From 1fb93105e46b47b4409cac7d06dd0a1b6f8da55d Mon Sep 17 00:00:00 2001 From: Remko Lodder Date: Wed, 13 Sep 2006 22:01:57 +0000 Subject: [PATCH] OK, I do not know WHAT went wrong but it went wrong, revert to the old situation and i will re-adopt the PHP entry. --- security/vuxml/vuln.xml | 1539 +++++++++++++++++++-------------------- 1 file changed, 738 insertions(+), 801 deletions(-) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 51a69575ac71..8f79da2fc62f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,69 +34,6 @@ Note: Please add new entries to the beginning of this file. --> - - php -- multiple vulnerabilities - - - php4 - php5 - 4.4.4 - 55.1.5 - - - php4-cli - php5-cli - php4-cgi - php5-cgi - php4-dtc - php5-dtc - php4-horde - php5-horde - php4-nms - php5-nms - mod-php4 - mod-php5 - 0 - - - - -

The PHP development team reports:

-
-
    -
  • Added missing safe_mode/open_basedir checks inside the - error_log(), file_exists(), imap_open() and imap_reopen() - functions.
    • -
  • Fixed overflows inside str_repeat() and wordwrap() - functions on 64bit systems.
    • -
  • Fixed possible open_basedir/safe_mode bypass in cURL - extension and with realpath cache.
    • -
  • Fixed overflow in GD extension on invalid GIF - images.
    • -
  • Fixed a buffer overflow inside sscanf() function.
    • -
  • Fixed an out of bounds read inside stripos() - function.
    • -
  • Fixed memory_limit restriction on 64 bit system.
    • -
-
- - - - CVE-2006-4481 - CVE-2006-4482 - CVE-2006-4483 - CVE-2006-4484 - CVE-2006-4485 - CVE-2006-4486 - http://www.php.net/release_4_4_4.php - http://www.php.net/release_5_1_5.php - - - 2006-09-FIXME - 2006-09-13 - - - drupal-pubcookie -- authentication may be bypassed @@ -2627,764 +2564,764 @@ Note: Please add new entries to the beginning of this file. CVE-2006-1329 http://article.gmane.org/gmane.network.jabber.admin/27372 -http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826 -http://secunia.com/advisories/19281/ - - -2006-03-20 -2006-05-01 - - + http://jabberstudio.org/projects/jabberd2/releases/view.php?id=826 + http://secunia.com/advisories/19281/ + + + 2006-03-20 + 2006-05-01 + + - -cacti -- ADOdb "server.php" Insecure Test Script Security Issue - - -cacti -0.8.6h - - - - -

Secunia reports:

-
-

Cacti have a security issue, which can be exploited by malicious - people to execute arbitrary SQL code and potentially compromise a - vulnerable system.

-

The problem is caused due to the presence of the insecure - "server.php" test script.

-
- - - -http://secunia.com/advisories/18276/ -http://secunia.com/advisories/17418/ - - -2006-01-09 -2006-04-27 - - + + cacti -- ADOdb "server.php" Insecure Test Script Security Issue + + + cacti + 0.8.6h + + + + +

Secunia reports:

+
+

Cacti have a security issue, which can be exploited by malicious + people to execute arbitrary SQL code and potentially compromise a + vulnerable system.

+

The problem is caused due to the presence of the insecure + "server.php" test script.

+
+ + + + http://secunia.com/advisories/18276/ + http://secunia.com/advisories/17418/ + + + 2006-01-09 + 2006-04-27 + + - -amaya -- Attribute Value Buffer Overflow Vulnerabilities - - -amaya -9.5 - - - - -

Secunia reports:

-
-

Amaya have two vulnerabilities, which can be exploited by - malicious people to compromise a user's system.

-

The vulnerabilities are caused due to boundary errors within the - parsing of various attribute values. This can be exploited to cause - stack-based buffer overflows when a user opens a specially crafted - HTML document containing certain tags with overly long attribute - values.

-

Successful exploitation allows execution of arbitrary code.

-
- - - -CVE-2006-1900 -http://morph3us.org/advisories/20060412-amaya-94.txt -http://morph3us.org/advisories/20060412-amaya-94-2.txt -http://secunia.com/advisories/19670/ - - -2006-04-14 -2006-04-27 - - + + amaya -- Attribute Value Buffer Overflow Vulnerabilities + + + amaya + 9.5 + + + + +

Secunia reports:

+
+

Amaya have two vulnerabilities, which can be exploited by + malicious people to compromise a user's system.

