to this advisory, and contains a kernel patch + implementing a workaround for a more broad class of + vulnerabilities. However, prior to those changes, no + workaround is available.</p> + </body> + </description> + <references> + <freebsdsa>SA-09:13.pipe</freebsdsa> + </references> + <dates> + <discovery>2009-10-02</discovery> + <entry>2009-10-06</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="beb6f4a8-add5-11de-8b55-0030843d3802"> + <topic>mybb -- multiple vulnerabilities</topic> + <affects> + <package> + <name>mybb</name> + <range><lt>1.4.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>mybb team reports:</p> + <blockquote cite="http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/"> + <p>Input passed via avatar extensions is not properly sanitised before + being used in SQL queries. This can be exploited to manipulate SQL + queries by uploading specially named avatars.</p> + <p>The script allows to sign up with usernames containing zero width + space characters, which can be exploited to e.g. conduct spoofing + attacks.</p> + </blockquote> + </body> + </description> + <references> + <bid>36460</bid> + <url>http://dev.mybboard.net/issues/464</url> + <url>http://dev.mybboard.net/issues/418</url> + <url>http://secunia.com/advisories/36803</url> + <url>http://blog.mybboard.net/2009/09/21/mybb-1-4-9-released-security-update/</url> + </references> + <dates> + <discovery>2009-09-21</discovery> + <entry>2009-09-30</entry> + </dates> + </vuln> + + <vuln vid="bad1b090-a7ca-11de-873f-0030843d3802"> + <topic>drupal -- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.20</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Team reports:</p> + <blockquote cite="http://drupal.org/node/579482"> + <p>The core OpenID module does not correctly implement Form API for + the form that allows one to link user accounts with OpenID + identifiers. A malicious user is therefore able to use cross site + request forgeries to add attacker controlled OpenID identities to + existing accounts. These OpenID identities can then be used to gain + access to the affected accounts.</p> + <p>The OpenID module is not a compliant implementation of the OpenID + Authentication 2.0 specification. An implementation error allows a + user to access the account of another user when they share the same + OpenID 2.0 provider.</p> + <p>File uploads with certain extensions are not correctly processed by + the File API. This may lead to the creation of files that are + executable by Apache. The .htaccess that is saved into the files + directory by Drupal should normally prevent execution. The files are + only executable when the server is configured to ignore the directives + in the .htaccess file.</p> + <p>Drupal doesn't regenerate the session ID when an anonymous user + follows the one time login link used to confirm email addresses and + reset forgotten passwords. This enables a malicious user to fix and + reuse the session id of a victim under certain circumstances.</p> + </blockquote> + </body> + </description> + <references> + <url>http://drupal.org/node/579482</url> + <url>http://secunia.com/advisories/36787/</url> + <url>http://secunia.com/advisories/36786/</url> + <url>http://secunia.com/advisories/36781/</url> + <url>http://secunia.com/advisories/36776/</url> + <url>http://secunia.com/advisories/36785/</url> + </references> + <dates> + <discovery>2009-09-17</discovery> + <entry>2009-09-22</entry> + </dates> + </vuln> + + <vuln vid="113cd7e9-a4e2-11de-84af-001195e39404"> + <topic>fwbuilder -- security issue in temporary file handling</topic> + <affects> + <package> + <name>fwbuilder</name> + <range><lt>3.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Firewall Builder release notes reports:</p> + <blockquote cite="http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7"> + <p>Vadim Kurland (vadim.kurland@fwbuilder.org) reports:</p> + <p>Fwbuilder and libfwbuilder 3.0.4 through to 3.0.6 generate + iptables scripts with a security issue when also used to + generate static routing configurations.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-4664</cvename> + <url>http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7</url> + </references> + <dates> + <discovery>2009-09-18</discovery> + <entry>2009-09-18</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="b9ec7fe3-a38a-11de-9c6b-003048818f40"> + <topic>bugzilla -- two SQL injections, sensitive data exposure</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.1</gt><lt>3.4.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4/"> + <ul> + <li>It is possible to inject raw SQL into the Bugzilla + database via the "Bug.create" and "Bug.search" WebService + functions.</li> + <li>When a user would change his password, his new password would + be exposed in the URL field of the browser if he logged in right + after changing his password.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3125</cvename> + <cvename>CVE-2009-3165</cvename> + <cvename>CVE-2009-3166</cvename> + <url>http://www.bugzilla.org/security/3.0.8/</url> + </references> + <dates> + <discovery>2009-09-11</discovery> + <entry>2009-09-17</entry> + </dates> + </vuln> + + <vuln vid="ee23aa09-a175-11de-96c0-0011098ad87f"> + <topic>horde-base -- multiple vulnerabilities</topic> + <affects> + <package> + <name>horde-base</name> + <range><lt>3.3.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Horde team reports:</p> + <blockquote cite="http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559"> + <p>An error within the form library when handling image form fields can + be exploited to overwrite arbitrary local files.</p> + <p>An error exists within the MIME Viewer library when rendering unknown + text parts. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected site if + malicious data is viewed.</p> + <p>The preferences system does not properly sanitise numeric preference + types. This can be exploited to execute arbitrary HTML and script code + in a user's browser session in contact of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <url>http://bugs.horde.org/ticket/?id=8311</url> + <url>http://bugs.horde.org/ticket/?id=8399</url> + <url>http://secunia.com/advisories/36665/</url> + <url>http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559</url> + </references> + <dates> + <discovery>2009-05-28</discovery> + <entry>2009-09-14</entry> + <modified>2009-09-22</modified> + </dates> + </vuln> + + <vuln vid="152b27f0-a158-11de-990c-e5b1d4c882e0"> + <topic>nginx -- remote denial of service vulnerability</topic> + <affects> + <package> + <name>nginx</name> + <range><lt>0.7.62</lt></range> + </package> + <package> + <name>nginx-devel</name> + <range><lt>0.8.15</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>nginx development team reports:</p> + <blockquote cite="http://nginx.net/CHANGES"> + <p>A segmentation fault might occur in worker process while + specially crafted request handling.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2629</cvename> + <url>http://nginx.net/CHANGES</url> + <mlist msgid="20090914155338.GA2529@ngolde.de">http://lists.debian.org/debian-security-announce/2009/msg00205.html</mlist> + </references> + <dates> + <discovery>2009-09-14</discovery> + <entry>2009-09-14</entry> + <modified>2009-09-15</modified> + </dates> + </vuln> + + <vuln vid="6e8f54af-a07d-11de-a649-000c2955660f"> + <topic>ikiwiki -- insufficient blacklisting in teximg plugin</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>3.1415926</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The IkiWiki development team reports:</p> + <blockquote cite="http://ikiwiki.info/security/#index35h2"> + <p>IkiWikis teximg plugin's blacklisting of insecure TeX commands + is insufficient; it can be bypassed and used to read arbitrary + files.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2944</cvename> + <url>http://ikiwiki.info/security/#index35h2</url> + </references> + <dates> + <discovery>2009-08-28</discovery> + <entry>2009-09-13</entry> + </dates> + </vuln> + + <vuln vid="b46f3a1e-a052-11de-a649-000c2955660f"> + <topic>xapian-omega -- cross-site scripting vulnerability</topic> + <affects> + <package> + <name>xapian-omega</name> + <range><lt>1.0.16</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Olly Betts reports:</p> + <blockquote cite="http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html"> + <p>There's a cross-site scripting issue in Omega - exception + messages don't currently get HTML entities escaped, but can + contain CGI parameter values in some cases.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2947</cvename> + <url>http://lists.xapian.org/pipermail/xapian-discuss/2009-September/007115.html</url> + </references> + <dates> + <discovery>2009-09-09</discovery> + <entry>2009-09-13</entry> + </dates> + </vuln> + + <vuln vid="922d2398-9e2d-11de-a998-0030843d3802"> + <topic>mozilla firefox -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><gt>3.5.*,1</gt><lt>3.5.3,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.13,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-51 Chrome privilege escalation with FeedWriter</p> + <p>MFSA 2009-50 Location bar spoofing via tall line-height Unicode + characters</p> + <p>MFSA 2009-49 TreeColumns dangling pointer vulnerability</p> + <p>MFSA 2009-48 Insufficient warning for PKCS11 module installation + and removal</p> + <p>MFSA 2009-47 Crashes with evidence of memory corruption + (rv:1.9.1.3/1.9.0.14)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3069</cvename> + <cvename>CVE-2009-3070</cvename> + <cvename>CVE-2009-3071</cvename> + <cvename>CVE-2009-3072</cvename> + <cvename>CVE-2009-3073</cvename> + <cvename>CVE-2009-3074</cvename> + <cvename>CVE-2009-3075</cvename> + <cvename>CVE-2009-3076</cvename> + <cvename>CVE-2009-3077</cvename> + <cvename>CVE-2009-3078</cvename> + <cvename>CVE-2009-3079</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-47.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-48.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-49.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-50.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-51.html</url> + <url>http://secunia.com/advisories/36671/2/</url> + </references> + <dates> + <discovery>2009-09-10</discovery> + <entry>2009-09-10</entry> + </dates> + </vuln> + + <vuln vid="012b495c-9d51-11de-8d20-001bd3385381"> + <topic>cyrus-imapd -- Potential buffer overflow in Sieve</topic> + <affects> + <package> + <name>cyrus-imapd</name> + <range><gt>2.2.0</gt><lt>2.2.13_6</lt></range> + <range><gt>2.3.0</gt><lt>2.3.14_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Cyrus IMAP Server ChangeLog states:</p> + <blockquote cite="http://cyrusimap.web.cmu.edu/imapd/changes.html"> + <p>Fixed CERT VU#336053 - Potential buffer overflow in Sieve.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2632</cvename> + <bid>36296</bid> + <url>http://www.kb.cert.org/vuls/id/336053</url> + <url>http://www.debian.org/security/2009/dsa-1881</url> + </references> + <dates> + <discovery>2009-09-02</discovery> + <entry>2009-09-09</entry> + <modified>2009-09-14</modified> + </dates> + </vuln> + + <vuln vid="24aa9970-9ccd-11de-af10-000c29a67389"> + <topic>silc-toolkit -- Format string vulnerabilities</topic> + <affects> + <package> + <name>silc-toolkit</name> + <range><lt>1.1.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SILC Changlog reports:</p> + <blockquote cite="http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10"> + <p>An unspecified format string vulnerability exists in + silc-toolkit.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3051</cvename> + <url>http://silcnet.org/docs/changelog/SILC%20Toolkit%201.1.10</url> + <url>http://www.openwall.com/lists/oss-security/2009/09/03/5</url> + </references> + <dates> + <discovery>2009-08-07</discovery> + <entry>2009-09-08</entry> + </dates> + </vuln> + + <vuln vid="4582948a-9716-11de-83a5-001999392805"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <range><lt>10.00.20090830</lt></range> + </package> + <package> + <name>opera-devel</name> + <range><le>10.00.b3_1,1</le></range> + </package> + <package> + <name>linux-opera</name> + <range><lt>10.00</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team Reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/freebsd/1000/"> + <ul> + <li>Issue where sites using revoked intermediate certificates might be shown as secure</li> + <li>Issue where the collapsed address bar didn't show the current domain</li> + <li>Issue where pages could trick users into uploading files</li> + <li>Some IDNA characters not correctly displaying in the address bar</li> + <li>Issue where Opera accepts nulls and invalid wild-cards in certificates</li> + </ul> + </blockquote> + </body> + </description> + <references> + <url>http://www.opera.com/support/search/view/929/</url> + <url>http://www.opera.com/support/search/view/930/</url> + <url>http://www.opera.com/support/search/view/931/</url> + <url>http://www.opera.com/support/search/view/932/</url> + <url>http://www.opera.com/support/search/view/934/</url> + </references> + <dates> + <discovery>2009-09-01</discovery> + <entry>2009-09-04</entry> + <modified>2009-10-29</modified> + </dates> + </vuln> + + <vuln vid="80aa98e0-97b4-11de-b946-0030843d3802"> + <topic>dnsmasq -- TFTP server remote code injection vulnerability</topic> + <affects> + <package> + <name>dnsmasq</name> + <range><lt>2.50</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Simon Kelley reports:</p> + <blockquote cite="http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"> + <p>Fix security problem which allowed any host permitted to + do TFTP to possibly compromise dnsmasq by remote buffer + overflow when TFTP enabled.</p> + <p>Fix a problem which allowed a malicious TFTP client to + crash dnsmasq.</p> + </blockquote> + </body> + </description> + <references> + <bid>36121</bid> + <bid>36120</bid> + <cvename>CVE-2009-2957</cvename> + <cvename>CVE-2009-2958</cvename> + <url>http://www.coresecurity.com/content/dnsmasq-vulnerabilities</url> + <url>https://rhn.redhat.com/errata/RHSA-2009-1238.html</url> + </references> + <dates> + <discovery>2009-08-31</discovery> + <entry>2009-09-02</entry> + </dates> + </vuln> + + <vuln vid="e15f2356-9139-11de-8f42-001aa0166822"> + <topic>apache22 -- several vulnerabilities</topic> + <affects> + <package> + <name>apache</name> + <range><gt>2.2.0</gt><lt>2.2.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Apache ChangeLog reports:</p> + <blockquote cite="http://www.apache.org/dist/httpd/CHANGES_2.2.12"> + <p>CVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules.</p> + <p>CVE-2009-1195: Prevent the "Includes" Option from being enabled in an .htaccess file if the AllowOverride restrictions do not permit it.</p> + <p>CVE-2009-1890: Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration.</p> + <p>CVE-2009-1191: mod_proxy_ajp: Avoid delivering content from a previous request which failed to send a request body.</p> + <p>CVE-2009-0023, CVE-2009-1955, CVE-2009-1956: The bundled copy of the APR-util library has been updated, fixing three different security issues which may affect particular configurations and third-party modules (was already fixed in 2.2.11_5).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1891</cvename><!-- vul: 2.2.11 --> + <cvename>CVE-2009-1195</cvename><!-- vul: 2.2.x to 2.2.11 --> + <cvename>CVE-2009-1890</cvename><!-- ok: 2.3.3 --> + <cvename>CVE-2009-1191</cvename><!-- vul: 2.2.11 --> + <cvename>CVE-2009-0023</cvename><!-- ok: apr 1.3.5 --> + <cvename>CVE-2009-1955</cvename><!-- ok: apr-util 1.3.7 --> + <cvename>CVE-2009-1956</cvename><!-- ok: apr-util 1.3.5 --> + </references> + <dates> + <discovery>2009-07-28</discovery><!-- release date of 2.2.12 --> + <entry>2009-08-25</entry> + </dates> + </vuln> + + <vuln vid="59e7af2d-8db7-11de-883b-001e3300a30d"> + <topic>pidgin -- MSN overflow parsing SLP messages</topic> + <affects> + <package> + <name>pidgin</name> + <name>libpurple</name> + <name>finch</name> + <range><lt>2.5.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/36384"> + <p>A vulnerability has been reported in Pidgin, which can be + exploited by malicious people to potentially compromise a user's + system.</p> + <p>The vulnerability is caused due to an error in the + "msn_slplink_process_msg()" function when processing MSN SLP + messages and can be exploited to corrupt memory.</p> + <p>Successful exploitation may allow execution of arbitrary + code.</p> + <p>The vulnerability is reported in versions 2.5.8 and prior. + Other versions may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2694</cvename> + <url>http://secunia.com/advisories/36384/</url> + <url>http://www.pidgin.im/news/security/?id=34</url> + </references> + <dates> + <discovery>2009-08-18</discovery> + <entry>2009-08-20</entry> + </dates> + </vuln> + + <vuln vid="b31a1088-460f-11de-a11a-0022156e8794"> + <topic>GnuTLS -- multiple vulnerabilities</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>2.6.6</lt></range> + </package> + <package> + <name>gnutls-devel</name> + <range><lt>2.7.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34783/discuss"> + <p>GnuTLS is prone to multiple remote vulnerabilities:</p> + <ul> + <li>A remote code-execution vulnerability.</li> + <li>A denial-of-service vulnerability.</li> + <li>A signature-generation vulnerability.</li> + <li>A signature-verification vulnerability.</li> + </ul> + <p>An attacker can exploit these issues to potentially execute + arbitrary code, trigger denial-of-service conditions, carry + out attacks against data signed with weak signatures, and + cause clients to accept expired or invalid certificates from + servers.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1415</cvename> + <cvename>CVE-2009-1416</cvename> + <cvename>CVE-2009-1417</cvename> + <bid>34783</bid> + <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515</url> + <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516</url> + <url>http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517</url> + </references> + <dates> + <discovery>2009-05-21</discovery> + <entry>2009-08-17</entry> + </dates> + </vuln> + + <vuln vid="856a6f84-8b30-11de-8062-00e0815b8da8"> + <topic>GnuTLS -- improper SSL certificate verification</topic> + <affects> + <package> + <name>gnutls</name> + <range><lt>2.8.3</lt></range> + </package> + <package> + <name>gnutls-devel</name> + <range><lt>2.9.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>GnuTLS reports:</p> + <blockquote cite="http://article.gmane.org/gmane.network.gnutls.general/1733"> + <p>By using a NUL byte in CN/SAN fields, it was possible to fool + GnuTLS into 1) not printing the entire CN/SAN field value when + printing a certificate and 2) cause incorrect positive matches + when matching a hostname against a certificate.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2730</cvename> + <url>http://article.gmane.org/gmane.network.gnutls.general/1733</url> + <url>http://secunia.com/advisories/36266</url> + </references> + <dates> + <discovery>2009-08-11</discovery> + <entry>2009-08-17</entry> + </dates> + </vuln> + + <vuln vid="86ada694-8b30-11de-b9d0-000c6e274733"> + <topic>memcached -- memcached stats maps Information Disclosure Weakness</topic> + <affects> + <package> + <name>memcached</name> + <range><lt>1.2.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34915/"> + <p>A weakness has been reported in memcached, which can be exploited + by malicious people to disclose system information.</p> + <p>The weakness is caused due to the application disclosing the + content of /proc/self/maps if a stats maps command is received. + This can be exploited to disclose e.g. the addresses of allocated + memory regions.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1255</cvename> + <url>http://secunia.com/advisories/34915/</url> + </references> + <dates> + <discovery>2009-04-29</discovery> + <entry>2009-08-17</entry> + </dates> + </vuln> + + <vuln vid="2430e9c3-8741-11de-938e-003048590f9e"> + <topic>wordpress -- remote admin password reset vulnerability</topic> + <affects> + <package> + <name>wordpress</name> + <range><lt>2.8.4,1</lt></range> + </package> + <package> + <name>de-wordpress</name> + <range><lt>2.8.4</lt></range> + </package> + <package> + <name>wordpress-mu</name> + <range><lt>2.8.4a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>WordPress reports:</p> + <blockquote cite="http://wordpress.org/development/2009/08/2-8-4-security-release/"> + <p>A specially crafted URL could be requested that would allow an + attacker to bypass a security check to verify a user requested a + password reset. As a result, the first account without a key in the + database (usually the admin account) would have its password reset and + a new password would be emailed to the account owner.