GLSA 200507-08: phpGroupWare, eGroupWare: PHP script inject

Gentoo 2530 Published by Philipp Esselbach 0

phpGroupWare, eGroupWare security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpGroupWare, eGroupWare: PHP script injection
vulnerability
Date: July 10, 2005
Bugs: #97460, #97651
ID: 200507-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpGroupWare and eGroupWare include an XML-RPC implementation which allows remote attackers to execute arbitrary PHP script commands.

GLSA 200507-07: phpWebSite: Multiple vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

A phpWebSite security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpWebSite: Multiple vulnerabilities
Date: July 10, 2005
Bugs: #97461
ID: 200507-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

phpWebSite is vulnerable to the remote execution of arbitrary PHP script code and to other, yet undisclosed, vulnerabilities.

UPDATE: GLSA 200506-20: Cacti: Several vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

Another Cacti update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-20:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Updated: July 06, 2005
Bugs: #96243, #97475
ID: 200506-20:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

Stefan Esser of the Hardened - PHP Project discovered that some of the recent vulnerabilities were incorrectly fixed, as well as a new vulnerability.

The updated sections appear below.

GLSA 200507-06: TikiWiki: Arbitrary command execution

Gentoo 2530 Published by Philipp Esselbach 0

A TikiWiki security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: TikiWiki: Arbitrary command execution through XML-RPC
Date: July 06, 2005
Bugs: #97648
ID: 200507-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary command execution.

GLSA 200507-05: zlib: Buffer overflow

Gentoo 2530 Published by Philipp Esselbach 0

A zlib security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: zlib: Buffer overflow
Date: July 06, 2005
Bugs: #98121
ID: 200507-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A buffer overflow has been discovered in zlib, potentially resulting in the execution of arbitrary code.

GLSA 200507-04: RealPlayer: Heap overflow vulnerability

Gentoo 2530 Published by Philipp Esselbach 0

A RealPlayer security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-04
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: RealPlayer: Heap overflow vulnerability
Date: July 06, 2005
Bugs: #96923
ID: 200507-04

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

RealPlayer is vulnerable to a heap overflow that could lead to remote execution of arbitrary code.

GLSA 200506-17: SpamAssassin 3, Vipul's Razor

Gentoo 2530 Published by Philipp Esselbach 0

Another Vipul's Razor update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory [UPDATE] GLSA 200506-17:02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: SpamAssassin 3, Vipul's Razor: Denial of Service
vulnerability
Date: June 21, 2005
Updated: July 04, 2005
Bugs: #94722, #95492, #96776
ID: 200506-17:02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Update
=====

Sascha Lucas discovered that with certain malformed headers it was still possible to crash Vipul's Razor.

The updated sections appear below.

GLSA 200507-03: phpBB: Arbitrary command execution

Gentoo 2530 Published by Philipp Esselbach 0

phpBB has been removed from Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: phpBB: Arbitrary command execution
Date: July 04, 2005
Bugs: #97278
ID: 200507-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A vulnerability in phpBB allows a remote attacker to execute arbitrary commands with the rights of the web server.

GLSA 200507-02: WordPress: Multiple vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

A WordPress security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: WordPress: Multiple vulnerabilities
Date: July 04, 2005
Bugs: #97374
ID: 200507-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

WordPress contains PHP script injection, cross-site scripting and path disclosure vulnerabilities.

GLSA 200507-01: PEAR XML-RPC, phpxmlrpc: PHP script injection

Gentoo 2530 Published by Philipp Esselbach 0

PEAR XML-RPC, phpxmlrpc security update are available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200507-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PEAR XML-RPC, phpxmlrpc: PHP script injection vulnerability
Date: July 03, 2005
Bugs: #97399, #97629
ID: 200507-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

The PEAR XML-RPC and phpxmlrpc libraries allow remote attackers to execute arbitrary PHP script commands.

GLSA 200506-24: Heimdal: Buffer overflow vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

A Heimdal security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-24
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Heimdal: Buffer overflow vulnerabilities
Date: June 29, 2005
Bugs: #96727
ID: 200506-24

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Multiple buffer overflow vulnerabilities in Heimdal's telnetd server could allow the execution of arbitrary code.