+

The vulnerabilities are caused due to boundary errors within the + parsing of various attribute values. This can be exploited to cause + stack-based buffer overflows when a user opens a specially crafted + HTML document containing certain tags with overly long attribute + values.

+

Successful exploitation allows execution of arbitrary code.

+
+ + + + CVE-2006-1900 + http://morph3us.org/advisories/20060412-amaya-94.txt + http://morph3us.org/advisories/20060412-amaya-94-2.txt + http://secunia.com/advisories/19670/ + + + 2006-04-14 + 2006-04-27 + + - -lifetype -- ADOdb "server.php" Insecure Test Script Security Issue - - -lifetype -1.0.3 - - - - -

Secunia reports:

-
-

A security issue has been discovered in LifeType, which can be - exploited by malicious people to execute arbitrary SQL code and - potentially compromise a vulnerable system.

-

The problem is caused due to the presence of the insecure - "server.php" test script.

-
- - - -CVE-2006-0146 -http://secunia.com/advisories/19699/ -http://secunia.com/advisories/17418/ - - -2006-04-19 -2006-04-27 - - + + lifetype -- ADOdb "server.php" Insecure Test Script Security Issue + + + lifetype + 1.0.3 + + + + +

Secunia reports:

+
+

A security issue has been discovered in LifeType, which can be + exploited by malicious people to execute arbitrary SQL code and + potentially compromise a vulnerable system.

+

The problem is caused due to the presence of the insecure + "server.php" test script.

+
+ + + + CVE-2006-0146 + http://secunia.com/advisories/19699/ + http://secunia.com/advisories/17418/ + + + 2006-04-19 + 2006-04-27 + + - -ethereal -- Multiple Protocol Dissector Vulnerabilities - - -ethereal -ethereal-lite -tethereal -tethereal-lite -0.8.50.99.0 - - - - -

Secunia reports:

-
-

Multiple vulnerabilities have been reported in Ethereal, which - can be exploited by malicious people to cause a DoS (Denial of - Service) or compromise a vulnerable system.

-

The vulnerabilities are caused due to various types of errors - including boundary errors, an off-by-one error, an infinite loop - error, and several unspecified errors in a multitude of protocol - dissectors.

-

Successful exploitation causes Ethereal to stop responding, - consume a large amount of system resources, crash, or execute - arbitrary code.

-
- - - -CVE-2006-1932 -CVE-2006-1933 -CVE-2006-1934 -CVE-2006-1935 -CVE-2006-1936 -CVE-2006-1937 -CVE-2006-1938 -CVE-2006-1939 -CVE-2006-1940 -http://www.ethereal.com/appnotes/enpa-sa-00023.html -http://secunia.com/advisories/19769/ - - -2006-04-25 -2006-04-27 - - + + ethereal -- Multiple Protocol Dissector Vulnerabilities + + + ethereal + ethereal-lite + tethereal + tethereal-lite + 0.8.50.99.0 + + + + +

Secunia reports:

+
+

Multiple vulnerabilities have been reported in Ethereal, which + can be exploited by malicious people to cause a DoS (Denial of + Service) or compromise a vulnerable system.

+

The vulnerabilities are caused due to various types of errors + including boundary errors, an off-by-one error, an infinite loop + error, and several unspecified errors in a multitude of protocol + dissectors.

+

Successful exploitation causes Ethereal to stop responding, + consume a large amount of system resources, crash, or execute + arbitrary code.

+
+ + + + CVE-2006-1932 + CVE-2006-1933 + CVE-2006-1934 + CVE-2006-1935 + CVE-2006-1936 + CVE-2006-1937 + CVE-2006-1938 + CVE-2006-1939 + CVE-2006-1940 + http://www.ethereal.com/appnotes/enpa-sa-00023.html + http://secunia.com/advisories/19769/ + + + 2006-04-25 + 2006-04-27 + + - -asterisk -- denial of service vulnerability, local system access - - -asterisk -1.2.7 - - - - -

Emmanouel Kellenis reports a denial of service vulnerability - within asterisk. The vulnerability is caused by a buffer - overflow in "format_jpeg.c". A large JPEG image could - trigger this bug, potentially allowing a local attacker to - execute arbitrary code.