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2762</cvename> + <url>http://wordpress.org/development/2009/08/2-8-4-security-release/</url> + <url>http://www.milw0rm.com/exploits/9410</url> + </references> + <dates> + <discovery>2009-08-10</discovery> + <entry>2009-08-12</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="5179d85c-8683-11de-91b9-0022157515b2"> + <topic>fetchmail -- improper SSL certificate subject verification</topic> + <affects> + <package> + <name>fetchmail</name> + <range><lt>6.3.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthias Andree reports:</p> + <blockquote cite="http://www.fetchmail.info/fetchmail-SA-2009-01.txt"> + <p>Moxie Marlinspike demonstrated in July 2009 that some CAs would + sign certificates that contain embedded NUL characters in the + Common Name or subjectAltName fields of ITU-T X.509 + certificates.</p> + <p>Applications that would treat such X.509 strings as + NUL-terminated C strings (rather than strings that contain an + explicit length field) would only check the part up to and + excluding the NUL character, so that certificate names such as + www.good.example\0www.bad.example.com would be mistaken as a + certificate name for www.good.example. fetchmail also had this + design and implementation flaw.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2666</cvename> + <url>http://www.fetchmail.info/fetchmail-SA-2009-01.txt</url> + </references> + <dates> + <discovery>2009-08-06</discovery> + <entry>2009-08-11</entry> + <modified>2009-08-13</modified> + </dates> + </vuln> + + <vuln vid="739b94a4-838b-11de-938e-003048590f9e"> + <topic>joomla15 -- com_mailto Timeout Issue</topic> + <affects> + <package> + <name>joomla15</name> + <range><lt>1.5.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Joomla! Security Center reports:</p> + <blockquote cite="http://developer.joomla.org/security/news/303-20090723-core-com-mailto-timeout-issue.html"> + <p>In com_mailto, it was possible to bypass timeout protection against + sending automated emails.</p> + </blockquote> + </body> + </description> + <references> + <url>http://developer.joomla.org/security.html</url> + <url>http://secunia.com/advisories/36097/</url> + </references> + <dates> + <discovery>2009-07-22</discovery> + <entry>2009-08-07</entry> + <modified>2009-08-11</modified> + </dates> + </vuln> + + <vuln vid="bce1f76d-82d0-11de-88ea-001a4d49522b"> + <topic>subversion -- heap overflow vulnerability</topic> + <affects> + <package> + <name>subversion</name> + <name>subversion-freebsd</name> + <name>p5-subversion</name> + <name>py-subversion</name> + <range><lt>1.6.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Subversion Security Advisory reports:</p> + <blockquote cite="http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt"> + <p>Subversion clients and servers have multiple heap + overflow issues in the parsing of binary deltas. This is + related to an allocation vulnerability in the APR library + used by Subversion.</p> + <p>Clients with commit access to a vulnerable server can + cause a remote heap overflow; servers can cause a heap + overflow on vulnerable clients that try to do a checkout + or update.</p> + <p>This can lead to a DoS (an exploit has been tested) and + to arbitrary code execution (no exploit tested, but the + possibility is clear).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2411</cvename> + <url>http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt</url> + </references> + <dates> + <discovery>2009-08-06</discovery> + <entry>2009-08-06</entry> + <modified>2009-08-07</modified> + </dates> + </vuln> + + <vuln vid="d67b517d-8214-11de-88ea-001a4d49522b"> + <topic>bugzilla -- product name information leak</topic> + <affects> + <package> + <name>bugzilla</name> + <range><gt>3.3.4</gt><lt>3.4.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Bugzilla Security Advisory reports:</p> + <blockquote cite="http://www.bugzilla.org/security/3.4/"> + <p>Normally, users are only supposed to see products that + they can file bugs against in the "Product" drop-down on + the bug-editing page. Instead, users were being shown all + products, even those that they normally could not see. Any + user who could edit any bug could see all product + names.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.bugzilla.org/security/3.4/</url> + </references> + <dates> + <discovery>2009-07-30</discovery> + <entry>2009-08-05</entry> + </dates> + </vuln> + + <vuln vid="49e8f2ee-8147-11de-a994-0030843d3802"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <name>linux-firefox</name> + <range><lt>3.*,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.13,1</lt></range> + <range><gt>3.5.*,1</gt><lt>3.5.2,1</lt></range> + </package> + <package> + <name>linux-firefox-devel</name> + <range><lt>3.5.2</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.18</lt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/"> + <p>MFSA 2009-38: Data corruption with SOCKS5 reply containing DNS name + longer than 15 characters</p> + <p>MFSA 2009-42: Compromise of SSL-protected communication</p> + <p>MFSA 2009-43: Heap overflow in certificate regexp parsing</p> + <p>MFSA 2009-44: Location bar and SSL indicator spoofing via window.open() + on invalid URL</p> + <p>MFSA 2009-45: Crashes with evidence of memory corruption + (rv:1.9.1.2/1.9.0.13)</p> + <p>MFSA 2009-46: Chrome privilege escalation due to incorrectly cached + wrapper</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2404</cvename> + <cvename>CVE-2009-2408</cvename> + <cvename>CVE-2009-2454</cvename> + <cvename>CVE-2009-2470</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-38.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-42.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-43.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-44.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-45.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-46.html</url> + </references> + <dates> + <discovery>2009-08-03</discovery> + <entry>2009-08-04</entry> + <modified>2009-09-04</modified> + </dates> + </vuln> + + <vuln vid="4e306850-811f-11de-8a67-000c29a67389"> + <topic>silc-client -- Format string vulnerability</topic> + <affects> + <package> + <name>silc-client</name> + <name>silc-irssi-client</name> + <range><lt>1.1.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SILC changelog reports:</p> + <blockquote cite="http://silcnet.org/docs/changelog/SILC%20Client%201.1.8"> + <p>An unspecified format string vulnerability exists in + silc-client.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-3051</cvename> + <url>http://silcnet.org/docs/changelog/SILC%20Client%201.1.8</url> + </references> + <dates> + <discovery>2009-07-31</discovery> + <entry>2009-08-04</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="0d0237d0-7f68-11de-984d-0011098ad87f"> + <topic>SquirrelMail -- Plug-ins compromise</topic> + <affects> + <package> + <name>squirrelmail-multilogin-plugin</name> + <range><ge>2.3.4</ge><lt>2.3.4_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The SquirrelMail Web Server has been compromised, and three plugins + are affected.</p> + <p>The port of squirrelmail-sasql-plugin is safe (right MD5), and + change_pass is not in the FreeBSD ports tree, but multilogin has a + wrong MD5.</p> + </body> + </description> + <references> + <url>http://sourceforge.net/mailarchive/message.php?msg_name=4A727634.3080008%40squirrelmail.org</url> + <url>http://squirrelmail.org/index.php</url> + </references> + <dates> + <discovery>2009-07-31</discovery> + <entry>2009-08-02</entry> + </dates> + </vuln> + + <vuln vid="83725c91-7c7e-11de-9672-00e0815b8da8"> + <topic>BIND -- Dynamic update message remote DoS</topic> + <affects> + <package> + <name>bind9</name> + <range><lt>9.3.6.1.1</lt></range> + </package> + <package> + <name>bind9-sdb-postgresql</name> + <name>bind9-sdb-ldap</name> + <range><lt>9.4.3.3</lt></range> + </package> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_12</lt></range> + <range><ge>6.4</ge><lt>6.4_6</lt></range> + <range><ge>7.1</ge><lt>7.1_7</lt></range> + <range><ge>7.2</ge><lt>7.2_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>When named(8) receives a specially crafted dynamic update + message an internal assertion check is triggered which causes + named(8) to exit.</p> + <p>To trigger the problem, the dynamic update message must contains + a record of type "ANY" and at least one resource record set (RRset) + for this fully qualified domain name (FQDN) must exist on the + server.</p> + <h1>Impact:</h1> + <p>An attacker which can send DNS requests to a nameserver can cause + it to exit, thus creating a Denial of Service situation.</p> + <h1>Workaround:</h1> + <p>No generally applicable workaround is available, but some firewalls + may be able to prevent nsupdate DNS packets from reaching the + nameserver.</p> + <p>NOTE WELL: Merely configuring named(8) to ignore dynamic updates + is NOT sufficient to protect it from this vulnerability.</p> + </body> + </description> + <references> + <cvename>CVE-2009-0696</cvename> + <freebsdsa>SA-09:12.bind</freebsdsa> + <url>http://www.kb.cert.org/vuls/id/725188</url> + <url>https://www.isc.org/node/474</url> + </references> + <dates> + <discovery>2009-07-28</discovery> + <entry>2009-08-01</entry> + <modified>2009-08-04</modified> + </dates> + </vuln> + + <vuln vid="708c65a5-7c58-11de-a994-0030843d3802"> + <topic>mono -- XML signature HMAC truncation spoofing</topic> + <affects> + <package> + <name>mono</name> + <range><lt>2.4.2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35852/"> + <p>A security issue has been reported in Mono, which can be + exploited by malicious people to conduct spoofing attacks.</p> + <p>The security issue is caused due to an error when processing + certain XML signatures.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0217</cvename> + <url>http://secunia.com/advisories/35852/</url> + <url>http://www.kb.cert.org/vuls/id/466161</url> + </references> + <dates> + <discovery>2009-07-15</discovery> + <entry>2009-07-29</entry> + </dates> + </vuln> + + <vuln vid="e1156e90-7ad6-11de-b26a-0048543d60ce"> + <topic>squid -- several remote denial of service vulnerabilities</topic> + <affects> + <package> + <name>squid</name> + <range><ge>3.0.1</ge><lt>3.0.17</lt></range> + <range><ge>3.1.0.1</ge><lt>3.1.0.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Squid security advisory 2009:2 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_2.txt"> + <p>Due to incorrect buffer limits and related bound checks Squid + is vulnerable to a denial of service attack when processing + specially crafted requests or responses.</p> + <p>Due to incorrect data validation Squid is vulnerable to a + denial of service attack when processing specially crafted + responses.</p> + <p>These problems allow any trusted client or external server to + perform a denial of service attack on the Squid service.</p> + </blockquote> + <p>Squid-2.x releases are not affected.</p> + </body> + </description> + <references> + <cvename>CVE-2009-2621</cvename> + <cvename>CVE-2009-2622</cvename> + <url>http://www.squid-cache.org/Advisories/SQUID-2009_2.txt</url> + </references> + <dates> + <discovery>2009-07-27</discovery> + <entry>2009-07-27</entry> + <modified>2009-08-06</modified> + </dates> + </vuln> + + <vuln vid="c1ef9b33-72a6-11de-82ea-0030843d3802"> + <topic>mozilla -- corrupt JIT state after deep return from native function</topic> + <affects> + <package> + <name>firefox</name> + <range><ge>3.5.*,1</ge><lt>3.5.1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/announce/2009/mfsa2009-41.html"> + <p>Firefox user zbyte reported a crash that we determined could result + in an exploitable memory corruption problem. In certain cases after a + return from a native function, such as escape(), the Just-in-Time + (JIT) compiler could get into a corrupt state. This could be exploited + by an attacker to run arbitrary code such as installing malware.</p> + <p>This vulnerability does not affect earlier versions of Firefox + which do not support the JIT feature.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2477</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-41.html</url> + <url>http://www.kb.cert.org/vuls/id/443060</url> + </references> + <dates> + <discovery>2009-07-16</discovery> + <entry>2009-07-17</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="c444c8b7-7169-11de-9ab7-000c29a67389"> + <topic>isc-dhcp-client -- Stack overflow vulnerability</topic> + <affects> + <package> + <name>isc-dhcp31-client</name> + <range><le>3.1.1</le></range> + </package> + <package> + <name>isc-dhcp30-client</name> + <range><lt>3.0.7_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>US-CERT reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/410676"> + <p>The ISC DHCP dhclient application contains a stack buffer + overflow, which may allow a remote, unauthenticated attacker to + execute arbitrary code with root privileges.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0692</cvename> + <url>https://www.isc.org/node/468</url> + <url>http://secunia.com/advisories/35785</url> + <url>http://www.kb.cert.org/vuls/id/410676</url> + </references> + <dates> + <discovery>2009-07-14</discovery> + <entry>2009-07-15</entry> + <modified>2009-07-21</modified> + </dates> + </vuln> + + <vuln vid="be927298-6f97-11de-b444-001372fd0af2"> + <topic>drupal -- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.19</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Drupal Security Team reports:</p> + <blockquote cite="http://drupal.org/node/507572"> + <p>Cross-site scripting</p> + <p>The Forum module does not correctly handle certain arguments + obtained from the URL. By enticing a suitably privileged user + to visit a specially crafted URL, a malicious user is able to + insert arbitrary HTML and script code into forum pages. Such a + cross-site scripting attack may lead to the malicious user + gaining administrative access. Wikipedia has more information + about cross-site scripting (XSS).</p> + <p>User signatures have no separate input format, they use the + format of the comment with which they are displayed. A user + will no longer be able to edit a comment when an administrator + changes the comment's input format to a format that is not + accessible to the user. However they will still be able to + modify their signature, which will then be processed by the new + input format.</p> + <p>If the new format is very permissive, via their signature, the + user may be able to insert arbitrary HTML and script code into + pages or, when the PHP filter is enabled for the new format, + execute PHP code. This issue affects Drupal 6.x only.</p> + <p>When an anonymous user fails to login due to mistyping his + username or password, and the page he is on contains a sortable + table, the (incorrect) username and password are included in + links on the table. If the user visits these links the password + may then be leaked to external sites via the HTTP referer.</p> + <p>In addition, if the anonymous user is enticed to visit the site + via a specially crafted URL while the Drupal page cache is + enabled, a malicious user might be able to retrieve the + (incorrect) username and password from the page cache.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2372</cvename> + <cvename>CVE-2009-2374</cvename> + <cvename>CVE-2009-2373</cvename> + <url>http://drupal.org/node/507572</url> + <url>http://secunia.com/advisories/35681</url> + </references> + <dates> + <discovery>2009-07-01</discovery> + <entry>2009-07-13</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="70372cda-6771-11de-883a-00e0815b8da8"> + <topic>nfsen -- remote command execution</topic> + <affects> + <package> + <name>nfsen</name> + <range><lt>1.3.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>nfsen reports:</p> + <blockquote cite="http://sourceforge.net/forum/forum.php?forum_id=967583"> + <p>Due to double input checking, a remote command execution security + bug exists in all NfSen versions 1.3 and 1.3.1. Users are + requested to update to nfsen-1.3.2.</p> + </blockquote> + </body> + </description> + <references> + <url>http://sourceforge.net/forum/forum.php?forum_id=967583</url> + </references> + <dates> + <discovery>2009-06-18</discovery> + <entry>2009-07-03</entry> + </dates> + </vuln> + + <vuln vid="ba73f494-65a8-11de-aef5-001c2514716c"> + <topic>phpmyadmin -- XSS vulnerability</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>3.2.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin project reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php"> + <p>It was possible to conduct an XSS attack via a crafted + SQL bookmark.</p> + <p>All 3.x releases on which the "bookmarks" feature is + active are affected, previous versions are not.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2284</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php</url> + </references> + <dates> + <discovery>2009-06-30</discovery> + <entry>2009-06-30</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="3ebd4cb5-657f-11de-883a-00e0815b8da8"> + <topic>nagios -- Command Injection Vulnerability</topic> + <affects> + <package> + <name>nagios</name> + <range><le>3.0.6_1</le></range> + </package> + <package> + <name>nagios2</name> + <range><le>2.12_3</le></range> + </package> + <package> + <name>nagios-devel</name> + <range><le>3.1.0_1</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35543?"> + <p>A vulnerability has been reported in Nagios, which can be + exploited by malicious users to potentially compromise a + vulnerable system.</p> + <p>Input passed to the "ping" parameter in statuswml.cgi is not + properly sanitised before being used to invoke the ping command. + This can be exploited to inject and execute arbitrary shell + commands.</p> + <p>Successful exploitation requires access to the ping feature + of the WAP interface.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-2288</cvename> + <url>http://secunia.com/advisories/35543</url> + <url>http://tracker.nagios.org/view.php?id=15</url> + </references> + <dates> + <discovery>2009-05-29</discovery> + <entry>2009-06-30</entry> + <modified>2009-07-13</modified> + </dates> + </vuln> + + <vuln vid="f59dda75-5ff4-11de-a13e-00e0815b8da8"> + <topic>tor-devel -- DNS resolution vulnerability</topic> + <affects> + <package> + <name>tor-devel</name> + <range><lt>0.2.1.15-rc</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Tor Project reports:</p> + <blockquote cite="https://git.torproject.org/checkout/tor/master/ChangeLog"> + <p>A malicious exit relay could convince a controller that the + client's DNS question resolves to an internal IP address.</p> + </blockquote> + </body> + </description> + <references> + <url>https://git.torproject.org/checkout/tor/master/ChangeLog</url> + </references> + <dates> + <discovery>2009-06-20</discovery> + <entry>2009-06-23</entry> + </dates> + </vuln> + + <vuln vid="c14aa48c-5ab7-11de-bc9b-0030843d3802"> + <topic>cscope -- multiple buffer overflows</topic> + <affects> + <package> + <name>cscope</name> + <range><lt>15.7a</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34978"> + <p>Some vulnerabilities have been reported in Cscope, which + potentially can be exploited by malicious people to compromise a + user's system.</p> + <p>The vulnerabilities are caused due to various boundary errors, + which can be exploited to cause buffer overflows when parsing + specially crafted files or directories.</p> + </blockquote> + </body> + </description> + <references> + <bid>34805</bid> + <cvename>CVE-2009-0148</cvename> + <url>http://secunia.com/advisories/34978</url> + </references> + <dates> + <discovery>2009-05-31</discovery> + <entry>2009-06-16</entry> + </dates> + </vuln> + + <vuln vid="91a2066b-5ab6-11de-bc9b-0030843d3802"> + <topic>cscope -- buffer overflow</topic> + <affects> + <package> + <name>cscope</name> + <range><lt>15.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34832"> + <p>Attackers may leverage this issue to execute arbitrary code + in the context of the application. Failed attacks will cause + denial-of-service conditions.