USN-143-1: Linux amd64 kernel vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

A new amd64 kernel is available for Ubuntu Linux

==========================================================
Ubuntu Security Notice USN-143-1 June 27, 2005
linux-source-2.6.10, linux-source-2.6.8.1 vulnerabilities
CAN-2005-1762, CAN-2005-1765
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

linux-image-2.6.8.1-5-power4
linux-image-2.6.8.1-5-power4-smp
linux-image-2.6.8.1-5-powerpc
linux-image-2.6.8.1-5-powerpc-smp
linux-image-2.6.10-5-amd64-generic
linux-image-2.6.10-5-amd64-k8
linux-image-2.6.10-5-amd64-k8-smp
linux-image-2.6.10-5-amd64-xeon
linux-patch-debian-2.6.8.1
linux-patch-ubuntu-2.6.10

The problem can be corrected by upgrading the affected package to version 2.6.8.1-16.20 (for Ubuntu 4.10) and 2.6.10-34.3 (for Ubuntu 5.04). You need to reboot your computer after doing a standard system upgrade to effect the necessary changes.

GLSA 200506-23: Clam AntiVirus: Denial of Service

Gentoo 2530 Published by Philipp Esselbach 0

A Clam AntiVirus security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-23
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Clam AntiVirus: Denial of Service vulnerability
Date: June 27, 2005
Bugs: #96960
ID: 200506-23

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Clam AntiVirus is vulnerable to a Denial of Service attack when processing certain Quantum archives.

GLSA 200506-21: Trac: File upload vulnerability

Gentoo 2530 Published by Philipp Esselbach 0

A Trac security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-21
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: Trac: File upload vulnerability
Date: June 22, 2005
Bugs: #96572
ID: 200506-21

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Trac may allow remote attackers to upload files, possibly leading to the execution of arbitrary code.

GLSA 200506-20: Cacti: Several vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

A Cacti security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: Cacti: Several vulnerabilities
Date: June 22, 2005
Bugs: #96243
ID: 200506-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Cacti is vulnerable to several SQL injection and file inclusion vulnerabilities.

GLSA 200506-19: SquirrelMail: Several XSS vulnerabilities

Gentoo 2530 Published by Philipp Esselbach 0

A SquirrelMail security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-19
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: SquirrelMail: Several XSS vulnerabilities
Date: June 21, 2005
Bugs: #95937
ID: 200506-19

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

Squirrelmail is vulnerable to several cross-site scripting vulnerabilities which could lead to a compromise of webmail accounts.

GLSA 200506-18: Tor: Information disclosure

Gentoo 2530 Published by Philipp Esselbach 0

A Tor security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-18
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Low
Title: Tor: Information disclosure
Date: June 21, 2005
Bugs: #96320
ID: 200506-18

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

A flaw in Tor may allow the disclosure of arbitrary memory portions.

GLSA 200506-17: SpamAssassin 3, Vipul's Razor: Denial of Service

Gentoo 2530 Published by Philipp Esselbach 0

A SpamAssassin 3 Razor security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: SpamAssassin 3, Vipul's Razor: Denial of Service
vulnerability
Date: June 21, 2005
Bugs: #94722, #95492
ID: 200506-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

SpamAssassin and Vipul's Razor are vulnerable to a Denial of Service attack when handling certain malformed messages.

GLSA 200506-16: cpio: Directory traversal vulnerability

Gentoo 2530 Published by Philipp Esselbach 0

A cpio security update is available for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-16
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
Title: cpio: Directory traversal vulnerability
Date: June 20, 2005
Bugs: #90619
ID: 200506-16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

cpio contains a flaw which may allow a specially crafted cpio archive to extract files to an arbitrary directory.

GLSA 200506-15: PeerCast: Format string vulnerability

Gentoo 2530 Published by Philipp Esselbach 0

A PeerCast security update has been released for Gentoo Linux

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 200506-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PeerCast: Format string vulnerability
Date: June 19, 2005
Bugs: #96199
ID: 200506-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======

PeerCast suffers from a format string vulnerability that could allow arbitrary code execution.

Previous Page

Next Page

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...