- - - -17561 -CVE-2006-1827 -http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory - - -2006-04-07 -2006-04-25 - - + + asterisk -- denial of service vulnerability, local system access + + + asterisk + 1.2.7 + + + + +

Emmanouel Kellenis reports a denial of service vulnerability + within asterisk. The vulnerability is caused by a buffer + overflow in "format_jpeg.c". A large JPEG image could + trigger this bug, potentially allowing a local attacker to + execute arbitrary code.

+ + + + 17561 + CVE-2006-1827 + http://www.cipher.org.uk/index.php?p=advisories/Asterisk_Codec_Integer_Overflow_07-04-2006.advisory + + + 2006-04-07 + 2006-04-25 + + - -zgv, xzgv -- heap overflow vulnerability - - -zgv -0 - - -xzgv -0 - - - - -

Gentoo reports:

-
-

Andrea Barisani of Gentoo Linux discovered xzgv and zgv - allocate insufficient memory when rendering images with - more than 3 output components, such as images using the - YCCK or CMYK colour space. When xzgv or zgv attempt to - render the image, data from the image overruns a heap - allocated buffer.

-

An attacker may be able to construct a malicious image that - executes arbitrary code with the permissions of the xzgv or - zgv user when attempting to render the image.

-
- - - -17409 -CVE-2006-1060 -http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml - - -2006-04-21 -2006-04-23 - - + + zgv, xzgv -- heap overflow vulnerability + + + zgv + 0 + + + xzgv + 0 + + + + +

Gentoo reports:

+
+

Andrea Barisani of Gentoo Linux discovered xzgv and zgv + allocate insufficient memory when rendering images with + more than 3 output components, such as images using the + YCCK or CMYK colour space. When xzgv or zgv attempt to + render the image, data from the image overruns a heap + allocated buffer.

+

An attacker may be able to construct a malicious image that + executes arbitrary code with the permissions of the xzgv or + zgv user when attempting to render the image.

+
+ + + + 17409 + CVE-2006-1060 + http://www.gentoo.org/security/en/glsa/glsa-200604-10.xml + + + 2006-04-21 + 2006-04-23 + + - -crossfire-server -- denial of service and remote code execution vulnerability - - -crossfire-server -1.9.0 - - - - -

FRSIRT reports:

-
-

A vulnerability has been identified in CrossFire, which - could be exploited by remote attackers to execute arbitrary - commands or cause a denial of service. This flaw is due to - a buffer overflow error in the "oldsocketmode" module that - fails to properly handle overly large requests, which could - be exploited by a malicious client to crash or compromise a - vulnerable system.

-
- - - -16883 -CVE-2006-1010 -http://www.frsirt.com/english/advisories/2006/0760 - - -2006-02-28 -2006-04-23 - - + + crossfire-server -- denial of service and remote code execution vulnerability + + + crossfire-server + 1.9.0 + + + + +

FRSIRT reports:

+
+

A vulnerability has been identified in CrossFire, which + could be exploited by remote attackers to execute arbitrary + commands or cause a denial of service. This flaw is due to + a buffer overflow error in the "oldsocketmode" module that + fails to properly handle overly large requests, which could + be exploited by a malicious client to crash or compromise a + vulnerable system.

+
+ + + + 16883 + CVE-2006-1010 + http://www.frsirt.com/english/advisories/2006/0760 + + + 2006-02-28 + 2006-04-23 + + - -p5-DBI -- insecure temporary file creation vulnerability - - -p5-DBI-137 -0 - - -p5-DBI -1.37_1 -1.381.48 - - - - -

Javier Fernández-Sanguino Peña reports:

-
-

The DBI library, the Perl5 database interface, creates a - temporary PID file in an insecure manner. This can be - exploited by a malicious user to overwrite arbitrary files - owned by the person executing the parts of the library.

-
- - - -12360 -CAN-2005-0077 -http://www.debian.org/security/2005/dsa-658 - - -2005-01-25 -2006-04-23 -2006-05-11 - - + + p5-DBI -- insecure temporary file creation vulnerability + + + p5-DBI-137 + 0 + + + p5-DBI + 1.37_1 + 1.381.48 + + + + +

Javier Fernández-Sanguino Peña reports:

+
+

The DBI library, the Perl5 database interface, creates a + temporary PID file in an insecure manner. This can be + exploited by a malicious user to overwrite arbitrary files + owned by the person executing the parts of the library.