</p> + </blockquote> + </body> + </description> + <references> + <bid>34832</bid> + <cvename>CVE-2009-1577</cvename> + <url>http://cscope.cvs.sourceforge.net/viewvc/cscope/cscope/src/find.c?view=log#rev1.19</url> + </references> + <dates> + <discovery>2009-05-31</discovery> + <entry>2009-06-16</entry> + </dates> + </vuln> + + <vuln vid="bdccd14b-5aac-11de-a438-003048590f9e"> + <topic>joomla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>joomla15</name> + <range><lt>1.5.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35278/"> + <p>Some vulnerabilities have been reported in Joomla!, which can be + exploited by malicious users to conduct script insertion attacks and + by malicious people to conduct cross-site scripting attacks.</p> + <p>Certain unspecified input is not properly sanitised before being + used. This can be exploited to insert arbitrary HTML and script code, + which will be executed in a user's browser session in the context of + an affected site when the malicious data is displayed.</p> + <p>Certain unspecified input passed to the user view of the com_users + core component is not properly sanitised before being returned to the + user. This can be exploited to execute arbitrary HTML and script code + in a user's browser session in context of an affected site.</p> + <p>Input passed via certain parameters to the "JA_Purity" template is + not properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1938</cvename> + <cvename>CVE-2009-1939</cvename> + <cvename>CVE-2009-1940</cvename> + <url>http://secunia.com/advisories/35278/</url> + <url>http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html</url> + </references> + <dates> + <discovery>2009-06-03</discovery> + <entry>2009-06-16</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="b1ca65e6-5aaf-11de-bc9b-0030843d3802"> + <topic>pidgin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>pidgin</name> + <name>libpurple</name> + <name>finch</name> + <range><lt>2.5.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35194/"> + <p>Some vulnerabilities and weaknesses have been reported in Pidgin, + which can be exploited by malicious people to cause a DoS or to + potentially compromise a user's system.</p> + <p>A truncation error in the processing of MSN SLP messages can be + exploited to cause a buffer overflow.</p> + <p>A boundary error in the XMPP SOCKS5 "bytestream" server when + initiating an outgoing file transfer can be exploited to cause a + buffer overflow.</p> + <p>A boundary error exists in the implementation of the + "PurpleCircBuffer" structure. This can be exploited to corrupt memory + and cause a crash via specially crafted XMPP or Sametime + packets.</p> + <p>A boundary error in the "decrypt_out()" function can be exploited + to cause a stack-based buffer overflow with 8 bytes and crash the + application via a specially crafted QQ packet.</p> + </blockquote> + </body> + </description> + <references> + <bid>35067</bid> + <cvename>CVE-2009-1373</cvename> + <cvename>CVE-2009-1374</cvename> + <cvename>CVE-2009-1375</cvename> + <cvename>CVE-2009-1376</cvename> + <url>http://secunia.com/advisories/35194/</url> + <url>http://www.pidgin.im/news/security/?id=29</url> + <url>http://www.pidgin.im/news/security/?id=30</url> + <url>http://www.pidgin.im/news/security/?id=32</url> + </references> + <dates> + <discovery>2009-06-03</discovery> + <entry>2009-06-16</entry> + </dates> + </vuln> + + <vuln vid="d9b01c08-59b3-11de-828e-00e0815b8da8"> + <topic>git -- denial of service vulnerability</topic> + <affects> + <package> + <name>git</name> + <range><lt>1.6.3.2_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/35338/discuss"> + <p>Git is prone to a denial-of-service vulnerability because it + fails to properly handle some client requests.</p> + <p>Attackers can exploit this issue to cause a daemon process to + enter an infinite loop. Repeated exploits may consume excessive + system resources, resulting in a denial of service condition.</p> + </blockquote> + </body> + </description> + <references> + <bid>35338</bid> + <cvename>CVE-2009-2108</cvename> + <url>https://www.redhat.com/archives/fedora-security-list/2009-June/msg00000.html</url> + <url>http://article.gmane.org/gmane.comp.version-control.git/120724</url> + </references> + <dates> + <discovery>2009-06-04</discovery> + <entry>2009-06-15</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="62e0fbe5-5798-11de-bb78-001cc0377035"> + <topic>ruby -- BigDecimal denial of service vulnerability</topic> + <affects> + <package> + <name>ruby</name> + <name>ruby+pthreads</name> + <name>ruby+pthreads+oniguruma</name> + <name>ruby+oniguruma</name> + <range><ge>1.8.*,1</ge><lt>1.8.7.160_1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The official ruby site reports:</p> + <blockquote cite="http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/"> + <p>A denial of service (DoS) vulnerability was found on the + BigDecimal standard library of Ruby. Conversion from BigDecimal + objects into Float numbers had a problem which enables attackers + to effectively cause segmentation faults.</p> + <p>An attacker can cause a denial of service by causing BigDecimal + to parse an insanely large number, such as:</p> + <p><code>BigDecimal("9E69999999").to_s("F")</code></p> + </blockquote> + </body> + </description> + <references> + <bid>35278</bid> + <cvename>CVE-2009-1904</cvename> + <url>http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/</url> + </references> + <dates> + <discovery>2009-06-09</discovery> + <entry>2009-06-13</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="da185955-5738-11de-b857-000f20797ede"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.20_8,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.11,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-firefox-devel</name> + <range><lt>3.0.11</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.22</lt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.17</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> + <p>MFSA 2009-32 JavaScript chrome privilege escalation</p> + <p>MFSA 2009-31 XUL scripts bypass content-policy checks</p> + <p>MFSA 2009-30 Incorrect principal set for file: resources + loaded via location bar</p> + <p>MFSA 2009-29 Arbitrary code execution using event listeners + attached to an element whose owner document is null</p> + <p>MFSA 2009-28 Race condition while accessing the private data + of a NPObject JS wrapper class object</p> + <p>MFSA 2009-27 SSL tampering via non-200 responses to proxy + CONNECT requests</p> + <p>MFSA 2009-26 Arbitrary domain cookie access by local file: + resources</p> + <p>MFSA 2009-25 URL spoofing with invalid unicode characters</p> + <p>MFSA 2009-24 Crashes with evidence of memory corruption (rv:1.9.0.11)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1392</cvename> + <cvename>CVE-2009-1832</cvename> + <cvename>CVE-2009-1833</cvename> + <cvename>CVE-2009-1834</cvename> + <cvename>CVE-2009-1835</cvename> + <cvename>CVE-2009-1836</cvename> + <cvename>CVE-2009-1837</cvename> + <cvename>CVE-2009-1838</cvename> + <cvename>CVE-2009-1839</cvename> + <cvename>CVE-2009-1840</cvename> + <cvename>CVE-2009-1841</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-24.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-25.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-26.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-27.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-28.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-29.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-30.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-31.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-32.html</url> + <url>http://secunia.com/advisories/35331/</url> + </references> + <dates> + <discovery>2009-06-11</discovery> + <entry>2009-06-12</entry> + <modified>2009-12-12</modified> + </dates> + </vuln> + + <vuln vid="eb9212f7-526b-11de-bbf2-001b77d09812"> + <topic>apr -- multiple vulnerabilities</topic> + <affects> + <package> + <name>apr</name> + <range><lt>1.3.5.1.3.7</lt></range> + </package> + <package> + <name>apache</name> + <range><ge>2.2.0</ge><lt>2.2.11_5</lt></range> + <range><ge>2.0.0</ge><lt>2.0.63_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35284/"> + <p>Some vulnerabilities have been reported in APR-util, which + can be exploited by malicious users and malicious people to + cause a DoS (Denial of Service).</p> + <p>A vulnerability is caused due to an error in the processing + of XML files and can be exploited to exhaust all available + memory via a specially crafted XML file containing a + predefined entity inside an entity definition.</p> + <p>A vulnerability is caused due to an error within the + "apr_strmatch_precompile()" function in + strmatch/apr_strmatch.c, which can be exploited to crash an + application using the library.</p> + </blockquote> + <p>RedHat reports:</p> + <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=3D504390"> + <p>A single NULL byte buffer overflow flaw was found in + apr-util's apr_brigade_vprintf() function.</p> + </blockquote> + </body> + </description> + <references> + <bid>35221</bid> + <cvename>CVE-2009-1955</cvename> + <cvename>CVE-2009-1956</cvename> + <cvename>CVE-2009-0023</cvename> + <url>http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3</url> + <url>http://secunia.com/advisories/35284/</url> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=3D504390</url> + </references> + <dates> + <discovery>2009-06-05</discovery> + <entry>2009-06-08</entry> + </dates> + </vuln> + + <vuln vid="4f838b74-50a1-11de-b01f-001c2514716c"> + <topic>dokuwiki -- Local File Inclusion with register_globals on</topic> + <affects> + <package> + <name>dokuwiki</name> + <range><lt>20090214_2</lt></range> + </package> + <package> + <name>dokuwiki-devel</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>DokuWiki reports:</p> + <blockquote cite="http://bugs.splitbrain.org/index.php?do=details&task_id=1700"> + <p>A security hole was discovered which allows an attacker + to include arbitrary files located on the attacked DokuWiki + installation. The included file is executed in the PHP context. + This can be escalated by introducing malicious code through + uploading file via the media manager or placing PHP code in + editable pages.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1960</cvename> + <url>http://bugs.splitbrain.org/index.php?do=details&task_id=1700</url> + </references> + <dates> + <discovery>2009-05-26</discovery> + <entry>2009-06-04</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="82b55df8-4d5a-11de-8811-0030843d3802"> + <topic>openssl -- denial of service in DTLS implementation</topic> + <affects> + <package> + <name>openssl</name> + <range><ge>0.9.8</ge><lt>0.9.8k_1</lt></range> + </package> + <package> + <name>linux-f10-openssl</name> + <range><ge>0.9.8f</ge><lt>0.9.8m</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35128/"> + <p>Some vulnerabilities have been reported in OpenSSL, which can be + exploited by malicious people to cause a DoS.</p> + <p>The library does not limit the number of buffered DTLS records with + a future epoch. This can be exploited to exhaust all available memory + via specially crafted DTLS packets.</p> + <p>An error when processing DTLS messages can be exploited to exhaust + all available memory by sending a large number of out of sequence + handshake messages.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1377</cvename> + <cvename>CVE-2009-1378</cvename> + <url>http://secunia.com/advisories/35128/</url> + </references> + <dates> + <discovery>2009-05-18</discovery> + <entry>2009-05-30</entry> + <modified>2014-04-10</modified> + </dates> + </vuln> + + <vuln vid="399f4cd7-4d59-11de-8811-0030843d3802"> + <topic>eggdrop -- denial of service vulnerability</topic> + <affects> + <package> + <name>eggdrop</name> + <range><lt>1.6.19_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35104/"> + <p>The vulnerability is caused due to an error in the processing of + private messages within the server module + (/mod/server.mod/servrmsg.c). This can be exploited to cause a + crash by sending a specially crafted message to the bot.</p> + </blockquote> + </body> + </description> + <references> + <bid>34985</bid> + <cvename>CVE-2009-1789</cvename> + <url>http://www.eggheads.org/news/2009/05/14/35</url> + <url>http://secunia.com/advisories/35104/</url> + </references> + <dates> + <discovery>2009-05-15</discovery> + <entry>2009-05-30</entry> + </dates> + </vuln> + + <vuln vid="a2d4a330-4d54-11de-8811-0030843d3802"> + <topic>wireshark -- PCNFSD Dissector Denial of Service Vulnerability</topic> + <affects> + <package> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <name>wireshark</name> + <name>wireshark-lite</name> + <range><lt>1.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35201/"> + <p>A vulnerability has been reported in Wireshark, which can be + exploited by malicious people to cause a DoS.</p> + <p>The vulnerability is caused due to an error in the PCNFSD dissector + and can be exploited to cause a crash via a specially crafted PCNFSD + packet.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1829</cvename> + <url>http://secunia.com/advisories/35201/</url> + <url>http://www.wireshark.org/security/wnpa-sec-2009-03.html</url> + </references> + <dates> + <discovery>2009-05-21</discovery> + <entry>2009-05-30</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="6355efdb-4d4d-11de-8811-0030843d3802"> + <topic>libsndfile -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libsndfile</name> + <range><lt>1.0.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35076/"> + <p>Two vulnerabilities have been reported in libsndfile, which can be + exploited by malicious people to compromise an application using the + library.</p> + <p>A boundary error exists within the "voc_read_header()" function in + src/voc.c. This can be exploited to cause a heap-based buffer overflow + via a specially crafted VOC file.</p> + <p>A boundary error exists within the "aiff_read_header()" function in + src/aiff.c. This can be exploited to cause a heap-based buffer overflow + via a specially crafted AIFF file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1788</cvename> + <cvename>CVE-2009-1791</cvename> + <url>http://secunia.com/advisories/35076/</url> + <url>http://www.trapkit.de/advisories/TKADV2009-006.txt</url> + </references> + <dates> + <discovery>2009-05-15</discovery> + <entry>2009-05-30</entry> + </dates> + </vuln> + + <vuln vid="80f13884-4d4c-11de-8811-0030843d3802"> + <topic>slim -- local disclosure of X authority magic cookie</topic> + <affects> + <package> + <name>slim</name> + <range><lt>1.3.1_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/35132/"> + <p>A security issue has been reported in SLiM, which can be + exploited by malicious, local users to disclose sensitive + information.</p> + <p>The security issue is caused due to the application + generating the X authority file by passing the X authority + cookie via the command line to "xauth". This can be exploited + to disclose the X authority cookie by consulting the process + list and e.g. gain access the user's display.</p> + </blockquote> + </body> + </description> + <references> + <bid>35015</bid> + <cvename>CVE-2009-1756</cvename> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529306</url> + </references> + <dates> + <discovery>2009-05-20</discovery> + <entry>2009-05-30</entry> + </dates> + </vuln> + + <vuln vid="4175c811-f690-4898-87c5-755b3cf1bac6"> + <topic>ntp -- stack-based buffer overflow</topic> + <affects> + <package> + <name>ntp</name> + <range><lt>4.2.4p7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>US-CERT reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/853097"> + <p>ntpd contains a stack buffer overflow which may allow a remote + unauthenticated attacker to execute arbitrary code on a vulnerable + system or create a denial of service.</p> + </blockquote> + </body> + </description> + <references> + <bid>35017</bid> + <cvename>CVE-2009-0159</cvename> + <cvename>CVE-2009-1252</cvename> + <url>http://www.kb.cert.org/vuls/id/853097</url> + </references> + <dates> + <discovery>2009-05-06</discovery> + <entry>2009-05-20</entry> + </dates> + </vuln> + + <vuln vid="5ed2f96b-33b7-4863-8c6b-540d22344424"> + <topic>imap-uw -- University of Washington IMAP c-client Remote Format String Vulnerability</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007e</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33795"> + <p>University of Washington IMAP c-client is prone to a remote + format-string vulnerability because the software fails to adequately + sanitize user-supplied input before passing it as the + format-specifier to a formatted-printing function.</p> + </blockquote> + </body> + </description> + <references> + <bid>33795</bid> + </references> + <dates> + <discovery>2009-02-17</discovery> + <entry>2009-05-21</entry> + <modified>2009-05-22</modified> + </dates> + </vuln> + + <vuln vid="37a8603d-4494-11de-bea7-000c29a67389"> + <topic>nsd -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>nsd</name> + <range><lt>3.2.2</lt></range> + </package> + <package> + <name>nsd2</name> + <range><lt>2.3.7_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>NLnet Labs:</p> + <blockquote cite="http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html"> + <p>A one-byte buffer overflow has been reported in NSD. The + problem affects all versions 2.0.0 to 3.2.1. The bug allows + a carefully crafted exploit to bring down your DNS server. It + is highly unlikely that this one byte overflow can lead to + other (system) exploits.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1755</cvename> + <url>http://www.nlnetlabs.nl/publications/NSD_vulnerability_announcement.html</url> + </references> + <dates> + <discovery>2009-05-19</discovery> + <entry>2009-05-19</entry> + <modified>2009-05-22</modified> + </dates> + </vuln> + + <vuln vid="48e14d86-42f1-11de-ad22-000e35248ad7"> + <topic>libxine -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxine</name> + <range><lt>1.1.16.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>xine developers report:</p> + <blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=673233"> + <ul> + <li>Fix another possible int overflow in the 4XM demuxer. + (ref. TKADV2009-004, CVE-2009-0385)</li> + <li>Fix an integer overflow in the Quicktime demuxer.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0385</cvename> + <cvename>CVE-2009-1274</cvename> + <url>http://trapkit.de/advisories/TKADV2009-004.txt</url> + <url>http://trapkit.de/advisories/TKADV2009-005.txt</url> + <url>http://sourceforge.net/project/shownotes.php?release_id=660071</url> + </references> + <dates> + <discovery>2009-04-04</discovery> + <entry>2009-05-17</entry> + </dates> + </vuln> + + <vuln vid="51d1d428-42f0-11de-ad22-000e35248ad7"> + <topic>libxine -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libxine</name> + <range><lt>1.1.16.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Multiple vulnerabilities were fixed in libxine 1.1.16.2.</p> + <p>Tobias Klein reports:</p> + <blockquote cite="http://trapkit.de/advisories/TKADV2009-004.txt"> + <p>FFmpeg contains a type conversion vulnerability while + parsing malformed 4X movie files. The vulnerability may be + exploited by a (remote) attacker to execute arbitrary code in + the context of FFmpeg or an application using the FFmpeg + library.</p> + <p>Note: A similar issue also affects xine-lib < version + 1.1.16.2.</p> + </blockquote> + <p>xine developers report:</p> + <blockquote cite="http://sourceforge.net/project/shownotes.php?group_id=9655&release_id=660071"> + <ul> + <li>Fix broken size checks in various input plugins (ref. + CVE-2008-5239).</li> + <li>More malloc checking (ref. CVE-2008-5240).</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0698</cvename> + <cvename>CVE-2008-5234</cvename> + <cvename>CVE-2008-5240</cvename> + <url>http://trapkit.de/advisories/TKADV2009-004.txt</url> + <url>http://sourceforge.net/project/shownotes.php?release_id=660071</url> + </references> + <dates> + <discovery>2009-02-15</discovery> + <entry>2009-05-17</entry> + </dates> + </vuln> + + <vuln vid="1e8031be-4258-11de-b67a-0030843d3802"> + <topic>php -- ini database truncation inside dba_replace() function</topic> + <affects> + <package> + <name>php4-dba</name> + <range><lt>4.4.9_1</lt></range> + </package> + <package> + <name>php5-dba</name> + <range><lt>5.2.