Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories » OpenPKG

OpenPKG Security Advisories

Here you'll find the latest security advisories from OpenPKG. Our database currently contains 88 OpenPKG security advisories.
Page: 1 2 3 4 out of 4

Shiela arbitrary code execution | SA-2006.014 | July 25, 2006
Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file com
» CVE-2006-3633 Low: OSSP shiela 1.1.5 and earlier allows r (0.00)

Mutt stack-based buffer overflow vulnerability | SA-2006.013 | July 15, 2006
According to a vendor security update based on hints from TAKAHASHI Tamotsu, a stack-based buffer overflow exists in the Mutt mail user agent. The problem is in the browse_get_namespace() function in
» CVE-2006-3242 Low: Stack-based buffer overflow in the bro (0.00)

cURL buffer overflow | SA-2006.012 | June 28, 2006
According to a vendor security advisory [0], a buffer overflow exists in cURL [1], a command line tool for fetching content via URLs. The Common Vulnerabilities and Exposures (CVE) project assigned th
» CVE-2006-1061 Low: Heap-based buffer overflow in cURL and (0.00)

png buffer overflow | SA-2006.011 | June 28, 2006
The Portable Network Graphics (PNG) [1] library contains a vulnerability caused by a potential sprintf(3) related buffer overflow.

GnuPG denial of service | SA-2006.010 | June 26, 2006
According to a vendor security release note, a memory allocation attack possibility exists in the GnuPG cryptography tool, version 1.4.3 and earlier.
» CVE-2006-3082 Low: parse-packet.c in GnuPG (gpg) 1.4.3 an (0.00)

Binutils arbitrary code execution | SA-2006.009 | May 26, 2006
According to a vendor bug report a buffer overflow in "libbfd" allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a file with a crafted Tektronix H
» CVE-2006-2362 Low: Buffer overflow in getsym in tekhex.c (0.00)

OpenLDAP stack-based buffer overflow | SA-2006.008 | May 22, 2006
A weakness exists in OpenLDAP which is caused due to a boundary error in slurpd within the handling of the status file. This can be exploited to cause a stack-based buffer overflow via an overly long

Sendmail remote code execution | SA-2006.007 | March 22, 2006
According to a vendor security advisory based on research by from Mark Dowd of ISS X-Force, a vulnerability exists in the Sendmail MTA. Under some specific timing conditions, the vulnerability may per
» CVE-2006-0058 Low: Signal handler race condition in Sendm (0.00)

Tar arbitrary command execution | SA-2006.006 | March 03, 2006
According to a bug report from Jim Meyering, a remote overflow exists in the GNU Tape Archiver. GNU Tar fails to properly handle PAX extended headers resulting in a buffer overflow. With a specially c
» CVE-2006-0300 Low: Buffer overflow in tar 1.14 through 1. (0.00)

Tin buffer overflow | SA-2006.005 | February 19, 2006
An allocation off-by-one bug exists in the TIN news reader version 1.8.0 and earlier which can lead to a buffer overflow.

PostgreSQL privilege escalation | SA-2006.004 | February 19, 2006
According to vendor security information, privilege escalation vulnerabilities exist in the PostgreSQL RDBMS before version 8.1.3. The bug allowed any logged-in user to "SET ROLE" to any other databas
» CVE-2006-0553 Low: PostgreSQL 8.1.0 through 8.1.2 allows (0.00)

OpenSSH arbitrary shell command execution | SA-2006.003 | February 18, 2006
Ulrich Drepper discovered a weakness in OpenSSH version 4.2p1 and earlier, caused due to the insecure use of the system function in scp when performing copy operations using filenames that are supplie
» CVE-2006-0225 Low: scp in OpenSSH 4.2p1 allows attackers (0.00)

Sudo privilege escalation | SA-2006.002 | February 17, 2006
According to a vendor bug report, an incomplete blacklist vulnerability exists in the Sudo utility which can lead to a privilege escalation. The vulnerability exists in Sudo 1.6.8 and earlier and allo

GnuPg invalid success return | SA-2006.001 | February 17, 2006
According to a vendor security advisory based on hints from the Gentoo project, a false positive signature verification bug exists in the GnuPG security tool when unattended signature verification is
» CVE-2006-0455 Low: gpgv in GnuPG before 1.4.2.1, when usi (0.00)