+
+ + + + 12360 + CAN-2005-0077 + http://www.debian.org/security/2005/dsa-658 + + + 2005-01-25 + 2006-04-23 + 2006-05-11 + + - -wordpress -- full path disclosure - - -wordpress -1.5.2 - - - - -

Dedi Dwianto reports:

-
-

A remote user can access the file directly to cause the - system to display an error message that indicates the - installation path. The resulting error message will - disclose potentially sensitive installation path - information to the remote attacker.

-
- - - -CVE-2005-4463 -http://echo.or.id/adv/adv24-theday-2005.txt - - -2005-12-20 -2006-04-23 - - + + wordpress -- full path disclosure + + + wordpress + 1.5.2 + + + + +

Dedi Dwianto reports:

+
+

A remote user can access the file directly to cause the + system to display an error message that indicates the + installation path. The resulting error message will + disclose potentially sensitive installation path + information to the remote attacker.

+
+ + + + CVE-2005-4463 + http://echo.or.id/adv/adv24-theday-2005.txt + + + 2005-12-20 + 2006-04-23 + + - -xine -- multiple remote string vulnerabilities - - -xine -0.99.4_4 - - - - -

c0ntexb reports:

-
-

There are 2 format string bugs in the latest version of - Xine that could be exploited by a malicious person to - execute code on the system of a remote user running the - media player against a malicious playlist file. By passing - a format specifier in the path of a file that is embedded - in a remote playlist, it is possible to trigger this bug. -

-
- - - -17579 -CVE-2006-1905 -http://www.open-security.org/advisories/16 - - -2006-04-18 -2006-04-23 - - + + xine -- multiple remote string vulnerabilities + + + xine + 0.99.4_4 + + + + +

c0ntexb reports:

+
+

There are 2 format string bugs in the latest version of + Xine that could be exploited by a malicious person to + execute code on the system of a remote user running the + media player against a malicious playlist file. By passing + a format specifier in the path of a file that is embedded + in a remote playlist, it is possible to trigger this bug. +

+
+ + + + 17579 + CVE-2006-1905 + http://www.open-security.org/advisories/16 + + + 2006-04-18 + 2006-04-23 + + - -cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service - - -cyrus-sasl -2.*2.1.21 - - - - -

Unspecified vulnerability in the CMU Cyrus Simple -Authentication and Security Layer (SASL) library, has unknown -impact and remote unauthenticated attack vectors, related to -DIGEST-MD5 negotiation.

- - - -CVE-2006-1721 - - -2006-04-11 -2006-04-22 - - + + cyrus-sasl -- DIGEST-MD5 Pre-Authentication Denial of Service + + + cyrus-sasl + 2.*2.1.21 + + + + +

Unspecified vulnerability in the CMU Cyrus Simple + Authentication and Security Layer (SASL) library, has unknown + impact and remote unauthenticated attack vectors, related to + DIGEST-MD5 negotiation.

+ + + + CVE-2006-1721 + + + 2006-04-11 + 2006-04-22 + + - -FreeBSD -- FPU information disclosure - - -FreeBSD -6.06.0_7 -5.45.4_14 -5.35.3_29 -55.3 -4.114.11_17 -4.104.10_23 -4.10 - - - - -

Problem Description

-

On "7th generation" and "8th generation" processors - manufactured by AMD, including the AMD Athlon, Duron, Athlon - MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and - Sempron, the fxsave and fxrstor instructions do not save and - restore the FOP, FIP, and FDP registers unless the exception - summary bit (ES) in the x87 status word is set to 1, - indicating that an unmasked x87 exception has occurred.

-

This behaviour is consistent with documentation provided by - AMD, but is different from processors from other vendors, - which save and restore the FOP, FIP, and FDP registers - regardless of the value of the ES bit. As a result of this - discrepancy remaining unnoticed until now, the FreeBSD kernel - does not restore the contents of the FOP, FIP, and FDP - registers between context switches.

-

Impact

-

On affected processors, a local attacker can monitor the - execution path of a process which uses floating-point - operations. This may allow an attacker to steal - cryptographic keys or other sensitive information.

-

Workaround

-

No workaround is available, but systems which do not use AMD - Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX, - Opteron, Turion, or Sempron processors are not vulnerable.