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus research reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/498746/30/0/threaded"> + <p>A bug that leads to the emptying of the INI file contents if + the database key was not found exists in PHP dba extension in + versions 5.2.6, 4.4.9 and earlier.</p> + <p>Function dba_replace() are not filtering strings key and value. + There is a possibility for the destruction of the file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-7068</cvename> + <url>http://www.securityfocus.com/archive/1/498746/30/0/threaded</url> + <url>http://securityreason.com/achievement_securityalert/58</url> + </references> + <dates> + <discovery>2008-11-28</discovery> + <entry>2009-05-16</entry> + <modified>2013-06-16</modified> + </dates> + </vuln> + + <vuln vid="6a245f31-4254-11de-b67a-0030843d3802"> + <topic>libwmf -- embedded GD library Use-After-Free vulnerability</topic> + <affects> + <package> + <name>libwmf</name> + <range><lt>0.2.8.4_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34901"> + <p>A vulnerability has been reported in libwmf, which can be exploited + by malicious people to cause a DoS (Denial of Service) or compromise + an application using the library.</p> + <p>The vulnerability is caused due to a use-after-free error within the + embedded GD library, which can be exploited to cause a crash or + potentially to execute arbitrary code via a specially crafted WMF + file.</p> + </blockquote> + </body> + </description> + <references> + <bid>34792</bid> + <cvename>CVE-2009-1364</cvename> + <url>https://bugzilla.redhat.com/show_bug.cgi?id=496864</url> + <url>https://rhn.redhat.com/errata/RHSA-2009-0457.html</url> + <url>http://secunia.com/advisories/34901/</url> + </references> + <dates> + <discovery>2009-05-05</discovery> + <entry>2009-05-16</entry> + </dates> + </vuln> + + <vuln vid="48aab1d0-4252-11de-b67a-0030843d3802"> + <topic>libwmf -- integer overflow vulnerability</topic> + <affects> + <package> + <name>libwmf</name> + <range><lt>0.2.8.4_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/20921"> + <p>infamous41md has reported a vulnerability in libwmf, which + potentially can be exploited by malicious people to compromise an + application using the vulnerable library.</p> + <p>The vulnerability is caused due to an integer overflow error when + allocating memory based on a value taken directly from a WMF file + without performing any checks. This can be exploited to cause a + heap-based buffer overflow when a specially crafted WMF file is + processed.</p> + </blockquote> + </body> + </description> + <references> + <bid>18751</bid> + <cvename>CVE-2006-3376</cvename> + <url>http://secunia.com/advisories/20921/</url> + </references> + <dates> + <discovery>2006-07-03</discovery> + <entry>2009-05-16</entry> + </dates> + </vuln> + + <vuln vid="bfe218a5-4218-11de-b67a-0030843d3802"> + <topic>moinmoin -- cross-site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.8.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34821/"> + <p>Input passed via multiple parameters to action/AttachFile.py is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in the context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1482</cvename> + <url>http://secunia.com/advisories/34821/</url> + <url>http://moinmo.in/SecurityFixes</url> + </references> + <dates> + <discovery>2009-04-21</discovery> + <entry>2009-05-16</entry> + </dates> + </vuln> + + <vuln vid="4a638895-41b7-11de-b1cc-00219b0fc4d8"> + <topic>mod_perl -- cross-site scripting</topic> + <affects> + <package> + <name>mod_perl</name> + <range><lt>1.31</lt></range> + </package> + <package> + <name>mod_perl2</name> + <range><lt>2.05</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/3459796"> + <p>Certain input passed to the "Apache::Status" and "Apache2::Status" + modules is not properly sanitised before being returned to the user. + This can be exploited to execute arbitrary HTML and script code in a + user's browser session in context of an affected website.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0796</cvename> + <url>http://secunia.com/advisories/34597</url> + </references> + <dates> + <discovery>2009-02-28</discovery> + <entry>2009-05-16</entry> + <modified>2009-05-16</modified> + </dates> + </vuln> + + <vuln vid="a6605f4b-4067-11de-b444-001372fd0af2"> + <topic>drupal -- cross-site scripting</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.18</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.12</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Drupal Security Team reports:</p> + <blockquote cite="http://drupal.org/node/461886"> + <p>When outputting user-supplied data Drupal strips potentially + dangerous HTML attributes and tags or escapes characters which + have a special meaning in HTML. This output filtering secures the + site against cross site scripting attacks via user input.</p> + <p>Certain byte sequences that are valid in the UTF-8 specification + are potentially dangerous when interpreted as UTF-7. Internet + Explorer 6 and 7 may decode these characters as UTF-7 if they + appear before the <meta http-equiv="Content-Type" /> tag that + specifies the page content as UTF-8, despite the fact that Drupal + also sends a real HTTP header specifying the content as UTF-8. + This enables attackers to execute cross site scripting attacks + with UTF-7. SA-CORE-2009-005 - Drupal core - Cross site scripting + contained an incomplete fix for the issue. HTML exports of books + are still vulnerable, which means that anyone with edit + permissions for pages in outlines is able to insert arbitrary HTML + and script code in these exports.</p> + <p>Additionally, the taxonomy module allows users with the + 'administer taxonomy' permission to inject arbitrary HTML and + script code in the help text of any vocabulary.</p> + </blockquote> + </body> + </description> + <references> + <url>http://drupal.org/node/461886</url> + <url>http://secunia.com/advisories/35045</url> + </references> + <dates> + <discovery>2009-05-13</discovery> + <entry>2009-05-14</entry> + <modified>2009-05-16</modified> + </dates> + </vuln> + + <vuln vid="14ab174c-40ef-11de-9fd5-001bd3385381"> + <topic>cyrus-sasl -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>cyrus-sasl</name> + <range><lt>2.1.23</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>US-CERT reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/238019"> + <p>The sasl_encode64() function converts a string into + base64. The Cyrus SASL library contains buffer overflows + that occur because of unsafe use of the sasl_encode64() + function.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0688</cvename> + <url>http://www.kb.cert.org/vuls/id/238019</url> + </references> + <dates> + <discovery>2009-04-08</discovery> + <entry>2009-05-15</entry> + </dates> + </vuln> + + <vuln vid="fc4d0ae8-3fa3-11de-a3fd-0030843d3802"> + <topic>moinmoin -- multiple cross site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.8.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33593/"> + <p>Some vulnerabilities have been reported in MoinMoin, which can be + exploited by malicious people to conduct cross-site scripting attacks.</p> + <p>Input passed to multiple parameters in action/AttachFile.py is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in the context of an affected site.</p> + <p>Certain input passed to security/antispam.py is not properly + sanitised before being returned to the user. This can be exploited to + execute arbitrary HTML and script code in a user's browser session in + the context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0260</cvename> + <cvename>CVE-2009-0312</cvename> + <url>http://moinmo.in/SecurityFixes</url> + <url>http://secunia.com/advisories/33593</url> + </references> + <dates> + <discovery>2009-01-21</discovery> + <entry>2009-05-13</entry> + </dates> + </vuln> + + <vuln vid="f0f97b94-3f95-11de-a3fd-0030843d3802"> + <topic>ghostscript -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>ghostscript8</name> + <name>ghostscript8-nox11</name> + <range><lt>8.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34340/discuss"> + <p>Ghostscript is prone to a remote buffer-overflow vulnerability + because it fails to properly bounds-check user-supplied input before + copying it into a finite-sized buffer.</p> + <p>Exploiting this issue allows remote attackers to overwrite a + sensitive memory buffer with arbitrary data, potentially allowing them + to execute malicious machine code in the context of the affected + application. This vulnerability may facilitate the compromise of + affected computers.</p> + </blockquote> + </body> + </description> + <references> + <bid>34340</bid> + <cvename>CVE-2008-6679</cvename> + </references> + <dates> + <discovery>2009-02-03</discovery> + <entry>2009-05-13</entry> + </dates> + </vuln> + + <vuln vid="4b172278-3f46-11de-becb-001cc0377035"> + <topic>pango -- integer overflow</topic> + <affects> + <package> + <name>pango</name> + <name>linux-pango</name> + <name>linux-f8-pango</name> + <name>linux-f10-pango</name> + <range><lt>1.24</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>oCERT reports:</p> + <blockquote cite="http://www.ocert.org/advisories/ocert-2009-001.html"> + <p>Pango suffers from a multiplicative integer overflow which + may lead to a potentially exploitable, heap overflow depending + on the calling conditions.</p> + <p>For example, this vulnerability is remotely reachable in Firefox + by creating an overly large document.location value but only results + in a process-terminating, allocation error (denial of service).</p> + <p>The affected function is pango_glyph_string_set_size. An overflow + check when doubling the size neglects the overflow possible on the + subsequent allocation.</p> + </blockquote> + </body> + </description> + <references> + <bid>34870</bid> + <cvename>CVE-2009-1194</cvename> + <url>http://secunia.com/advisories/35021/</url> + </references> + <dates> + <discovery>2009-02-22</discovery> + <entry>2009-05-13</entry> + <modified>2009-10-01</modified> + </dates> + </vuln> + + <vuln vid="defce068-39aa-11de-a493-001b77d09812"> + <topic>wireshark -- multiple vulnerabilities</topic> + <affects> + <package> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <name>wireshark</name> + <name>wireshark-lite</name> + <range><lt>1.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Wireshark team reports:</p> + <blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-02.html"> + <p>Wireshark 1.0.7 fixes the following vulnerabilities:</p> + <ul> + <li>The PROFINET dissector was vulnerable to a format + string overflow. (Bug 3382) Versions affected: 0.99.6 to + 1.0.6, CVE-2009-1210.</li> + <li>The Check Point High-Availability Protocol (CPHAP) + dissector could crash. (Bug 3269) Versions affected: 0.9.6 + to 1.0.6; CVE-2009-1268.</li> + <li>Wireshark could crash while loading a Tektronix .rf5 + file. (Bug 3366) Versions affected: 0.99.6 to 1.0.6, + CVE-2009-1269.</li> + </ul> + </blockquote> + </body> + </description> + <references> + <bid>34291</bid> + <bid>34457</bid> + <cvename>CVE-2009-1210</cvename> + <cvename>CVE-2009-1268</cvename> + <cvename>CVE-2009-1269</cvename> + <url>http://www.wireshark.org/security/wnpa-sec-2009-02.html</url> + <url>http://secunia.com/advisories/34542</url> + </references> + <dates> + <discovery>2009-04-06</discovery> + <entry>2009-05-09</entry> + <modified>2009-05-13</modified> + </dates> + </vuln> + + <vuln vid="736e55bc-39bb-11de-a493-001b77d09812"> + <topic>cups -- remote code execution and DNS rebinding</topic> + <affects> + <package> + <name>cups-base</name> + <range><lt>1.3.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Gentoo security team summarizes:</p> + <blockquote cite="http://www.gentoo.org/security/en/glsa/glsa-200904-20.xml"> + <p>The following issues were reported in CUPS:</p> + <ul> + <li>iDefense reported an integer overflow in the + _cupsImageReadTIFF() function in the "imagetops" filter, + leading to a heap-based buffer overflow (CVE-2009-0163).</li> + <li>Aaron Siegel of Apple Product Security reported that the + CUPS web interface does not verify the content of the "Host" + HTTP header properly (CVE-2009-0164).</li> + <li>Braden Thomas and Drew Yao of Apple Product Security + reported that CUPS is vulnerable to CVE-2009-0146, + CVE-2009-0147 and CVE-2009-0166, found earlier in xpdf and + poppler.</li> + </ul> + <p>A remote attacker might send or entice a user to send a + specially crafted print job to CUPS, possibly resulting in the + execution of arbitrary code with the privileges of the + configured CUPS user -- by default this is "lp", or a Denial + of Service. Furthermore, the web interface could be used to + conduct DNS rebinding attacks.</p> + </blockquote> + </body> + </description> + <references> + <bid>34571</bid> + <bid>34665</bid> + <bid>34568</bid> + <cvename>CVE-2009-0163</cvename> + <cvename>CVE-2009-0164</cvename> + <cvename>CVE-2009-0146</cvename> + <cvename>CVE-2009-0147</cvename> + <cvename>CVE-2009-0166</cvename> + <url>http://www.cups.org/articles.php?L582</url> + </references> + <dates> + <discovery>2009-05-05</discovery> + <entry>2009-05-07</entry> + <modified>2009-05-13</modified> + </dates> + </vuln> + + <vuln vid="fbc8413f-2f7a-11de-9a3f-001b77d09812"> + <topic>FreeBSD -- remotely exploitable crash in OpenSSL</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_10</lt></range> + <range><ge>6.4</ge><lt>6.4_4</lt></range> + <range><ge>7.0</ge><lt>7.0_12</lt></range> + <range><ge>7.1</ge><lt>7.1_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>The function ASN1_STRING_print_ex does not properly validate + the lengths of BMPString or UniversalString objects before + attempting to print them.</p> + <h1>Impact</h1> + <p>An application which attempts to print a BMPString or + UniversalString which has an invalid length will crash as a + result of OpenSSL accessing invalid memory locations. This + could be used by an attacker to crash a remote application.</p> + <h1>Workaround</h1> + <p>No workaround is available, but applications which do not use + the ASN1_STRING_print_ex function (either directly or indirectly) + are not affected.</p> + </body> + </description> + <references> + <freebsdsa>SA-09:08.openssl</freebsdsa> + <cvename>CVE-2009-0590</cvename> + </references> + <dates> + <discovery>2009-03-25</discovery> + <entry>2009-05-07</entry> + <modified>2009-05-13</modified> + </dates> + </vuln> + + <vuln vid="2748fdde-3a3c-11de-bbc5-00e0815b8da8"> + <topic>quagga -- Denial of Service</topic> + <affects> + <package> + <name>quagga</name> + <range><lt>0.99.11_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Debian Security Team reports:</p> + <blockquote cite="http://www.securityfocus.com/archive/1/503220"> + <p>It was discovered that Quagga, an IP routing daemon, could + no longer process the Internet routing table due to broken + handling of multiple 4-byte AS numbers in an AS path. If such + a prefix is received, the BGP daemon crashes with an assert + failure leading to a denial of service.</p> + </blockquote> + </body> + </description> + <references> + <bid>34656</bid> + <mlist msgid="Pine.LNX.4.64.0904301931590.24373@nacho.alt.net">http://lists.quagga.net/pipermail/quagga-dev/2009-April/006541.html</mlist> + <cvename>CVE-2009-1572</cvename> + </references> + <dates> + <discovery>2009-05-04</discovery> + <entry>2009-05-06</entry> + <modified>2009-05-07</modified> + </dates> + </vuln> + + <vuln vid="e3e30d99-58a8-4a3f-8059-a8b7cd59b881"> + <topic>openfire -- Openfire No Password Changes Security Bypass</topic> + <affects> + <package> + <name>openfire</name> + <range><lt>3.6.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34984/"> + <p>A vulnerability has been reported in Openfire which can + be exploited by malicious users to bypass certain security + restrictions. The vulnerability is caused due to Openfire + not properly respecting the no password changes setting which + can be exploited to change passwords by sending jabber:iq:auth + passwd_change requests to the server.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1596</cvename> + <url>http://secunia.com/advisories/34984/</url> + <url>http://www.igniterealtime.org/issues/browse/JM-1532</url> + <url>http://www.igniterealtime.org/community/message/190288#190288</url> + </references> + <dates> + <discovery>2009-05-04</discovery> + <entry>2009-05-04</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="7a1ab8d4-35c1-11de-9672-0030843d3802"> + <topic>drupal -- cross site scripting</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.17</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Security Team reports:</p> + <blockquote cite="http://drupal.org/node/449078"> + <p>When outputting user-supplied data Drupal strips potentially + dangerous HTML attributes and tags or escapes characters which have a + special meaning in HTML. This output filtering secures the site + against cross site scripting attacks via user input.</p> + <p>Certain byte sequences that are valid in the UTF-8 specification + are potentially dangerous when interpreted as UTF-7. Internet Explorer + 6 and 7 may decode these characters as UTF-7 if they appear before the + meta http-equiv="Content-Type" tag that specifies the page content + as UTF-8, despite the fact that Drupal also sends a real HTTP header + specifying the content as UTF-8. This behaviour enables malicious + users to insert and execute Javascript in the context of the website + if site visitors are allowed to post content.</p> + <p>In addition, Drupal core also has a very limited information + disclosure vulnerability under very specific conditions. If a user is + tricked into visiting the site via a specially crafted URL and then + submits a form (such as the search box) from that page, the + information in their form submission may be directed to a third-party + site determined by the URL and thus disclosed to the third party. The + third party site may then execute a CSRF attack against the submitted + form.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1575</cvename> + <cvename>CVE-2009-1576</cvename> + <url>http://drupal.org/node/449078</url> + </references> + <dates> + <discovery>2009-04-30</discovery> + <entry>2009-04-30</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="3b18e237-2f15-11de-9672-0030843d3802"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.20_7,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.9,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-firefox-devel</name> + <range><lt>3.0.9</lt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.17</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.22</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>MFSA 2009-22: Firefox allows Refresh header to redirect to + javascript: URIs</p> + <p>MFSA 2009-21: POST data sent to wrong site when saving web page + with embedded frame</p> + <p>MFSA 2009-20: Malicious search plugins can inject code into + arbitrary sites</p> + <p>MFSA 2009-19: Same-origin violations in XMLHttpRequest and + XPCNativeWrapper.toString</p> + <p>MFSA 2009-18: XSS hazard using third-party stylesheets and XBL + bindings</p> + <p>MFSA 2009-17: Same-origin violations when Adobe Flash loaded via + view-source: scheme</p> + <p>MFSA 2009-16: jar: scheme ignores the content-disposition: header + on the inner URI</p> + <p>MFSA 2009-15: URL spoofing with box drawing character</p> + <p>MFSA 2009-14 Crashes with evidence of memory corruption + (rv:1.9.0.9)</p> + </blockquote> + </body> + </description> + <references> + <bid>34656</bid> + <cvename>CVE-2009-1303</cvename> + <cvename>CVE-2009-1306</cvename> + <cvename>CVE-2009-1307</cvename> + <cvename>CVE-2009-1308</cvename> + <cvename>CVE-2009-1309</cvename> + <cvename>CVE-2009-1312</cvename> + <cvename>CVE-2009-1311</cvename> + <cvename>CVE-2009-1302</cvename> + <cvename>CVE-2009-1304</cvename> + <cvename>CVE-2009-1305</cvename> + <cvename>CVE-2009-1310</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-22.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-21.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-20.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-19.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-18.