From d5ff476de0d35edc72490f1854f767e59d2d23a0 Mon Sep 17 00:00:00 2001 From: niels Date: Fri, 7 May 2010 19:53:26 +0000 Subject: Added wireshark (DoS) and piwik (XSS) issues Approved by: itetcu (mentor, implicit) Security: http://www.wireshark.org/security/wnpa-sec-2010-03.html Security: http://www.wireshark.org/security/wnpa-sec-2010-04.html Security: http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/ --- security/vuxml/vuln.xml | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bb5fc402ccb9..354d78cf4ed9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,63 @@ Note: Please add new entries to the beginning of this file. --> + + wireshark -- DOCSIS dissector denial of service + + + wireshark + 1.2.6_1 + + + + +

A vulnerability found in the DOCSIS dissector can cause + Wireshark to crash when a malformed packet trace file is + opened. This means that an attacker will have to trick a + victim into opening such a trace file before being able + to crash the application

+ +
+ + CVE-2010-1455 + http://www.wireshark.org/security/wnpa-sec-2010-03.html + http://www.wireshark.org/security/wnpa-sec-2010-04.html + + + 2010-05-05 + 2010-05-07 + +
+ + + piwik -- cross site scripting vulnerability + + + piwik + 0.5.5 + + + + +

The Piwik security advisory reports:

+
+

A non-persistent, cross-site scripting vulnerability + (XSS) was found in Piwik's Login form that reflected + the form_url parameter without being properly escaped + or filtered.

+
+ +
+ + CVE-2010-1453 + http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/ + + + 2010-04-15 + 2010-05-07 + +
+ spamass-milter -- remote command execution vulnerability -- cgit