- - - -CVE-2006-1056 -SA-06:14.fpu - - -2006-04-19 -2006-04-19 -2006-06-09 - - + + FreeBSD -- FPU information disclosure + + + FreeBSD + 6.06.0_7 + 5.45.4_14 + 5.35.3_29 + 55.3 + 4.114.11_17 + 4.104.10_23 + 4.10 + + + + +

Problem Description

+

On "7th generation" and "8th generation" processors + manufactured by AMD, including the AMD Athlon, Duron, Athlon + MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, and + Sempron, the fxsave and fxrstor instructions do not save and + restore the FOP, FIP, and FDP registers unless the exception + summary bit (ES) in the x87 status word is set to 1, + indicating that an unmasked x87 exception has occurred.

+

This behaviour is consistent with documentation provided by + AMD, but is different from processors from other vendors, + which save and restore the FOP, FIP, and FDP registers + regardless of the value of the ES bit. As a result of this + discrepancy remaining unnoticed until now, the FreeBSD kernel + does not restore the contents of the FOP, FIP, and FDP + registers between context switches.

+

Impact

+

On affected processors, a local attacker can monitor the + execution path of a process which uses floating-point + operations. This may allow an attacker to steal + cryptographic keys or other sensitive information.

+

Workaround

+

No workaround is available, but systems which do not use AMD + Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 FX, + Opteron, Turion, or Sempron processors are not vulnerable.

+ + + + CVE-2006-1056 + SA-06:14.fpu + + + 2006-04-19 + 2006-04-19 + 2006-06-09 + + - -plone -- "member_id" Parameter Portrait Manipulation Vulnerability - - -plone -2.1.2_1 - - - - -

Secunia reports:

-
-

The vulnerability is caused due to missing security declarations - in "changeMemberPortrait" and "deletePersonalPortrait". This can - be exploited to manipulate or delete another user's portrait via - the "member_id" parameter.

-
- - - -CVE-2006-1711 -http://dev.plone.org/plone/ticket/5432 -http://www.debian.org/security/2006/dsa-1032 -http://secunia.com/advisories/19633/ - - -2006-04-13 -2006-04-18 - - + + plone -- "member_id" Parameter Portrait Manipulation Vulnerability + + + plone + 2.1.2_1 + + + + +

Secunia reports:

+
+

The vulnerability is caused due to missing security declarations + in "changeMemberPortrait" and "deletePersonalPortrait". This can + be exploited to manipulate or delete another user's portrait via + the "member_id" parameter.

+
+ + + + CVE-2006-1711 + http://dev.plone.org/plone/ticket/5432 + http://www.debian.org/security/2006/dsa-1032 + http://secunia.com/advisories/19633/ + + + 2006-04-13 + 2006-04-18 + + - -mozilla -- multiple vulnerabilities - - -firefox -1.0.8,1 -1.5.*,11.5.0.2,1 - - -linux-firefox -1.5.0.2 - - -mozilla -1.7.13,2 -1.8.*,2 - - -linux-mozilla -1.7.13 - - -linux-mozilla-devel -0 - - -seamonkey -linux-seamonkey -1.0.1 - - -thunderbird -mozilla-thunderbird -1.5.0.2 - - - - -

A Mozilla Foundation Security Advisory reports of multiple - issues. Several of which can be used to run arbitrary code - with the privilege of the user running the program.