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-17.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-16.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-15.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-14.html</url> + </references> + <dates> + <discovery>2009-04-21</discovery> + <entry>2009-04-22</entry> + <modified>2009-12-12</modified> + </dates> + </vuln> + + <vuln vid="50d233d9-374b-46ce-922d-4e6b3f777bef"> + <topic>poppler -- Poppler Multiple Vulnerabilities</topic> + <affects> + <package> + <name>poppler</name> + <range><lt>0.10.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite=" http://secunia.com/advisories/34746/"> + <p>Some vulnerabilities have been reported in Poppler which can be + exploited by malicious people to potentially compromise an + application using the library.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/34746/</url> + </references> + <dates> + <discovery>2009-04-17</discovery> + <entry>2009-04-18</entry> + </dates> + </vuln> + + <vuln vid="a21037d5-2c38-11de-ab3b-0017a4cccfc6"> + <topic>xpdf -- multiple vulnerabilities</topic> + <affects> + <package> + <name>xpdf</name> + <range><lt>3.02_11</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://www.vupen.com/english/advisories/2009/1065"> + <p>Some vulnerabilities have been reported in Xpdf, which can be + exploited by malicious people to potentially compromise a user's + system.</p> + <p>A boundary error exists when decoding JBIG2 symbol dictionary + segments. This can be exploited to cause a heap-based buffer + overflow and potentially execute arbitrary code.</p> + <p>Multiple integer overflows in the JBIG2 decoder can be + exploited to potentially execute arbitrary code.</p> + <p>Multiple boundary errors in the JBIG2 decoder can be + exploited to cause buffer overflows and potentially execute + arbitrary code.</p> + <p>Multiple errors in the JBIG2 decoder can be exploited can be + exploited to free arbitrary memory and potentially execute arbitrary + code.</p> + <p>Multiple unspecified input validation errors in the JBIG2 decoder can + be exploited to potentially execute arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0146</cvename> + <cvename>CVE-2009-0147</cvename> + <cvename>CVE-2009-0166</cvename> + <cvename>CVE-2009-0799</cvename> + <cvename>CVE-2009-0800</cvename> + <cvename>CVE-2009-1179</cvename> + <cvename>CVE-2009-1180</cvename> + <cvename>CVE-2009-1181</cvename> + <cvename>CVE-2009-1182</cvename> + <cvename>CVE-2009-1183</cvename> + <url>http://secunia.com/advisories/34291</url> + <url>http://www.vupen.com/english/advisories/2009/1065</url> + </references> + <dates> + <discovery>2009-04-16</discovery> + <entry>2009-04-18</entry> + <modified>2009-04-18</modified> + </dates> + </vuln> + + <vuln vid="20b4f284-2bfc-11de-bdeb-0030843d3802"> + <topic>freetype2 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>freetype2</name> + <range><lt>2.3.9_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34723/"> + <p>Some vulnerabilities have been reported in FreeType, which can be + exploited by malicious people to potentially compromise an application + using the library.</p> + <p>An integer overflow error within the "cff_charset_compute_cids()" + function in cff/cffload.c can be exploited to potentially cause a + heap-based buffer overflow via a specially crafted font.</p> + <p>Multiple integer overflow errors within validation functions in + sfnt/ttcmap.c can be exploited to bypass length validations and + potentially cause buffer overflows via specially crafted fonts.</p> + <p>An integer overflow error within the "ft_smooth_render_generic()" + function in smooth/ftsmooth.c can be exploited to potentially cause a + heap-based buffer overflow via a specially crafted font.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0946</cvename> + <url>http://secunia.com/advisories/34723/</url> + </references> + <dates> + <discovery>2009-04-16</discovery> + <entry>2009-04-18</entry> + </dates> + </vuln> + + <vuln vid="cf91c1e4-2b6d-11de-931b-00e0815b8da8"> + <topic>ejabberd -- cross-site scripting vulnerability</topic> + <affects> + <package> + <name>ejabberd</name> + <range><lt>2.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/34133"> + <p>The ejabberd application is prone to a cross-site scripting + vulnerability.</p> + <p>An attacker may leverage this issue to execute arbitrary script code + in the browser of an unsuspecting user in the context of the affected + site and to steal cookie-based authentication credentials.</p> + </blockquote> + </body> + </description> + <references> + <bid>34133</bid> + <cvename>CVE-2009-0934</cvename> + </references> + <dates> + <discovery>2009-03-16</discovery> + <entry>2009-04-17</entry> + </dates> + </vuln> + + <vuln vid="872ae5be-29c0-11de-bdeb-0030843d3802"> + <topic>ziproxy -- multiple vulnerability</topic> + <affects> + <package> + <name>ziproxy</name> + <range><lt>2.7.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ziproxy Developers reports:</p> + <blockquote cite="http://www.kb.cert.org/vuls/id/MAPG-7N9GN8"> + <p>Multiple HTTP proxy implementations are prone to an + information-disclosure vulnerability related to the interpretation of + the 'Host' HTTP header. Specifically, this issue occurs when the proxy + makes a forwarding decision based on the 'Host' HTTP header instead of + the destination IP address.</p> + <p>Attackers may exploit this issue to obtain sensitive information + such as internal intranet webpages. Additional attacks may also be + possible.</p> + </blockquote> + </body> + </description> + <references> + <bid>33858</bid> + <cvename>CVE-2009-0804</cvename> + <url>http://www.kb.cert.org/vuls/id/MAPG-7N9GN8</url> + </references> + <dates> + <discovery>2009-02-23</discovery> + <entry>2009-04-15</entry> + </dates> + </vuln> + + <vuln vid="1a0e4cc6-29bf-11de-bdeb-0030843d3802"> + <topic>phpmyadmin -- insufficient output sanitizing when generating configuration file</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>3.1.3.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin Team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php"> + <p>Setup script used to generate configuration can be fooled using a + crafted POST request to include arbitrary PHP code in generated + configuration file. Combined with ability to save files on server, + this can allow unauthenticated users to execute arbitrary PHP code. + This issue is on different parameters than PMASA-2009-3 and it was + missed out of our radar because it was not existing in 2.11.x + branch.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1285</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php</url> + </references> + <dates> + <discovery>2009-04-14</discovery> + <entry>2009-04-15</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="03d22656-2690-11de-8226-0030843d3802"> + <topic>drupal6-cck -- cross-site scripting</topic> + <affects> + <package> + <name>drupal6-cck</name> + <range><lt>2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal CCK plugin developer reports:</p> + <blockquote cite="http://drupal.org/node/406520"> + <p>The Node reference and User reference sub-modules, which + are part of the Content Construction Kit (CCK) project, lets + administrators define node fields that are references to other + nodes or to users. When displaying a node edit form, the + titles of candidate referenced nodes or names of candidate + referenced users are not properly filtered, allowing malicious + users to inject arbitrary code on those pages. Such a cross + site scripting (XSS) attack may lead to a malicious user + gaining full administrative access.</p> + </blockquote> + </body> + </description> + <references> + <bid>34172</bid> + <cvename>CVE-2009-1069</cvename> + <url>http://drupal.org/node/406520</url> + </references> + <dates> + <discovery>2009-03-23</discovery> + <entry>2009-04-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="0fe73a4a-1b18-11de-8226-0030843d3802"> + <topic>pivot-weblog -- file deletion vulnerability</topic> + <affects> + <package> + <name>pivot-weblog</name> + <range><lt>1.40.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34302"> + <p>A vulnerability has been discovered in Pivot, which can be + exploited by malicious people to delete certain files.</p> + <p>Input passed to the "refkey" parameter in + extensions/bbclone_tools/count.php is not properly sanitised + before being used to delete files. This can be exploited to + delete files with the permissions of the web server via directory + traversal sequences passed within the "refkey" parameter.</p> + <p>NOTE: Users with the "Advanced" user level are able to include and + execute uploaded PHP code via the "pivot_path" parameter in + extensions/bbclone_tools/getkey.php when + extensions/bbclone_tools/hr_conf.php can be deleted.</p> + </blockquote> + </body> + </description> + <references> + <bid>34160</bid> + <url>http://secunia.com/advisories/34302/</url> + </references> + <dates> + <discovery>2009-03-18</discovery> + <entry>2009-03-27</entry> + </dates> + </vuln> + + <vuln vid="06f9174f-190f-11de-b2f0-001c2514716c"> + <topic>phpmyadmin -- insufficient output sanitizing when generating configuration file</topic> + <affects> + <package> + <name>phpMyAdmin211</name> + <range><lt>2.11.9.5</lt></range> + </package> + <package> + <name>phpMyAdmin</name> + <range><lt>3.1.3.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>phpMyAdmin reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php"> + <p>Setup script used to generate configuration can be fooled + using a crafted POST request to include arbitrary PHP code + in generated configuration file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-1151</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php</url> + </references> + <dates> + <discovery>2009-03-24</discovery> + <entry>2009-03-25</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="6bb6188c-17b2-11de-ae4d-0030843d3802"> + <topic>amarok -- multiple vulnerabilities</topic> + <affects> + <package> + <name>amarok</name> + <range><lt>1.4.10_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33505"> + <p>Tobias Klein has reported some vulnerabilities in Amarok, which + potentially can be exploited by malicious people to compromise a + user's system.</p> + <p>Two integer overflow errors exist within the + "Audible::Tag::readTag()" function in + src/metadata/audible/audibletag.cpp. These can be exploited to cause + heap-based buffer overflows via specially crafted Audible Audio + files.</p> + <p>Two errors within the "Audible::Tag::readTag()" function in + src/metadata/audible/audibletag.cpp can be exploited to corrupt + arbitrary memory via specially crafted Audible Audio files.</p> + </blockquote> + </body> + </description> + <references> + <bid>33210</bid> + <cvename>CVE-2009-0135</cvename> + <cvename>CVE-2009-0136</cvename> + <url>http://www.debian.org/security/2009/dsa-1706</url> + <url>http://secunia.com/advisories/33505</url> + </references> + <dates> + <discovery>2009-01-12</discovery> + <entry>2009-03-23</entry> + </dates> + </vuln> + + <vuln vid="f6f19735-9245-4918-8a60-87948ebb4907"> + <topic>wireshark -- multiple vulnerabilities</topic> + <affects> + <package> + <name>ethereal</name> + <name>ethereal-lite</name> + <name>tethereal</name> + <name>tethereal-lite</name> + <name>wireshark</name> + <name>wireshark-lite</name> + <range><lt>1.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Vendor reports:</p> + <blockquote cite="http://www.wireshark.org/security/wnpa-sec-2009-01.html"> + <p>On non-Windows systems Wireshark could crash if the HOME + environment variable contained sprintf-style string formatting + characters. Wireshark could crash while reading a malformed + NetScreen snoop file. Wireshark could crash while reading a + Tektronix K12 text capture file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0599</cvename> + <cvename>CVE-2009-0600</cvename> + <cvename>CVE-2009-0601</cvename> + <url>http://www.wireshark.org/security/wnpa-sec-2009-01.html</url> + </references> + <dates> + <discovery>2009-02-06</discovery> + <entry>2009-03-22</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="72cba7b0-13cd-11de-a964-0030843d3802"> + <topic>netatalk -- arbitrary command execution in papd daemon</topic> + <affects> + <package> + <name>netatalk</name> + <range><lt>2.0.3_5,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33227/"> + <p>A vulnerability has been reported in Netatalk, which potentially + can be exploited by malicious users to compromise a vulnerable system.</p> + <p>The vulnerability is caused due to the papd daemon improperly + sanitising several received parameters before passing them in a call + to popen(). This can be exploited to execute arbitrary commands via + a specially crafted printing request.</p> + <p>Successful exploitation requires that a printer is configured to + pass arbitrary values as parameters to a piped command.</p> + </blockquote> + </body> + </description> + <references> + <bid>32925</bid> + <cvename>CVE-2008-5718</cvename> + <url>http://secunia.com/advisories/33227/</url> + <url>http://www.openwall.com/lists/oss-security/2009/01/13/3</url> + </references> + <dates> + <discovery>2008-12-19</discovery> + <entry>2009-03-18</entry> + <modified>2009-03-18</modified> + </dates> + </vuln> + + <vuln vid="37a365ed-1269-11de-a964-0030843d3802"> + <topic>gstreamer-plugins-good -- multiple memory overflows</topic> + <affects> + <package> + <name>gstreamer-plugins-good</name> + <range><ge>0.10.9,3</ge><lt>0.10.12,3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33650/"> + <p>Tobias Klein has reported some vulnerabilities in GStreamer Good + Plug-ins, which can potentially be exploited by malicious people to + compromise a vulnerable system.</p> + <p>A boundary error occurs within the "qtdemux_parse_samples()" + function in gst/gtdemux/qtdemux.c when performing QuickTime "ctts" + Atom parsing. This can be exploited to cause a heap-based buffer + overflow via a specially crafted QuickTime media file.</p> + <p>An array indexing error exists in the "qtdemux_parse_samples()" + function in gst/gtdemux/qtdemux.c when performing QuickTime "stss" + Atom parsing. This can be exploited to corrupt memory via a specially + crafted QuickTime media file.</p> + <p>A boundary error occurs within the "qtdemux_parse_samples()" + function in gst/gtdemux/qtdemux.c when performing QuickTime "stts" + Atom parsing. This can be exploited to cause a heap-based buffer + overflow via a specially crafted QuickTime media file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0386</cvename> + <cvename>CVE-2009-0387</cvename> + <cvename>CVE-2009-0397</cvename> + <url>http://secunia.com/advisories/33650/</url> + <url>http://trapkit.de/advisories/TKADV2009-003.txt</url> + <url>http://gstreamer.freedesktop.org/releases/gst-plugins-good/0.10.12.html</url> + </references> + <dates> + <discovery>2009-01-22</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="c5af0747-1262-11de-a964-0030843d3802"> + <topic>libsndfile -- CAF processing integer overflow vulnerability</topic> + <affects> + <package> + <name>libsndfile</name> + <range><lt>1.0.19</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33980/"> + <p>The vulnerability is caused due to an integer overflow error in the + processing of CAF description chunks. This can be exploited to cause a + heap-based buffer overflow by tricking the user into processing a + specially crafted CAF audio file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0186</cvename> + <url>http://secunia.com/advisories/33980/</url> + </references> + <dates> + <discovery>2009-03-03</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="6733e1bf-125f-11de-a964-0030843d3802"> + <topic>ffmpeg -- 4xm processing memory corruption vulnerability</topic> + <affects> + <package> + <name>ffmpeg</name> + <range><lt>2008.07.27_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33711/"> + <p>Tobias Klein has reported a vulnerability in FFmpeg, which + potentially can be exploited by malicious people to compromise an + application using the library.</p> + <p>The vulnerability is caused due to a signedness error within the + "fourxm_read_header()" function in libavformat/4xm.c. This can be + exploited to corrupt arbitrary memory via a specially crafted 4xm + file.</p> + </blockquote> + </body> + </description> + <references> + <bid>33502</bid> + <cvename>CVE-2009-0385</cvename> + <url>http://secunia.com/advisories/33711/</url> + <url>http://trapkit.de/advisories/TKADV2009-004.txt</url> + </references> + <dates> + <discovery>2009-01-28</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="35c0b572-125a-11de-a964-0030843d3802"> + <topic>roundcube -- webmail script insertion and php code injection</topic> + <affects> + <package> + <name>roundcube</name> + <range><lt>0.2.1,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33622/"> + <p>Some vulnerabilities have been reported in RoundCube Webmail, which + can be exploited by malicious users to compromise a vulnerable system + and by malicious people to conduct script insertion attacks and + compromise a vulnerable system.</p> + <p>The HTML "background" attribute within e.g. HTML emails is not + properly sanitised before being used. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in context + of an affected site if a malicious email is viewed.</p> + <p>Input passed via a vCard is not properly sanitised before being + used in a call to "preg_replace()" with the "e" modifier in + program/include/rcube_vcard.php. This can be exploited to inject and + execute arbitrary PHP code by e.g. tricking a user into importing a + malicious vCard file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0413</cvename> + <url>http://secunia.com/advisories/33622/</url> + <url>http://sourceforge.net/forum/forum.php?forum_id=927958</url> + <url>http://trac.roundcube.net/changeset/2245</url> + <url>http://trac.roundcube.net/ticket/1485689</url> + </references> + <dates> + <discovery>2009-01-21</discovery> + <entry>2009-03-16</entry> + <modified>2009-03-26</modified> + </dates> + </vuln> + + <vuln vid="ca0841ff-1254-11de-a964-0030843d3802"> + <topic>proftpd -- multiple sql injection vulnerabilities</topic> + <affects> + <package> + <name>proftpd</name> + <name>proftpd-mysql</name> + <range><lt>1.3.2</lt></range> + </package> + <package> + <name>proftpd-devel</name> + <range><le>1.3.20080922</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33842/"> + <p>Some vulnerabilities have been reported in ProFTPD, which can be + exploited by malicious people to conduct SQL injection attacks.</p> + <p>The application improperly sets the character encoding prior to + performing SQL queries. This can be exploited to manipulate SQL + queries by injecting arbitrary SQL code in an environment using a + multi-byte character encoding.</p> + <p>An error exists in the "mod_sql" module when processing e.g. user + names containing '%' characters. This can be exploited to bypass input + sanitation routines and manipulate SQL queries by injecting arbitrary + SQL code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0542</cvename> + <cvename>CVE-2009-0543</cvename> + <url>http://secunia.com/advisories/33842/</url> + <url>http://bugs.proftpd.org/show_bug.cgi?id=3173</url> + <url>http://bugs.proftpd.org/show_bug.cgi?id=3124</url> + <url>http://milw0rm.com/exploits/8037</url> + </references> + <dates> + <discovery>2009-02-06</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="03140526-1250-11de-a964-0030843d3802"> + <topic>zabbix -- php frontend multiple vulnerabilities</topic> + <affects> + <package> + <name>zabbix</name> + <range><lt>1.6.2_1,1</lt></range> + </package> + <package> + <name>zabbix-agent</name> + <range><lt>1.6.2_1,2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34091/"> + <p>Some vulnerabilities have been reported in the ZABBIX PHP frontend, + which can be exploited by malicious people to conduct cross-site + request forgery attacks and malicious users to disclose sensitive + information and compromise a vulnerable system.</p> + <p>Input appended to and passed via the "extlang" parameter to the + "calc_exp2()" function in include/validate.inc.php is not properly + sanitised before being used. This can be exploited to inject and + execute arbitrary PHP code.