A eRuby injection vulnerability has been discovered in tDiary.
+A eRuby injection vulnerability has been discovered in tDiary.
The tnftpd port suffer from a remote stack overrun, - which can lead to a root compromise.
+The tnftpd port suffer from a remote stack overrun, + which can lead to a root compromise.
Another vulnerability has been discovered in the CGI library (cgi.rb) that ships with Ruby which could be used by a malicious user to create a denial of service attack (DoS).
-A specific HTTP request for any web application using cgi.rb causes CPU consumption on the machine on which the web application is running. Many such requests result in a denial of service.
@@ -327,6 +326,7 @@ Note: Please add new entries to the beginning of this file.An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.
@@ -401,7 +400,6 @@ Note: Please add new entries to the beginning of this file. vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. -Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.
@@ -642,11 +640,9 @@ Note: Please add new entries to the beginning of this file.Secunia reports:
-Some vulnerabilities have been reported in imlib2, which can be - exploited by malicious people to cause a DoS (Denial of Service) or - potentially compromise an application using the library.
- + exploited by malicious people to cause a DoS (Denial of Service) + or potentially compromise an application using the library.The vulnerabilities are caused due to unspecified errors within the processing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images. This may be exploited to execute arbitrary code by e.g. tricking a @@ -672,24 +668,24 @@ Note: Please add new entries to the beginning of this file.
ruby -- cgi.rb library Denial of Service - ruby -+ 1.8.*,1 1.8.5_4,1 ruby +1.8.*,1 1.8.5_4,1 - ruby+pthreads -+ 1.8.*,1 1.8.5_4,1 ruby+pthreads +1.8.*,1 1.8.5_4,1 - ruby+pthreads+oniguruma -+ 1.8.*,1 1.8.5_4,1 ruby+pthreads+oniguruma +1.8.*,1 1.8.5_4,1 - ruby+oniguruma -+ 1.8.*,1 1.8.5_4,1 ruby+oniguruma +1.8.*,1 1.8.5_4,1 - ruby_static -+ 1.8.*,1 ruby_static +1.8.*,1 @@ -990,8 +986,8 @@ Note: Please add new entries to the beginning of this file. drupal -- HTML attribute injection - drupal -+ 4.6.10 drupal +4.6.10 @@ -1021,8 +1017,8 @@ Note: Please add new entries to the beginning of this file. drupal -- cross site request forgeries - drupal -+ 4.6.10 drupal +4.6.10 @@ -1059,8 +1055,8 @@ Note: Please add new entries to the beginning of this file. drupal -- multiple XSS vulnerabilities - drupal -+ 4.6.10 drupal +4.6.10 @@ -1098,8 +1094,8 @@ Note: Please add new entries to the beginning of this file. ingo -- local arbitrary shell command execution - ingo -+ 1.1.2 ingo +1.1.2