-
-
    -
  • MFSA 2006-29 Spoofing with translucent windows
    • -
  • MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
    • -
  • MFSA 2006-26 Mail Multiple Information Disclosure
    • -
  • MFSA 2006-25 Privilege escalation through Print Preview
    • -
  • MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
    • -
  • MFSA 2006-23 File stealing by changing input type
    • -
  • MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
    • -
  • MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
    • -
  • MFSA 2006-19 Cross-site scripting using .valueOf.call()
    • -
  • MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
    • -
  • MFSA 2006-17 cross-site scripting through window.controllers
    • -
  • MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
    • -
  • MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
    • -
  • MFSA 2006-14 Privilege escalation via XBL.method.eval
    • -
  • MFSA 2006-13 Downloading executables with "Save Image As..."
    • -
  • MFSA 2006-12 Secure-site spoof (requires security warning dialog)
    • -
  • MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
    • -
  • MFSA 2006-10 JavaScript garbage-collection hazard audit
    • -
  • MFSA 2006-09 Cross-site JavaScript injection using event handlers
    • -
-
- - - -179014 -252324 -329500 -350262 -488774 -736934 -813230 -842094 -932734 -935556 -968814 -CVE-2006-0749 -CVE-2006-1045 -CVE-2006-1529 -CVE-2006-1530 -CVE-2006-1531 -CVE-2006-1723 -CVE-2006-1724 -CVE-2006-1725 -CVE-2006-1726 -CVE-2006-1727 -CVE-2006-1728 -CVE-2006-1729 -CVE-2006-1730 -CVE-2006-1731 -CVE-2006-1732 -CVE-2006-1733 -CVE-2006-1734 -CVE-2006-1735 -CVE-2006-1736 -CVE-2006-1737 -CVE-2006-1738 -CVE-2006-1739 -CVE-2006-1740 -CVE-2006-1741 -CVE-2006-1742 -CVE-2006-1790 -http://www.mozilla.org/security/announce/2006/mfsa2006-09.html -http://www.mozilla.org/security/announce/2006/mfsa2006-10.html -http://www.mozilla.org/security/announce/2006/mfsa2006-11.html -http://www.mozilla.org/security/announce/2006/mfsa2006-12.html -http://www.mozilla.org/security/announce/2006/mfsa2006-13.html -http://www.mozilla.org/security/announce/2006/mfsa2006-14.html -http://www.mozilla.org/security/announce/2006/mfsa2006-15.html -http://www.mozilla.org/security/announce/2006/mfsa2006-16.html -http://www.mozilla.org/security/announce/2006/mfsa2006-17.html -http://www.mozilla.org/security/announce/2006/mfsa2006-18.html -http://www.mozilla.org/security/announce/2006/mfsa2006-19.html -http://www.mozilla.org/security/announce/2006/mfsa2006-20.html -http://www.mozilla.org/security/announce/2006/mfsa2006-22.html -http://www.mozilla.org/security/announce/2006/mfsa2006-23.html -http://www.mozilla.org/security/announce/2006/mfsa2006-25.html -http://www.mozilla.org/security/announce/2006/mfsa2006-26.html -http://www.mozilla.org/security/announce/2006/mfsa2006-28.html -http://www.mozilla.org/security/announce/2006/mfsa2006-29.html -http://www.zerodayinitiative.com/advisories/ZDI-06-010.html -TA06-107A - - -2006-04-13 -2006-04-16 -2006-04-27 - - + + mozilla -- multiple vulnerabilities + + + firefox + 1.0.8,1 + 1.5.*,11.5.0.2,1 + + + linux-firefox + 1.5.0.2 + + + mozilla + 1.7.13,2 + 1.8.*,2 + + + linux-mozilla + 1.7.13 + + + linux-mozilla-devel + 0 + + + seamonkey + linux-seamonkey + 1.0.1 + + + thunderbird + mozilla-thunderbird + 1.5.0.2 + + + + +

A Mozilla Foundation Security Advisory reports of multiple + issues. Several of which can be used to run arbitrary code + with the privilege of the user running the program.