</p> + <p>The application allows users to perform certain actions via HTTP + requests without performing any validity checks to verify the + requests. This can be exploited to e.g. create users by enticing a + logged in administrator to visit a malicious web page.</p> + <p>Input passed to the "srclang" parameter in locales.php (when "next" + is set to a non-NULL value) is not properly verified before being used + to include files. This can be exploited to include arbitrary files + from local resources via directory traversal attacks and URL-encoded + NULL bytes.</p> + </blockquote> + </body> + </description> + <references> + <url>http://secunia.com/advisories/34091/</url> + <url>http://www.ush.it/team/ush/hack-zabbix_162/adv.txt</url> + </references> + <dates> + <discovery>2009-03-04</discovery> + <entry>2009-03-16</entry> + <modified>2009-03-23</modified> + </dates> + </vuln> + + <vuln vid="a2074ac6-124c-11de-a964-0030843d3802"> + <topic>php-mbstring -- php mbstring buffer overflow vulnerability</topic> + <affects> + <package> + <name>php4-mbstring</name> + <range><lt>4.4.9</lt></range> + </package> + <package> + <name>php5-mbstring</name> + <range><lt>5.2.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32948"> + <p>PHP is prone to a buffer-overflow vulnerability because it fails to + perform boundary checks before copying user-supplied data to + insufficiently sized memory buffers. The issue affects the 'mbstring' + extension included in the standard distribution.</p> + <p>An attacker can exploit this issue to execute arbitrary machine + code in the context of the affected webserver. Failed exploit attempts + will likely crash the webserver, denying service to legitimate + users.</p> + </blockquote> + </body> + </description> + <references> + <bid>32948</bid> + <cvename>CVE-2008-5557</cvename> + </references> + <dates> + <discovery>2008-12-21</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="4ce3c20b-124b-11de-a964-0030843d3802"> + <topic>phppgadmin -- directory traversal with register_globals enabled</topic> + <affects> + <package> + <name>phppgadmin</name> + <range><lt>4.2.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33014"> + <p>Dun has discovered a vulnerability in phpPgAdmin, which can be + exploited by malicious people to disclose sensitive information.</p> + <p>Input passed via the "_language" parameter to libraries/lib.inc.php + is not properly sanitised before being used to include files. This can + be exploited to include arbitrary files from local resources via + directory traversal attacks and URL-encoded NULL bytes.</p> + </blockquote> + </body> + </description> + <references> + <bid>32670</bid> + <cvename>CVE-2008-5587</cvename> + <url>http://secunia.com/advisories/33014</url> + </references> + <dates> + <discovery>2008-12-08</discovery> + <entry>2009-03-16</entry> + </dates> + </vuln> + + <vuln vid="8c5205b4-11a0-11de-a964-0030843d3802"> + <topic>opera -- multiple vulnerabilities</topic> + <affects> + <package> + <name>opera</name> + <name>linux-opera</name> + <range><lt>9.64</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Opera Team reports:</p> + <blockquote cite="http://www.opera.com/docs/changelogs/freebsd/964/"> + <p>An unspecified error in the processing of JPEG images can be + exploited to trigger a memory corruption.</p> + <p>An error can be exploited to execute arbitrary script code in a + different domain via unspecified plugins.</p> + <p>An unspecified error has a "moderately severe" impact. No further + information is available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0914</cvename> + <cvename>CVE-2009-0915</cvename> + <url>http://www.opera.com/docs/changelogs/freebsd/964/</url> + <url>http://secunia.com/advisories/34135/</url> + </references> + <dates> + <discovery>2009-03-15</discovery> + <entry>2009-03-15</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="e848a92f-0e7d-11de-92de-000bcdc1757a"> + <topic>epiphany -- untrusted search path vulnerability</topic> + <affects> + <package> + <name>epiphany</name> + <range><lt>2.24.2.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE Mitre reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5985"> + <p>Untrusted search path vulnerability in the Python interface in + Epiphany 2.22.3, and possibly other versions, allows local users to + execute arbitrary code via a Trojan horse Python file in the current + working directory, related to a vulnerability in the PySys_SetArgv + function (CVE-2008-5983).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5985</cvename> + <cvename>CVE-2008-5983</cvename> + </references> + <dates> + <discovery>2009-01-26</discovery> + <entry>2009-03-11</entry> + </dates> + </vuln> + + <vuln vid="f1892066-0e74-11de-92de-000bcdc1757a"> + <topic>apache -- Cross-site scripting vulnerability</topic> + <affects> + <package> + <name>apache</name> + <range><gt>2.2.0</gt><lt>2.2.9_2</lt></range> + <range><gt>2.0.0</gt><lt>2.0.63_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>CVE Mitre reports:</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2939"> + <p>Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the + mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c + in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, + allows remote attackers to inject arbitrary web script or HTML via a + wildcard in the last directory component in the pathname in an FTP + URI.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-2939</cvename> + <url>http://www.rapid7.com/advisories/R7-0033.jsp</url> + </references> + <dates> + <discovery>2008-07-25</discovery> + <entry>2009-03-11</entry> + </dates> + </vuln> + + <vuln vid="ea2411a4-08e8-11de-b88a-0022157515b2"> + <topic>pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability</topic> + <affects> + <package> + <name>pngcrush</name> + <range><lt>1.6.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33976/"> + <p>A vulnerability has been reported in Pngcrush, which + can be exploited by malicious people to potentially + compromise a user's system.</p> + <p>The vulnerability is caused due to the use of vulnerable + libpng code.</p> + </blockquote> + </body> + </description> + <references> + <bid>33827</bid> + <cvename>CVE-2009-0040</cvename> + <url>http://secunia.com/advisories/33976</url> + <url>http://xforce.iss.net/xforce/xfdb/48819</url> + </references> + <dates> + <discovery>2009-02-19</discovery> + <entry>2009-03-04</entry> + </dates> + </vuln> + + <vuln vid="5d433534-f41c-402e-ade5-e0a2259a7cb6"> + <topic>curl -- cURL/libcURL Location: Redirect URLs Security Bypass</topic> + <affects> + <package> + <name>curl</name> + <range><ge>5.11</ge><lt>7.19.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/34138/"> + <p>The security issue is caused due to cURL following HTTP Location: + redirects to e.g. scp:// or file:// URLs which can be exploited + by a malicious HTTP server to overwrite or disclose the content of + arbitrary local files and potentially execute arbitrary commands via + specially crafted redirect URLs.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0037</cvename> + <url>http://secunia.com/advisories/34138/</url> + </references> + <dates> + <discovery>2009-03-03</discovery> + <entry>2009-03-04</entry> + </dates> + </vuln> + + <vuln vid="cf495fd4-fdcd-11dd-9a86-0050568452ac"> + <topic>Zend Framework -- Local File Inclusion vulnerability in Zend_View::render()</topic> + <affects> + <package> + <name>ZendFramework</name> + <range><lt>1.7.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Matthew Weier O'Phinney reports:</p> + <blockquote cite="http://weierophinney.net/matthew/archives/206-Zend-Framework-1.7.5-Released-Important-Note-Regarding-Zend_View.html"> + <p>A potential Local File Inclusion (LFI) vulnerability exists in + the Zend_View::render() method. If user input is used to + specify the script path, then it is possible to trigger the + LFI.</p> + <p>Note that Zend Framework applications that never call the + Zend_View::render() method with a user-supplied parameter are + not affected by this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <url>http://framework.zend.com/issues/browse/ZF-5748</url> + </references> + <dates> + <discovery>2009-02-11</discovery> + <entry>2009-02-18</entry> + </dates> + </vuln> + + <vuln vid="25eb365c-fd11-11dd-8424-c213de35965d"> + <topic>dia -- remote command execution vulnerability</topic> + <affects> + <package> + <name>dia</name> + <range><lt>0.96.1_6,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Security Focus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33448/"> + <p>An attacker could exploit this issue by enticing an + unsuspecting victim to execute the vulnerable + application in a directory containing a malicious + Python file. A successful exploit will allow arbitrary + Python commands to run within the privileges of the currently + logged-in user.</p> + </blockquote> + </body> + </description> + <references> + <bid>33448</bid> + <cvename>CVE-2008-5984</cvename> + <url>http://secunia.com/advisories/33672</url> + </references> + <dates> + <discovery>2009-01-26</discovery> + <entry>2009-02-17</entry> + </dates> + </vuln> + + <vuln vid="5a021595-fba9-11dd-86f3-0030843d3802"> + <topic>pycrypto -- ARC2 module buffer overflow</topic> + <affects> + <package> + <name>py-pycrypto</name> + <range><lt>2.0.1_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Dwayne C. Litzenberger reports:</p> + <blockquote cite="http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html"> + <p>pycrypto is exposed to a buffer overflow issue because it fails to + adequately verify user-supplied input. This issue resides in the ARC2 + module. This issue can be triggered with specially crafted ARC2 keys + in excess of 128 bytes.</p> + </blockquote> + </body> + </description> + <references> + <url>http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html</url> + </references> + <dates> + <discovery>2009-02-06</discovery> + <entry>2009-02-15</entry> + </dates> + </vuln> + + <vuln vid="bcee3989-d106-4f60-948f-835375634710"> + <topic>varnish -- Varnish HTTP Request Parsing Denial of Service</topic> + <affects> + <package> + <name>varnish</name> + <range><lt>2.0.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33712"> + <p>Varnish is prone to a remote denial-of-service + vulnerability because the application fails to handle + certain HTTP requests.</p> + <p>Successfully exploiting this issue allows remote + attackers to crash the affected application denying further + service to legitimate users.</p> + </blockquote> + </body> + </description> + <references> + <bid>33712</bid> + <url>http://secunia.com/advisories/33852/</url> + <url>http://varnish.projects.linpro.no/wiki/WikiStart</url> + </references> + <dates> + <discovery>2008-10-17</discovery> + <entry>2009-02-14</entry> + <modified>2009-02-15</modified> + </dates> + </vuln> + + <vuln vid="78f5606b-f9d1-11dd-b79c-0030843d3802"> + <topic>tor -- multiple vulnerabilities</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.2.0.34</lt></range> + </package> + <package> + <name>tor-devel</name> + <range><lt>0.2.12-alpha</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33880/"> + <p>Some vulnerabilities have been reported in Tor, where one has an + unknown impact and others can be exploited by malicious people to + cause a DoS.</p> + <p>An error when running Tor as a directory authority can be exploited + to trigger the execution of an infinite loop.</p> + <p>An unspecified error exists when running on Windows systems prior + to Windows XP. No further information is currently available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0936</cvename> + <cvename>CVE-2009-0937</cvename> + <cvename>CVE-2009-0938</cvename> + <url>http://secunia.com/advisories/33880/</url> + <url>http://archives.seul.org/or/announce/Feb-2009/msg00000.html</url> + </references> + <dates> + <discovery>2009-02-10</discovery> + <entry>2009-02-13</entry> + <modified>2009-03-20</modified> + </dates> + </vuln> + + <vuln vid="8b491182-f842-11dd-94d9-0030843d3802"> + <topic>firefox -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>2.0.0.20_3,1</lt></range> + <range><gt>3.*,1</gt><lt>3.0.6,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <name>linux-firefox-devel</name> + <range><lt>3.0.6</lt></range> + </package> + <package> + <name>linux-seamonkey-devel</name> + <range><gt>0</gt></range> + </package> + <package> + <name>seamonkey</name> + <name>linux-seamonkey</name> + <range><lt>1.1.15</lt></range> + </package> + <package> + <name>thunderbird</name> + <name>linux-thunderbird</name> + <range><lt>2.0.0.21</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Mozilla Foundation reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/firefox30.html"> + <p>MFSA 2009-06: Directives to not cache pages ignored</p> + <p>MFSA 2009-05: XMLHttpRequest allows reading HTTPOnly cookies</p> + <p>MFSA 2009-04: Chrome privilege escalation via local .desktop + files</p> + <p>MFSA 2009-03: Local file stealing with SessionStore</p> + <p>MFSA 2009-02: XSS using a chrome XBL method and window.eval</p> + <p>MFSA 2009-01: Crashes with evidence of memory corruption (rv:1.9.0.6)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0352</cvename> + <cvename>CVE-2009-0353</cvename> + <cvename>CVE-2009-0354</cvename> + <cvename>CVE-2009-0355</cvename> + <cvename>CVE-2009-0356</cvename> + <cvename>CVE-2009-0357</cvename> + <cvename>CVE-2009-0358</cvename> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-01.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-02.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-03.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-04.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-05.html</url> + <url>http://www.mozilla.org/security/announce/2009/mfsa2009-06.html</url> + <url>http://secunia.com/advisories/33799/</url> + </references> + <dates> + <discovery>2009-02-04</discovery> + <entry>2009-02-11</entry> + <modified>2009-12-12</modified> + </dates> + </vuln> + + <vuln vid="83574d5a-f828-11dd-9fdf-0050568452ac"> + <topic>codeigniter -- arbitrary script execution in the new Form Validation class</topic> + <affects> + <package> + <name>codeigniter</name> + <range><ge>1.7.0</ge><lt>1.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>znirkel reports:</p> + <blockquote cite="http://secunia.com/advisories/33829/"> + <p>The eval() function in _reset_post_array crashes when posting + certain data. By passing in carefully-crafted input data, the eval() + function could also execute malicious PHP code.</p> + <p>Note that CodeIgniter applications that either do not use the + new Form Validation class or use the old Validation class are not + affected by this vulnerability.</p> + </blockquote> + </body> + </description> + <references> + <url>http://codeigniter.com/bug_tracker/bug/6068/</url> + </references> + <dates> + <discovery>2008-11-28</discovery> + <entry>2009-02-11</entry> + </dates> + </vuln> + + <vuln vid="b07f3254-f83a-11dd-85a4-ea653f0746ab"> + <topic>pyblosxom -- atom flavor multiple XML injection vulnerabilities</topic> + <affects> + <package> + <name>pyblosxom</name> + <range><lt>1.5.r3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Security Focus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33676/"> + <p>PyBlosxom is prone to multiple XML-injection + vulnerabilities because the application fails to + properly sanitize user-supplied input before using it + in dynamically generated content.</p> + <p>Attacker-supplied XML and script code would run in the + context of the affected browser, potentially allowing + the attacker to steal cookie-based authentication credentials + or to control how the site is rendered to the user. Other attacks + are also possible.</p> + </blockquote> + </body> + </description> + <references> + <bid>33676</bid> + </references> + <dates> + <discovery>2009-02-09</discovery> + <entry>2009-02-11</entry> + </dates> + </vuln> + + <vuln vid="cc47fafe-f823-11dd-94d9-0030843d3802"> + <topic>typo3 -- cross-site scripting and information disclosure</topic> + <affects> + <package> + <name>typo3</name> + <range><lt>4.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33829/"> + <p>Some vulnerabilities have been reported in Typo3, which can be + exploited by malicious people to conduct cross-site scripting attacks + and disclose sensitive information.</p> + <p>Input passed via unspecified fields to the backend user interface + is not properly sanitised before being returned to the user. This can + be exploited to execute arbitrary HTML and script code in a user's + browser session in context of an affected site.</p> + <p>An error in the "jumpUrl" mechanism can be exploited to read + arbitrary files from local resources by disclosing a hash secret used + to restrict file access.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0815</cvename> + <cvename>CVE-2009-0816</cvename> + <url>http://secunia.com/advisories/33829/</url> + <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/</url> + </references> + <dates> + <discovery>2009-02-10</discovery> + <entry>2009-02-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="a89b76a7-f6bd-11dd-94d9-0030843d3802"> + <topic>amaya -- multiple buffer overflow vulnerabilities</topic> + <affects> + <package> + <name>amaya</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32848/"> + <p>A boundary error when processing "div" HTML tags can be exploited + to cause a stack-based buffer overflow via an overly long "id" + parameter.</p> + <p>A boundary error exists when processing overly long links. This can + be exploited to cause a stack-based buffer overflow by tricking the + user into e.g. editing a malicious link.</p> + <p>A boundary error when processing e.g. a "bdo" HTML tag having an + overly long "dir" attribute can be exploited to cause a stack-based + buffer overflow.</p> + <p>A boundary error when processing "input" HTML tags can be + exploited to cause a stack-based buffer overflow via an overly long + e.g. "type" attribute.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5282</cvename> + <cvename>CVE-2009-0323</cvename> + <url>http://secunia.com/advisories/32848/</url> + <url>http://www.bmgsec.com.au/advisory/41/</url> + <url>http://www.bmgsec.com.au/advisory/40/</url> + <url>http://milw0rm.com/exploits/7467</url> + <url>http://www.coresecurity.com/content/amaya-buffer-overflows</url> + </references> + <dates> + <discovery>2008-11-25</discovery> + <entry>2009-02-09</entry> + </dates> + </vuln> + + <vuln vid="71597e3e-f6b8-11dd-94d9-0030843d3802"> + <topic>websvn -- multiple vulnerabilities</topic> + <affects> + <package> + <name>websvn</name> + <range><lt>2.1.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32338/"> + <p>Some vulnerabilities have been reported in WebSVN, which can be + exploited by malicious users to disclose sensitive information, and by + malicious people to conduct cross-site scripting attacks and + manipulate data.</p> + <p>Input passed in the URL to index.php is not properly sanitised + before being returned to the user. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in context + of an affected site.</p> + <p>Input passed to the "rev" parameter in rss.php is not properly + sanitised before being used. This can be exploited to overwrite + arbitrary files via directory traversal attacks.</p> + <p>Access to restricted repositories is not properly enforced, which + can be exploited to disclose potentially sensitive information by + accessing the repository via "listing.php" and using the "compare with + previous" and "show changed files" links.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5918</cvename> + <cvename>CVE-2008-5919</cvename> + <cvename>CVE-2009-0240</cvename> + <url>http://secunia.com/advisories/32338/</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512191</url> + <url>http://www.gulftech.org/?node=research&article_id=00132-10202008</url> + </references> + <dates> + <discovery>2008-10-23</discovery> + <entry>2009-02-09</entry> + </dates> + </vuln> + + <vuln vid="40774927-f6b4-11dd-94d9-0030843d3802"> + <topic>phplist -- local file inclusion vulnerability</topic> + <affects> + <package> + <name>phplist</name> + <range><lt>2.10.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33533/"> + <p>Input passed to the "_SERVER[ConfigFile]" parameter in + admin/index.php is not properly verified before being used to include + files. This can be exploited to include arbitrary files from local + resources.