Apache cross site scripting | SA-2005.029 | December 14, 2005
According to vendor information, a Cross-Site Scripting (XSS) vulnerability exists in the Apache HTTP server. The flaw exists in the "mod_imap" extension module and occurs when using the "Referer" dir
» CVE-2005-3352 Low: Cross-site scripting (XSS) vulnerabili (0.00)

Curl denial of service | SA-2005.028 | December 10, 2005
Two off-by-one errors in libcurl's URL parser allow a buffer overflow and cause a DoS via certain URLs that are malformed in a way that prevents a terminating NUL byte from being added to either a hos
» CVE-2005-4077 Low: Multiple off-by-one errors in the cURL (0.00)

PHP multiple security issues | SA-2005.027 | December 03, 2005
Multiple vulnerabilities were recently found in the PHP web scripting language. Denial of service, Cross site scripting (XSS) register_globals, safe_mode bypass.
» CVE-2005-3353 Low: The exif_read_data function in the Exi (0.00) » CVE-2005-3388 Low: Cross-site scripting (XSS) vulnerabili (0.00) » CVE-2005-3389 Low: The parse_str function in PHP 4.x up t (0.00) » CVE-2005-3390 Low: The RFC1867 file upload feature in PHP (0.00) » CVE-2005-3391 Low: Multiple vulnerabilities in PHP before (0.00) » CVE-2005-3392 Low: Unspecified vulnerability in PHP befor (0.00)

Lynx command injection | SA-2005.026 | December 03, 2005
According to a iDEFENSE security advisory, a command injection vulnerability exists in the Lynx [2] WWW textual client. The vulnerability could allow attackers to execute arbitrary commands with the p
» CVE-2005-2929 Low: Lynx 2.8.5, and other versions before (0.00) » CVE-2005-3120 Low: Stack-based buffer overflow in the HTr (0.00)

Perl integer overflow, arbitrary code execution | SA-2005.025 | December 03, 2005
According to a security advisory from Dyad Security, an integer overflow bug exists in the Perl programming language. The integer overflow is in the format string functionality (Perl_sv_vcatpvfn) of P
» CVE-2005-3962 Low: Integer overflow in the format string (0.00)

MySQL buffer overflow, arbitrary code execution | SA-2005.024 | December 03, 2005
According to a security advisory from Reid Borsuk of Application Security Inc, a stack-based buffer overflow exists in the MySQL RDBMS. The buffer overflow allows remote authenticated users who can cr
» CVE-2005-2558 Low: Stack-based buffer overflow in the ini (0.00)

OpenVPN denial of service issues | GLSA 200511-02 | November 02, 2005
According to a BUGTRAQ report, a Denial of Service (DoS) vulnerability exists in the OpenVPN network security application. The vulnerability allows a malicious or compromised server to execute arbitra
» CVE-2005-3393 Low: Format string vulnerability in the for (0.00) » CVE-2005-3409 Low: OpenVPN 2.x before 2.0.4, when running (0.00)

OpenSSL potential SSL 2.0 rollback | SA-2005.022 | October 17, 2005
According to a vendor security advisory, a potential SSL 2.0 protocol rollback attack vulnerability exists in the cryptography toolkit OpenSSL [1]. The vulnerability potentially affects applications t

Squid denial of service | SA-2005.021 | September 10, 2005
Two Denial of Service (DoS) security issues were discovered in the Squid Internet proxy. The first DoS is possible via certain aborted requests that trigger an assertion error related to "STORE_PENDIN

Proftpd denial of service | SA-2005.020 | September 06, 2005
It was reported that ProFTPd version before 1.3.0rc2 suffer from two format string vulnerabilities. In the first, a user with the ability to create a directory could trigger the format string error if

OpenSSH privilege escalation | SA-2005.019 | September 06, 2005
A security bug introduced in OpenSSH version 4.0 caused gateway ports (SSH client command line option "-o 'GatewayPorts yes'") to be accidentally activated for dynamic port forwardings (SSH client com

Page: 1 2 3 4 out of 4

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »