Archives

The gtkui_conf_read function in src/interfaces/gtk/ec_gtk_conf.c in Ettercap 0.7.3, when the GTK interface is used, does not ensure that the contents of the .ettercap_gtk file are controlled by [...]

Mounting /proc filesystem via chroot command silently mounts it in read-write mode. The user could bypass the chroot environment and gain write access to files, he would never have otherwise. ...

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these [...]

It was found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166). In combination [...]

TCP firewalls could be circumvented by sending a SYN Packets with other flags (like e.g. RST flag) set, which was not correctly discarded by the Linux TCP stack after firewalling. ...

A flaw in Mozilla's embedded certificate code might allow web sites to install root certificates on devices without user approval. ...

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing [...]