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0422</cvename> + <url>http://secunia.com/advisories/33533/</url> + </references> + <dates> + <discovery>2009-01-15</discovery> + <entry>2009-02-09</entry> + </dates> + </vuln> + + <vuln vid="9c2460a4-f6b1-11dd-94d9-0030843d3802"> + <topic>squid -- remote denial of service vulnerability</topic> + <affects> + <package> + <name>squid</name> + <range><ge>2.7.1</ge><lt>2.7.6</lt></range> + <range><ge>3.0.1</ge><lt>3.0.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Squid security advisory 2009:1 reports:</p> + <blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2009_1.txt"> + <p>Due to an internal error Squid is vulnerable to a denial + of service attack when processing specially crafted requests.</p> + <p>This problem allows any client to perform a denial of service + attack on the Squid service.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0478</cvename> + <url>http://www.squid-cache.org/Advisories/SQUID-2009_1.txt</url> + <url>http://secunia.com/advisories/33731/</url> + </references> + <dates> + <discovery>2009-02-04</discovery> + <entry>2009-02-09</entry> + <modified>2009-02-10</modified> + </dates> + </vuln> + + <vuln vid="653606e9-f6ac-11dd-94d9-0030843d3802"> + <topic>typo3 -- multiple vulnerabilities</topic> + <affects> + <package> + <name>typo3</name> + <range><lt>4.2.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33617/"> + <p>Some vulnerabilities have been reported in Typo3, which can be + exploited by malicious people to bypass certain security restrictions, + conduct cross-site scripting and session fixation attacks, and + compromise a vulnerable system.</p> + <p>The "Install tool" system extension uses insufficiently random + entropy sources to generate an encryption key, resulting in weak + security.</p> + <p>The authentication library does not properly invalidate supplied + session tokens, which can be exploited to hijack a user's + session.</p> + <p>Certain unspecified input passed to the "Indexed Search Engine" + system extension is not properly sanitised before being used to invoke + commands. This can be exploited to inject and execute arbitrary shell + commands.</p> + <p>Input passed via the name and content of files to the "Indexed Search + Engine" system extension is not properly sanitised before being returned + to the user. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected site.</p> + <p>Certain unspecified input passed to the Workspace module is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in context of an affected site.</p> + <p>Note: It is also reported that certain unspecified input passed to + test scripts of the "ADOdb" system extension is not properly sanitised + before being returned to the user. This can be exploited to execute + arbitrary HTML and script code in a user's browser session in context + of an affected website.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0255</cvename> + <cvename>CVE-2009-0256</cvename> + <cvename>CVE-2009-0257</cvename> + <cvename>CVE-2009-0258</cvename> + <url>http://secunia.com/advisories/33617/</url> + <url>http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/</url> + </references> + <dates> + <discovery>2009-02-07</discovery> + <entry>2009-02-09</entry> + <modified>2013-06-19</modified> + </dates> + </vuln> + + <vuln vid="13d6d997-f455-11dd-8516-001b77d09812"> + <topic>sudo -- certain authorized users could run commands as any user</topic> + <affects> + <package> + <name>sudo</name> + <range><ge>1.6.9</ge><lt>1.6.9.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Todd Miller reports:</p> + <blockquote cite="http://www.gratisoft.us/pipermail/sudo-announce/2009-February/000085.html"> + <p>A bug was introduced in Sudo's group matching code in version + 1.6.9 when support for matching based on the supplemental group + vector was added. This bug may allow certain users listed in + the sudoers file to run a command as a different user than their + access rule specifies.</p> + </blockquote> + </body> + </description> + <references> + <bid>33517</bid> + <cvename>CVE-2009-0034</cvename> + <mlist msgid="200902041802.n14I2llS024155@core.courtesan.com">http://www.gratisoft.us/pipermail/sudo-announce/2009-February/000085.html</mlist> + </references> + <dates> + <discovery>2009-02-04</discovery> + <entry>2009-02-06</entry> + </dates> + </vuln> + + <vuln vid="6d85dc62-f2bd-11dd-9f55-0030843d3802"> + <topic>drupal -- multiple vulnerabilities</topic> + <affects> + <package> + <name>drupal5</name> + <range><lt>5.15</lt></range> + </package> + <package> + <name>drupal6</name> + <range><lt>6.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Drupal Team reports:</p> + <blockquote cite="http://drupal.org/node/358957"> + <p>The Content Translation module for Drupal 6.x enables users to make + a translation of an existing item of content (a node). In that proces + the existing node's content is copied into the new node's submission + form.</p> + <p>The module contains a flaw that allows a user with the 'translate + content' permission to potentially bypass normal viewing access + restrictions, for example allowing the user to see the content of + unpublished nodes even if they do not have permission to view + unpublished nodes.</p> + <p>When user profile pictures are enabled, the default user profile + validation function will be bypassed, possibly allowing invalid user + names or e-mail addresses to be submitted.</p> + </blockquote> + </body> + </description> + <references> + <url>http://drupal.org/node/358957</url> + <url>http://secunia.com/advisories/33550/</url> + <url>http://secunia.com/advisories/33500/</url> + <url>http://secunia.com/advisories/33542/</url> + </references> + <dates> + <discovery>2009-01-14</discovery> + <entry>2009-02-04</entry> + </dates> + </vuln> + + <vuln vid="4a99d61c-f23a-11dd-9f55-0030843d3802"> + <topic>perl -- Directory Permissions Race Condition</topic> + <affects> + <package> + <name>perl</name> + <range><ge>5.8.0</ge><lt>5.8.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/14531/"> + <p>Paul Szabo has reported a vulnerability in Perl File::Path::rmtree, + which potentially can be exploited by malicious, local users to + gain escalated privileges.</p> + <p>The vulnerability is caused due to a race condition in the way + File::Path::rmtree handles directory permissions when cleaning up + directories. This can be exploited by replacing an existing sub + directory in the directory tree with a symbolic link to an arbitrary + file.</p> + <p>Successful exploitation may allow changing permissions of arbitrary + files, if root uses an application using the vulnerable code to delete + files in a directory having a world-writable sub directory.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2005-0448</cvename> + <url>http://www.ubuntulinux.org/usn/usn-94-1</url> + <url>http://secunia.com/advisories/14531/</url> + </references> + <dates> + <discovery>2005-03-09</discovery> + <entry>2009-02-03</entry> + </dates> + </vuln> + + <vuln vid="6a523dba-eeab-11dd-ab4f-0030843d3802"> + <topic>moinmoin -- multiple cross site scripting vulnerabilities</topic> + <affects> + <package> + <name>moinmoin</name> + <range><lt>1.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33593/"> + <p>Input passed to multiple parameters in action/AttachFile.py is not + properly sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in the context of an affected site.</p> + <p>Certain input passed to security/antispam.py is not properly + sanitised before being returned to the user. This can be exploited to + execute arbitrary HTML and script code in a user's browser session in + the context of an affected site.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0260</cvename> + <cvename>CVE-2009-0312</cvename> + <url>http://secunia.com/advisories/33593/</url> + <url>http://hg.moinmo.in/moin/1.8/file/c76d50dac855</url> + <url>http://hg.moinmo.in/moin/1.8/rev/89b91bf87dad</url> + <url>http://moinmo.in/SecurityFixes#moin1.8.1</url> + </references> + <dates> + <discovery>2009-01-21</discovery> + <entry>2009-01-30</entry> + </dates> + </vuln> + + <vuln vid="b9077cc4-6d04-4bcb-a37a-9ceaebfdcc9e"> + <topic>ganglia -- buffer overflow vulnerability</topic> + <affects> + <package> + <name>ganglia-monitor-core</name> + <name>ganglia-monitor-webfrontend</name> + <range><lt>3.1.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33506"> + <p>Spike Spiegel has discovered a vulnerability in Ganglia which + can be exploited by malicious people to compromise a + vulnerable system. The vulnerability is caused due to a + boundary error within the process_path function in + gmetad/server.c. This can be exploited to cause a stack-based + buffer overflow by e.g. sending a specially crafted message to + the gmetad service.</p> + <p>The vulnerability is confirmed in version 3.1.1. Other + versions may also be affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0241</cvename> + <url>http://secunia.com/advisories/33506</url> + </references> + <dates> + <discovery>2009-01-26</discovery> + <entry>2009-01-30</entry> + <modified>2009-01-30</modified> + </dates> + </vuln> + + <vuln vid="100a9ed2-ee56-11dd-ab4f-0030843d3802"> + <topic>tor -- unspecified memory corruption vulnerability</topic> + <affects> + <package> + <name>tor</name> + <range><lt>0.2.0.33</lt></range> + </package> + <package> + <name>tor-devel</name> + <range><lt>0.2.1.11-alpha</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33635/"> + <p>A vulnerability with an unknown impact has been reported in Tor.</p> + <p>The vulnerability is caused due to an unspecified error and can be + exploited to trigger a heap corruption. No further information is + currently available.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2009-0414</cvename> + <url>http://secunia.com/advisories/33635/</url> + <url>http://archives.seul.org/or/announce/Jan-2009/msg00000.html</url> + </references> + <dates> + <discovery>2009-01-22</discovery> + <entry>2009-01-29</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8"> + <topic>glpi -- SQL Injection</topic> + <affects> + <package> + <name>glpi</name> + <range><lt>0.71.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The GLPI project reports:</p> + <blockquote cite="http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en"> + <p>Input passed via unspecified parameters is not properly sanitised + before being used in SQL queries. This can be exploited to + manipulateSQL queries by injecting arbitrary SQL code.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en</url> + <url>https://mail.gna.org/public/glpi-news/2009-01/msg00002.html</url> + <url>https://dev.indepnet.net/glpi/ticket/1224</url> + <url>http://secunia.com/advisories/33680/</url> + </references> + <dates> + <discovery>2009-01-25</discovery> + <entry>2009-01-28</entry> + </dates> + </vuln> + + <vuln vid="c3aba586-ea77-11dd-9d1e-000bcdc1757a"> + <topic>openfire -- multiple vulnerabilities</topic> + <affects> + <package> + <name>openfire</name> + <range><lt>3.6.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Core Security Technologies reports:</p> + <blockquote cite="http://www.coresecurity.com/content/openfire-multiple-vulnerabilities"> + <p>Multiple cross-site scripting vulnerabilities have been found + which may lead to arbitrary remote code execution on the server + running the application due to unauthorized upload of Java plugin + code.</p> + </blockquote> + </body> + </description> + <references> + <bid>32935</bid> + <bid>32937</bid> + <bid>32938</bid> + <bid>32939</bid> + <bid>32940</bid> + <bid>32943</bid> + <bid>32944</bid> + <bid>32945</bid> + <cvename>CVE-2009-0496</cvename> + <cvename>CVE-2009-0497</cvename> + <url>http://www.coresecurity.com/content/openfire-multiple-vulnerabilities</url> + </references> + <dates> + <discovery>2009-01-08</discovery> + <entry>2009-01-25</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="abcacb5a-e7f1-11dd-afcd-00e0815b8da8"> + <topic>ipset-tools -- Denial of Service Vulnerabilities</topic> + <affects> + <package> + <name>ipsec-tools</name> + <range><lt>0.7.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/30657/discuss"> + <p>IPsec-Tools is affected by multiple remote denial-of-service + vulnerabilities because the software fails to properly handle + certain network packets.</p> + <p>A successful attack allows a remote attacker to crash the + software, denying further service to legitimate users.</p> + </blockquote> + </body> + </description> + <references> + <bid>30657</bid> + <cvename>CVE-2008-3651</cvename> + <cvename>CVE-2008-3652</cvename> + <mlist msgid="20080724084529.GA3768@zen.inc">http://marc.info/?l=ipsec-tools-devel&m=121688914101709&w=2</mlist> + </references> + <dates> + <discovery>2008-07-28</discovery> + <entry>2009-01-21</entry> + </dates> + </vuln> + + <vuln vid="4b68d917-e705-11dd-afcd-00e0815b8da8"> + <topic>Teamspeak Server -- Directory Traversal Vulnerability</topic> + <affects> + <package> + <name>teamspeak_server</name> + <range><le>2.0.23.17</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33256"> + <p>TeamSpeak is prone to a directory-traversal vulnerability because + it fails to sufficiently sanitize user-supplied input data. + Exploiting the issue may allow an attacker to obtain sensitive + information that could aid in further attacks.</p> + </blockquote> + </body> + </description> + <references> + <bid>33256</bid> + <url>http://www.securityfocus.com/bid/33256</url> + </references> + <dates> + <discovery>2009-01-14</discovery> + <entry>2009-01-20</entry> + </dates> + </vuln> + + <vuln vid="2bc960c4-e665-11dd-afcd-00e0815b8da8"> + <topic>optipng -- arbitrary code execution via crafted BMP image</topic> + <affects> + <package> + <name>optipng</name> + <range><lt>0.6.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/32651"> + <p>A vulnerability has been reported in OptiPNG, which + potentially can be exploited by malicious people to compromise + a user's system.</p> + <p>The vulnerability is caused due to a boundary error in + the BMP reader and can be exploited to cause a buffer + overflow by tricking a user into processing a specially + crafted file.</p> + <p>Successful exploitation may allow execution of arbitrary + code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5101</cvename> + <url>http://secunia.com/advisories/32651</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505399</url> + <url>http://optipng.sourceforge.net/</url> + </references> + <dates> + <discovery>2008-11-11</discovery> + <entry>2009-01-19</entry> + </dates> + </vuln> + + <vuln vid="ecad44b9-e663-11dd-afcd-00e0815b8da8"> + <topic>git -- gitweb privilege escalation</topic> + <affects> + <package> + <name>git</name> + <range><lt>1.6.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Git maintainers report:</p> + <blockquote cite="http://marc.info/?l=git&m=122975564100860&w=2"> + <p>gitweb has a possible local privilege escalation + bug that allows a malicious repository owner to run a command + of his choice by specifying diff.external configuration + variable in his repository and running a crafted gitweb + query.</p> + </blockquote> + </body> + </description> + <references> + <bid>32967</bid> + <mlist msgid="7vhc4z1gys.fsf@gitster.siamese.dyndns.org">http://marc.info/?l=git&m=122975564100860&w=2</mlist> + <url>http://www.kernel.org/pub/software/scm/git/docs/RelNotes-1.6.0.6.txt</url> + </references> + <dates> + <discovery>2008-12-20</discovery> + <entry>2009-01-19</entry> + </dates> + </vuln> + + <vuln vid="0809ce7d-f672-4924-9b3b-7c74bc279b83"> + <topic>gtar -- GNU TAR safer_name_suffix Remote Denial of Service Vulnerability</topic> + <affects> + <package> + <name>gtar</name> + <range><lt>1.19</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/26445/"> + <p>GNUs tar and cpio utilities are prone to a denial-of-service + vulnerability because of insecure use of the alloca() + function.</p> + <p>Successfully exploiting this issue allows attackers + to crash the affected utilities and possibly to execute + code but this has not been confirmed.</p> + </blockquote> + </body> + </description> + <references> + <bid>26445</bid> + <cvename>CVE-2007-4476</cvename> + <url>http://www.securityfocus.com/bid/26445/</url> + </references> + <dates> + <discovery>2007-11-14</discovery> + <entry>2009-01-15</entry> + </dates> + </vuln> + + <vuln vid="5ccb1c14-e357-11dd-a765-0030843d3802"> + <topic>mplayer -- vulnerability in STR files processor</topic> + <affects> + <package> + <name>mplayer</name> + <name>mplayer-esound</name> + <name>mplayer-gtk</name> + <name>mplayer-gtk-esound</name> + <name>mplayer-gtk2</name> + <name>mplayer-gtk2-esound</name> + <range><lt>0.99.11_10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/30994"> + <p>The vulnerability is caused due to a boundary error within the + "str_read_packet()" function in libavformat/psxstr.c. This can be + exploited to cause a heap-based buffer overflow via a specially + crafted STR file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3162</cvename> + <bid>30157</bid> + <url>http://secunia.com/advisories/30994</url> + <url>https://roundup.mplayerhq.hu/roundup/ffmpeg/issue311</url> + </references> + <dates> + <discovery>2008-07-09</discovery> + <entry>2009-01-15</entry> + </dates> + </vuln> + + <vuln vid="bc6a7e79-e111-11dd-afcd-00e0815b8da8"> + <topic>cgiwrap -- XSS Vulnerability</topic> + <affects> + <package> + <name>cgiwrap</name> + <range><lt>4.0_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/30765"> + <p>A vulnerability has been reported in CGIWrap, which can be + exploited by malicious people to conduct cross-site scripting + attacks.</p> + <p>The vulnerability is caused due to the application generating + error messages without specifying a charset. This can be exploited + to execute arbitrary HTML and script code in a user's browser + session in context of an affected site.</p> + <p>Successful exploitation may require that the victim uses Internet + Explorer or a browser based on Internet Explorer components.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-2852</cvename> + <url>http://secunia.com/advisories/30765</url> + <url>http://cgiwrap.sourceforge.net/changes.html</url> + </references> + <dates> + <discovery>2008-06-19</discovery> + <entry>2009-01-13</entry> + </dates> + </vuln> + + <vuln vid="d4a358d3-e09a-11dd-a765-0030843d3802"> + <topic>nagios -- web interface privilege escalation vulnerability</topic> + <affects> + <package> + <name>nagios</name> + <range><lt>3.0.5</lt></range> + </package> + <package> + <name>nagios2</name> + <range><lt>2.12_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32156/discuss"> + <p>An attacker with low-level privileges may exploit this issue to + bypass authorization and cause arbitrary commands to run within the + context of the Nagios server. This may aid in further attacks.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5027</cvename> + <bid>32156</bid> + <url>http://secunia.com/advisories/33320</url> + <url>http://www.ubuntu.com/usn/USN-698-1</url> + <url>http://www.nagios.org/development/history/nagios-3x.php</url> + </references> + <dates> + <discovery>2008-11-06</discovery> + <entry>2009-01-12</entry> + <modified>2009-01-15</modified> + </dates> + </vuln> + + <vuln vid="a02c9595-e018-11dd-a765-0030843d3802"> + <topic>pdfjam -- insecure temporary files</topic> + <affects> + <package> + <name>pdfjam</name> + <range><lt>1.20_4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/33278"> + <p>Some security issues have been reported in PDFjam, which can be + exploited by malicious, local users to perform certain actions with + escalated privileges.</p> + <p>The security issues are caused due to the "pdf90", "pdfjoin", and + "pdfnup" scripts using temporary files in an insecure manner. This can + be exploited to overwrite arbitrary files via symlink attacks.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5743</cvename> + <url>https://bugzilla.novell.com/show_bug.cgi?id=459031</url> + <url>http://secunia.com/advisories/33278</url> + </references> + <dates> + <discovery>2008-12-05</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="58997463-e012-11dd-a765-0030843d3802"> + <topic>verlihub -- insecure temporary file usage and arbitrary command execution</topic> + <affects> + <package> + <name>verlihub</name> + <range><lt>0.9.8.d.r2_2,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32889/discuss"> + <p>An attacker with local access could potentially exploit this issue + to perform symbolic-link attacks, overwriting arbitrary files in the + context of the affected application.