+
+
    +
  • MFSA 2006-29 Spoofing with translucent windows
    • +
  • MFSA 2006-28 Security check of js_ValueToFunctionObject() can be circumvented
    • +
  • MFSA 2006-26 Mail Multiple Information Disclosure
    • +
  • MFSA 2006-25 Privilege escalation through Print Preview
    • +
  • MFSA 2006-24 Privilege escalation using crypto.generateCRMFRequest
    • +
  • MFSA 2006-23 File stealing by changing input type
    • +
  • MFSA 2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
    • +
  • MFSA 2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
    • +
  • MFSA 2006-19 Cross-site scripting using .valueOf.call()
    • +
  • MFSA 2006-18 Mozilla Firefox Tag Order Vulnerability
    • +
  • MFSA 2006-17 cross-site scripting through window.controllers
    • +
  • MFSA 2006-16 Accessing XBL compilation scope via valueOf.call()
    • +
  • MFSA 2006-15 Privilege escalation using a JavaScript function's cloned parent
    • +
  • MFSA 2006-14 Privilege escalation via XBL.method.eval
    • +
  • MFSA 2006-13 Downloading executables with "Save Image As..."
    • +
  • MFSA 2006-12 Secure-site spoof (requires security warning dialog)
    • +
  • MFSA 2006-11 Crashes with evidence of memory corruption (rv:1.8)
    • +
  • MFSA 2006-10 JavaScript garbage-collection hazard audit
    • +
  • MFSA 2006-09 Cross-site JavaScript injection using event handlers
    • +
+
+ + + + 179014 + 252324 + 329500 + 350262 + 488774 + 736934 + 813230 + 842094 + 932734 + 935556 + 968814 + CVE-2006-0749 + CVE-2006-1045 + CVE-2006-1529 + CVE-2006-1530 + CVE-2006-1531 + CVE-2006-1723 + CVE-2006-1724 + CVE-2006-1725 + CVE-2006-1726 + CVE-2006-1727 + CVE-2006-1728 + CVE-2006-1729 + CVE-2006-1730 + CVE-2006-1731 + CVE-2006-1732 + CVE-2006-1733 + CVE-2006-1734 + CVE-2006-1735 + CVE-2006-1736 + CVE-2006-1737 + CVE-2006-1738 + CVE-2006-1739 + CVE-2006-1740 + CVE-2006-1741 + CVE-2006-1742 + CVE-2006-1790 + http://www.mozilla.org/security/announce/2006/mfsa2006-09.html + http://www.mozilla.org/security/announce/2006/mfsa2006-10.html + http://www.mozilla.org/security/announce/2006/mfsa2006-11.html + http://www.mozilla.org/security/announce/2006/mfsa2006-12.html + http://www.mozilla.org/security/announce/2006/mfsa2006-13.html + http://www.mozilla.org/security/announce/2006/mfsa2006-14.html + http://www.mozilla.org/security/announce/2006/mfsa2006-15.html + http://www.mozilla.org/security/announce/2006/mfsa2006-16.html + http://www.mozilla.org/security/announce/2006/mfsa2006-17.html + http://www.mozilla.org/security/announce/2006/mfsa2006-18.html + http://www.mozilla.org/security/announce/2006/mfsa2006-19.html + http://www.mozilla.org/security/announce/2006/mfsa2006-20.html + http://www.mozilla.org/security/announce/2006/mfsa2006-22.html + http://www.mozilla.org/security/announce/2006/mfsa2006-23.html + http://www.mozilla.org/security/announce/2006/mfsa2006-25.html + http://www.mozilla.org/security/announce/2006/mfsa2006-26.html + http://www.mozilla.org/security/announce/2006/mfsa2006-28.html + http://www.mozilla.org/security/announce/2006/mfsa2006-29.html + http://www.zerodayinitiative.com/advisories/ZDI-06-010.html + TA06-107A + + + 2006-04-13 + 2006-04-16 + 2006-04-27 + + - -mailman -- Private Archive Script Cross-Site Scripting - - -mailman -ja-mailman -mailman-with-htdig -2.1.8 - - - - -

Secunia reports:

-
-

A vulnerability has been reported in Mailman, which can be - exploited by malicious people to conduct cross-site scripting - attacks.

-

Unspecified input passed to the private archive script is not - properly sanitised before being returned to users. This can be - exploited to execute arbitrary HTML and script code in a user's - browser session in context of a vulnerable site.

-
- - - -CVE-2006-1712 -http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html -http://secunia.com/advisories/19558/ - - -2006-04-07 -2006-04-16 - - + + mailman -- Private Archive Script Cross-Site Scripting + + + mailman + ja-mailman + mailman-with-htdig + 2.1.8 + + + + +

Secunia reports:

+
+

A vulnerability has been reported in Mailman, which can be + exploited by malicious people to conduct cross-site scripting + attacks.

+

Unspecified input passed to the private archive script is not + properly sanitised before being returned to users. This can be + exploited to execute arbitrary HTML and script code in a user's + browser session in context of a vulnerable site.

+
+ + + + CVE-2006-1712 + http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html + http://secunia.com/advisories/19558/ + + + 2006-04-07 + 2006-04-16 + + - -f2c -- insecure temporary files - - -f2c -20060506 - - - - -

Javier Fernandez-Sanguino Pena reports two temporary file - vulnerability within f2c. The vulnerabilities are caused - due to weak temporary file handling. An attacker could - create an symbolic link, causing a local user running f2c - to overwrite the symlinked file. This could give the - attacker elevated privileges.

- - - -1280 -CAN-2005-0017 - - -2005-01-27 -2006-04-10 -2006-08-15 - - + + f2c -- insecure temporary files + + + f2c + 20060506 + + + + +

Javier Fernandez-Sanguino Pena reports two temporary file + vulnerability within f2c. The vulnerabilities are caused + due to weak temporary file handling. An attacker could + create an symbolic link, causing a local user running f2c + to overwrite the symlinked file. This could give the + attacker elevated privileges.

+ + + + 1280 + CAN-2005-0017 + + + 2005-01-27 + 2006-04-10 + 2006-08-15 + + - -mplayer -- Multiple integer overflows - - -mplayer -mplayer-esound -mplayer-gtk -mplayer-gtk2 -mplayer-gtk-esound -mplayer-gtk2-esound -0.99.7_12 - - - - -

Secunia reports:

-
-

The vulnerabilities are caused due to integer overflow errors - in "libmpdemux/asfheader.c" within the handling of an ASF file, - and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in - an AVI file. This can be exploited to cause heap-based buffer - overflows via a malicious ASF file, or via a AVI file with - specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in - the "indx" chunk.

-
- - - -CVE-2006-1502 -http://www.xfocus.org/advisories/200603/11.html -http://secunia.com/advisories/19418/ - - -2006-03-29 -2006-04-07 - - + + mplayer -- Multiple integer overflows + + + mplayer + mplayer-esound + mplayer-gtk + mplayer-gtk2 + mplayer-gtk-esound + mplayer-gtk2-esound + 0.99.7_12 + + + + +

Secunia reports:

+
+

The vulnerabilities are caused due to integer overflow errors + in "libmpdemux/asfheader.c" within the handling of an ASF file, + and in "libmpdemux/aviheader.c" when parsing the "indx" chunk in + an AVI file. This can be exploited to cause heap-based buffer + overflows via a malicious ASF file, or via a AVI file with + specially-crafted "wLongsPerEntry" and "nEntriesInUse" values in + the "indx" chunk.

+
+ + + + CVE-2006-1502 + http://www.xfocus.org/advisories/200603/11.html + http://secunia.com/advisories/19418/ + + + 2006-03-29 + 2006-04-07 + + - -kaffeine -- buffer overflow vulnerability - - -kaffeine -0.4.20.8.0 - - - - -

The KDE team reports:

-
-

Kaffeine can produce a buffer overflow in http_peek() while - creating HTTP request headers for fetching remote playlists, - which under certain circumstances could be used to crash the - application and/or execute arbitrary code.

-
- - - -17372 -CVE-2006-0051 -http://www.kde.org/info/security/advisory-20060404-1.txt - - -2006-04-04 -2006-04-07 - - + + kaffeine -- buffer overflow vulnerability + + + kaffeine + 0.4.20.8.0 + + + + +

The KDE team reports:

+
+

Kaffeine can produce a buffer overflow in http_peek() while + creating HTTP request headers for fetching remote playlists, + which under certain circumstances could be used to crash the + application and/or execute arbitrary code.

+
+ + + + 17372 + CVE-2006-0051 + http://www.kde.org/info/security/advisory-20060404-1.txt + + + 2006-04-04 + 2006-04-07 + + - -thunderbird -- javascript execution - - -thunderbird -mozilla-thunderbird -1.0.7 - - - - -

Renaud Lifchitz reports a vulnerability within thunderbird. - The vulnerability is caused by improper checking of javascript - scripts. This could lead to javascript code execution which - can lead to information disclosure or a denial of service - (application crash). This vulnerability is present even if - javascript had been disabled in the preferences.

- - - -16770 -CAN-2006-0884 - - -2006-02-22 -2006-04-07 - - + + thunderbird -- javascript execution + + + thunderbird + mozilla-thunderbird + 1.0.7 + + + + +

Renaud Lifchitz reports a vulnerability within thunderbird. + The vulnerability is caused by improper checking of javascript + scripts. This could lead to javascript code execution which + can lead to information disclosure or a denial of service + (application crash). This vulnerability is present even if + javascript had been disabled in the preferences.

+ + + + 16770 + CAN-2006-0884 + + + 2006-02-22 + 2006-04-07 + + - -phpmyadmin -- XSS vulnerabilities - - -phpMyAdmin + + phpmyadmin -- XSS vulnerabilities + + + phpMyAdmin 2.8.0.3