Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through 0.5.37, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.15 allows remote attackers to execute arbitrary code via cr…
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial…
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) …
WordPress and WordPress MU before 2.8.1 exhibit different behavior for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.…
wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a config…
Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on dis…
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-…
Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter.
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main…
Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-b…
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to …
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and th…
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in …
mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a…
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cau…
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by a…
Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers t…
ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a DTLS ChangeCipherSpec packet that occurs before ClientHell…
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) an…
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerl…
Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configur…
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers i…
requests/status.xml in VLC 0.9.8a allows remote attackers to cause a denial of service (stack consumption and crash) via a long input argument in an in_play action.
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL point…
The response_addname function in response.c in Daniel J. Bernstein djbdns 1.05 and earlier does not constrain offsets in the required manner, which allows remote attackers, with control over a third-…
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attac…
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly h…
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a…
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products in…
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) …
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (s…
Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of serv…
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a deni…
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable a…
Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and (2) TightVnc 1.3.9 allow remote VNC servers to cause a denial of service (heap corruption and application crash) or possibly exe…
OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by…
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an env…
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger ar…
Buffer overflow in the proxyReadClientSocket function in proxy/libvirt_proxy.c in libvirt_proxy 0.5.1 might allow local users to gain privileges by sending a portion of the header of a virProxyPacket…
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_loo…
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) …
Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information…
SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this info…
PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, …
The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain lengt…
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…
wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 and earlier, does not properly validate requests to update an option, which allows remote authenticated users with manage_option…
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code v…
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x before 2.11.9.4 and 3.x before 3.1.1.0 allows remote attackers to perform unauthorized actions as the administrator via a link or …
Directory traversal vulnerability in libraries/lib.inc.php in phpPgAdmin 4.2.1 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the…
Array index error in the imageRotate function in PHP 5.2.8 and earlier allows context-dependent attackers to read the contents of arbitrary memory locations via a crafted value of the third argument …
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file r…
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jp…
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service (infinite loop) via an XML sequence containing an opening delimiter without a cl…
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL poi…
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS p…
Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before 0.9.6 might allow user-assisted attackers to execute arbitrary code via an an invalid RealText (rt) subtitle file, related to the…
Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modu…
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email …
Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when register_globals is enabled, allows remote attackers to inj…
Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbit…
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) an…
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty…
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpect…
Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address par…
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a Ti…
MPlayer allows remote attackers to cause a denial of service (application crash) via (1) a malformed AAC file, as demonstrated by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as demonstrated…
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a s…
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and applicati…
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct …
Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to (1) execute arbitrary shell commands by entering a K keystroke on a line that contains …
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containin…
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query st…
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signatur…
Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a n…
Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681…
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers…
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary cod…
Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames, as demo…
The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x before 1.2.30, and 1.4.x before 1.4.21.2; Business Edition A.x.x, B.x.x before B.2.5.4, and C.x.x before C.1.10.3; AsteriskNOW; A…
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, follo…
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitra…
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU sy…
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1)…
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn…
liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to cause a denial of service (program termination) via crafted ASN.1 BER datagrams that trigger an assertion error.
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute ar…
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a fi…
Multiple heap-based buffer overflows in the rc4 (1) encryption (aka exsltCryptoRc4EncryptFunction) and (2) decryption (aka exsltCryptoRc4DecryptFunction) functions in crypto.c in libexslt in libxslt …
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink…