</p> + <p>Successfully mounting a symlink attack may allow the attacker to + delete or corrupt sensitive files, which may result in a denial of + service. Other attacks may also be possible.</p> + </blockquote> + <blockquote cite="http://www.securityfocus.com/bid/32420/discuss"> + <p>Verlihub is prone to a remote command-execution vulnerability + because it fails to sufficiently validate user input.</p> + <p>Successfully exploiting this issue would allow an attacker to + execute arbitrary commands on an affected computer in the context of + the affected application.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5705</cvename> + <cvename>CVE-2008-5706</cvename> + <bid>32889</bid> + <bid>32420</bid> + <url>http://milw0rm.com/exploits/7183</url> + </references> + <dates> + <discovery>2008-11-22</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="66a770b4-e008-11dd-a765-0030843d3802"> + <topic>mysql -- empty bit-string literal denial of service</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>5.0</ge><lt>5.0.66</lt></range> + <range><ge>5.1</ge><lt>5.1.26</lt></range> + <range><ge>6.0</ge><lt>6.0.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://bugs.mysql.com/bug.php?id=35658"> + <p>The vulnerability is caused due to an error when processing an + empty bit-string literal and can be exploited to crash the server via + a specially crafted SQL statement.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3963</cvename> + <url>http://bugs.mysql.com/bug.php?id=35658</url> + <url>http://dev.mysql.com/doc/refman/5.0/en/releasenotes-es-5-0-66.html</url> + <url>http://dev.mysql.com/doc/refman/5.1/en/news-5-1-26.html</url> + <url>http://dev.mysql.com/doc/refman/6.0/en/news-6-0-6.html</url> + <url>http://secunia.com/advisories/31769</url> + </references> + <dates> + <discovery>2008-09-11</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="8c451386-dff3-11dd-a765-0030843d3802"> + <topic>mysql -- privilege escalation and overwrite of the system table information</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1</ge><lt>4.1.24</lt></range> + <range><ge>5.0</ge><lt>5.0.51</lt></range> + <range><ge>5.1</ge><lt>5.1.23</lt></range> + <range><ge>6.0</ge><lt>6.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"> + <p>Using RENAME TABLE against a table with explicit DATA + DIRECTORY and INDEX DIRECTORY options can be used to overwrite + system table information by replacing the symbolic link + points. the file to which the symlink points.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-5969</cvename> + <bid>26765</bid> + <url>http://bugs.mysql.com/bug.php?id=32111</url> + </references> + <dates> + <discovery>2007-11-14</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="240ac24c-dff3-11dd-a765-0030843d3802"> + <topic>mysql -- remote dos via malformed password packet</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1</ge><lt>4.1.24</lt></range> + <range><ge>5.0</ge><lt>5.0.44</lt></range> + <range><ge>5.1</ge><lt>5.1.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-24.html"> + <p>A malformed password packet in the connection protocol + could cause the server to crash.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-3780</cvename> + <bid>25017</bid> + <url>http://bugs.mysql.com/bug.php?id=28984</url> + </references> + <dates> + <discovery>2007-07-15</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="bb4e9a44-dff2-11dd-a765-0030843d3802"> + <topic>mysql -- renaming of arbitrary tables by authenticated users</topic> + <affects> + <package> + <name>mysql-server</name> + <range><ge>4.1</ge><lt>4.1.23</lt></range> + <range><ge>5.0</ge><lt>5.0.42</lt></range> + <range><ge>5.1</ge><lt>5.1.18</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>MySQL reports:</p> + <blockquote cite="http://dev.mysql.com/doc/refman/4.1/en/news-4-1-23.html"> + <p>The requirement of the DROP privilege for RENAME TABLE was not + enforced.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2007-2691</cvename> + <bid>24016</bid> + <url>http://bugs.mysql.com/bug.php?id=27515</url> + </references> + <dates> + <discovery>2007-05-14</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="69a20ce4-dfee-11dd-a765-0030843d3802"> + <topic>imap-uw -- imap c-client buffer overflow</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007e</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SANS reports:</p> + <blockquote cite="http://www.washington.edu/imap/documentation/RELNOTES.html"> + <p>The University of Washington IMAP library is a library implementing + the IMAP mail protocol. University of Washington IMAP is exposed to a + buffer overflow issue that occurs due to a boundary error within the + rfc822_output_char function in the c-client library. The University of + Washington IMAP library versions prior to 2007e are affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5514</cvename> + <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url> + </references> + <dates> + <discovery>2008-12-16</discovery> + <entry>2009-01-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="a6713190-dfea-11dd-a765-0030843d3802"> + <topic>imap-uw -- local buffer overflow vulnerabilities</topic> + <affects> + <package> + <name>imap-uw</name> + <range><lt>2007d</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SANS reports:</p> + <blockquote cite="http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22"> + <p>University of Washington "tmail" and "dmail" are mail deliver + agents. "tmail" and "dmail" are exposed to local buffer overflow + issues because they fail to perform adequate boundary checks on + user-supplied data.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5514</cvename> + <url>http://www.washington.edu/imap/documentation/RELNOTES.html</url> + <url>http://www.sans.org/newsletters/risk/display.php?v=7&i=45#08.45.22</url> + </references> + <dates> + <discovery>2008-10-29</discovery> + <entry>2009-01-11</entry> + <modified>2010-05-02</modified> + </dates> + </vuln> + + <vuln vid="bd730827-dfe0-11dd-a765-0030843d3802"> + <topic>libcdaudio -- remote buffer overflow and code execution</topic> + <affects> + <package> + <name>libcdaudio</name> + <range><lt>0.99.12p2_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>securityfocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/32122/discuss"> + <p>The 'libcdaudio' library is prone to a remote heap code in the + context of an application that uses the library. Failed attacks will + cause denial-of-service conditions.</p> + </blockquote> + <blockquote cite="http://www.securityfocus.com/bid/12770/discuss"> + <p>A buffer-overflow in Grip occurs when the software processes a + response to a CDDB query that has more than 16 matches.</p> + <p>To exploit this issue, an attacker must be able to influence the + response to a CDDB query, either by controlling a malicious CDDB + server or through some other means. Successful exploits will allow + arbitrary code to run.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-5030</cvename> + <cvename>CVE-2005-0706</cvename> + <bid>32122</bid> + <bid>12770</bid> + </references> + <dates> + <discovery>2008-11-05</discovery> + <entry>2009-01-11</entry> + </dates> + </vuln> + + <vuln vid="c702944a-db0f-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- netgraph / bluetooth privilege escalation</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_7</lt></range> + <range><ge>6.4</ge><lt>6.4_1</lt></range> + <range><ge>7.0</ge><lt>7.0_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Some function pointers for netgraph and bluetooth sockets are + not properly initialized.</p> + <h1>Impact:</h1> + <p>A local user can cause the FreeBSD kernel to execute + arbitrary code. This could be used by an attacker directly; + or it could be used to gain root privilege or to escape from + a jail.</p> + <h1>Workaround:</h1> + <p>No workaround is available, but systems without local + untrusted users are not vulnerable. Furthermore, systems are + not vulnerable if they have neither the ng_socket nor + ng_bluetooth kernel modules loaded or compiled into the + kernel.</p> + <p>Systems with the security.jail.socket_unixiproute_only + sysctl set to 1 (the default) are only vulnerable if they have + local untrusted users outside of jails.</p> + <p>If the command</p> + <p><code># kldstat -v | grep ng_</code></p> + <p>produces no output, the system is not vulnerable.</p> + </body> + </description> + <references> + <freebsdsa>SA-08:13.protosw</freebsdsa> + </references> + <dates> + <discovery>2008-12-23</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="e9ecaceb-db0d-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- Cross-site request forgery in ftpd(8)</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_7</lt></range> + <range><ge>6.4</ge><lt>6.4_1</lt></range> + <range><ge>7.0</ge><lt>7.0_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The ftpd(8) server splits long commands into several + requests. This may result in the server executing a command + which is hidden inside another very long command.</p> + <h1>Impact:</h1> + <p>This could, with a specifically crafted command, be used in a + cross-site request forgery attack.</p> + <p>FreeBSD systems running ftpd(8) server could act as a point + of privilege escalation in an attack against users using web + browser to access trusted FTP sites.</p> + <h1>Workaround:</h1> + <p>No workaround is available, but systems not running FTP + servers are not vulnerable. Systems not running the FreeBSD + ftp(8) server are not affected, but users of other ftp + daemons are advised to take care since several other ftp + daemons are known to have related bugs.</p> + </body> + </description> + <references> + <cvename>CVE-2008-4247</cvename> + <freebsdsa>SA-08:12.ftpd</freebsdsa> + </references> + <dates> + <discovery>2008-12-23</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="6b8cadce-db0b-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- IPv6 Neighbor Discovery Protocol routing vulnerability</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_5</lt></range> + <range><ge>7.0</ge><lt>7.0_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>IPv6 routers may allow "on-link" IPv6 nodes to create and + update the router's neighbor cache and forwarding + information. A malicious IPv6 node sharing a common router + but on a different physical segment from another node may be + able to spoof Neighbor Discovery messages, allowing it to + update router information for the victim node.</p> + <h1>Impact:</h1> + <p>An attacker on a different physical network connected to the + same IPv6 router as another node could redirect IPv6 traffic + intended for that node. This could lead to denial of service + or improper access to private network traffic.</p> + <h1>Workaround:</h1> + <p>Firewall packet filters can be used to filter incoming + Neighbor Solicitation messages but may interfere with normal + IPv6 operation if not configured carefully.</p> + <p>Reverse path forwarding checks could be used to make + gateways, such as routers or firewalls, drop Neighbor + Solicitation messages from nodes with unexpected source + addresses on a particular interface.</p> + <p>IPv6 router administrators are encouraged to read RFC 3756 + for further discussion of Neighbor Discovery security + implications.</p> + </body> + </description> + <references> + <cvename>CVE-2008-2476</cvename> + <freebsdsa>SA-08:10.nd6</freebsdsa> + </references> + <dates> + <discovery>2008-10-01</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="5796858d-db0b-11dd-aa56-000bcdf0a03b"> + <topic>FreeBSD -- arc4random(9) predictable sequence vulnerability</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>6.3</ge><lt>6.3_6</lt></range> + <range><ge>7.0</ge><lt>7.0_6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>When the arc4random(9) random number generator is + initialized, there may be inadequate entropy to meet the + needs of kernel systems which rely on arc4random(9); and it + may take up to 5 minutes before arc4random(9) is reseeded + with secure entropy from the Yarrow random number generator.</p> + <h1>Impact:</h1> + <p>All security-related kernel subsystems that rely on a + quality random number generator are subject to a wide range of + possible attacks for the 300 seconds after boot or until 64k + of random data is consumed. The list includes:</p> + <p>* GEOM ELI providers with onetime keys. When a provider is + configured in a way so that it gets attached at the same time + during boot (e.g. it uses the rc subsystem to initialize) it + might be possible for an attacker to recover the encrypted + data.</p> + <p>* GEOM shsec providers. The GEOM shsec subsytem is used to + split a shared secret between two providers so that it can be + recovered when both of them are present. This is done by + writing the random sequence to one of providers while + appending the result of the random sequence on the other host + to the original data. If the provider was created within the + first 300 seconds after booting, it might be possible for an + attacker to extract the original data with access to only one + of the two providers between which the secret data is split.</p> + <p>* System processes started early after boot may receive + predictable IDs.</p> + <p>* The 802.11 network stack uses arc4random(9) to generate + initial vectors (IV) for WEP encryption when operating in + client mode and WEP authentication challenges when operating + in hostap mode, which may be insecure.</p> + <p>* The IPv4, IPv6 and TCP/UDP protocol implementations rely + on a quality random number generator to produce unpredictable + IP packet identifiers, initial TCP sequence numbers and + outgoing port numbers. During the first 300 seconds after + booting, it may be easier for an attacker to execute IP + session hijacking, OS fingerprinting, idle scanning, or in + some cases DNS cache poisoning and blind TCP data injection + attacks.</p> + <p>* The kernel RPC code uses arc4random(9) to retrieve + transaction identifiers, which might make RPC clients + vulnerable to hijacking attacks.</p> + <h1>Workaround:</h1> + <p>No workaround is available for affected systems.</p> + </body> + </description> + <references> + <cvename>CVE-2008-5162</cvename> + <freebsdsa>SA-08.11.arc4random</freebsdsa> + </references> + <dates> + <discovery>2008-11-24</discovery> + <entry>2009-01-05</entry> + <modified>2016-08-09</modified> + </dates> + </vuln> + + <vuln vid="d5e1aac8-db0b-11dd-ae30-001cc0377035"> + <topic>xterm -- DECRQSS remote command execution vulnerability</topic> + <affects> + <package> + <name>xterm</name> + <range><lt>238</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>SecurityFocus reports:</p> + <blockquote cite="http://www.securityfocus.com/bid/33060/discuss"> + <p>The xterm program is prone to a remote command-execution + vulnerability because it fails to sufficiently validate user + input.</p> + <p>Successfully exploiting this issue would allow an attacker + to execute arbitrary commands on an affected computer in the + context of the affected application.</p> + </blockquote> + </body> + </description> + <references> + <bid>33060</bid> + <cvename>CVE-2008-2383</cvename> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030</url> + </references> + <dates> + <discovery>2008-12-28</discovery> + <entry>2009-01-05</entry> + <modified>2009-01-06</modified> + </dates> + </vuln> + + <vuln vid="58a3c266-db01-11dd-ae30-001cc0377035"> + <topic>php5-gd -- uninitialized memory information disclosure vulnerability</topic> + <affects> + <package> + <name>php5-gd</name> + <range><le>5.2.8</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>According to CVE-2008-5498 entry:</p> + <blockquote cite="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498"> + <p>Array index error in the "imageRotate" function in PHP 5.2.8 and + earlier allows context-dependent attackers to read the contents + of arbitrary memory locations via a crafted value of the third + argument (aka the "bgd_color" or "clrBack" argument) for an indexed + image.</p> + </blockquote> + </body> + </description> + <references> + <bid>33002</bid> + <cvename>CVE-2008-5498</cvename> + <url>http://www.securiteam.com/unixfocus/6G00Y0ANFU.html</url> + </references> + <dates> + <discovery>2008-12-24</discovery> + <entry>2009-01-05</entry> + <modified>2009-02-04</modified> + </dates> + </vuln> + + <vuln vid="27d78386-d35f-11dd-b800-001b77d09812"> + <topic>awstats -- multiple XSS vulnerabilities</topic> + <affects> + <package> + <name>awstats</name> + <range><lt>6.9,1</lt></range> + </package> + <package> + <name>awstats-devel</name> + <range><gt>0</gt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Secunia reports:</p> + <blockquote cite="http://secunia.com/advisories/31519"> + <p>Morgan Todd has discovered a vulnerability in AWStats, + which can be exploited by malicious people to conduct + cross-site scripting attacks.</p> + <p>Input passed in the URL to awstats.pl is not properly + sanitised before being returned to the user. This can be + exploited to execute arbitrary HTML and script code in a + user's browser session in context of an affected site.</p> + <p>Successful exploitation requires that the application is + running as a CGI script.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3714</cvename> + <cvename>CVE-2008-5080</cvename> + <url>http://secunia.com/advisories/31519</url> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432</url> + </references> + <dates> + <discovery>2008-03-12</discovery> + <entry>2009-01-04</entry> + </dates> + </vuln> + + <vuln vid="13b0c8c8-bee0-11dd-a708-001fc66e7203"> + <topic>p5-File-Path -- rmtree allows creation of setuid files</topic> + <affects> + <package> + <name>p5-File-Path</name> + <range><lt>2.07_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jan Lieskovsky reports:</p> + <blockquote cite="http://www.openwall.com/lists/oss-security/2008/11/28/1"> + <p>perl-File-Path rmtree race condition (CVE-2005-0448 was assigned to + address this)</p> + <p>This vulnerability was fixed in 5.8.4-7 but re-introduced + in 5.8.8-1. It's also present in File::Path 2.xx, up to and + including 2.07 which has only a partial fix.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2005-0448</cvename> + <mlist>http://www.openwall.com/lists/oss-security/2008/11/28/1</mlist> + <mlist>http://www.gossamer-threads.com/lists/perl/porters/233699#233699</mlist> + <url>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905</url> + </references> + <dates> + <discovery>2008-11-28</discovery> + <entry>2009-01-03</entry> + </dates> + </vuln> + + <vuln vid="0e1e3789-d87f-11dd-8ecd-00163e000016"> + <topic>vim -- multiple vulnerabilities in the netrw module</topic> + <affects> + <package> + <name>vim</name> + <name>vim-console</name> + <name>vim-lite</name> + <name>vim-gtk2</name> + <name>vim-gnome</name> + <range><ge>7.0</ge><lt>7.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Jan Minar reports:</p> + <blockquote cite="http://www.rdancer.org/vulnerablevim-netrw.v2.html"> + <p>Applying the ``D'' to a file with a crafted file name, + or inside a directory with a crafted directory name, can + lead to arbitrary code execution.</p> + </blockquote> + <blockquote cite="http://www.rdancer.org/vulnerablevim-netrw.v5.html"> + <p>Lack of sanitization throughout Netrw can lead to arbitrary + code execution upon opening a directory with a crafted + name.</p> + </blockquote> + <blockquote cite="http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html"> + <p>The Vim Netrw Plugin shares the FTP user name and password + across all FTP sessions. Every time Vim makes a new FTP + connection, it sends the user name and password of the + previous FTP session to the FTP server.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2008-3076</cvename> + <mlist>http://www.openwall.com/lists/oss-security/2008/10/16/2</mlist> + <url>http://www.rdancer.org/vulnerablevim-netrw.html</url> + <url>http://www.rdancer.org/vulnerablevim-netrw.v2.html</url> + <url>http://www.rdancer.org/vulnerablevim-netrw.v5.html</url> + <url>http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html</url> + </references> + <dates> + <discovery>2008-10-16</discovery> + <entry>2009-01-02</entry> + </dates> + </vuln> |