Gwyn's Imagemap Selector Security Vulnerabilities

FreeBSD Ports: ethereal, tethereal

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: ethereal, tethereal

The remote host is missing an update to the system as announced in the referenced...

FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim

The remote host is missing an update to the system as announced in the referenced...

OpenBSD (ibcs2_exec) Kernel Local Exploit

No description provided by...

Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks Advisory ID: cisco-sa-20080708-dns http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml Revision 1.0 For Public Release 2008 July 08 1800 UTC (GMT)...

Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks

...

Apple Mac OS X 2008-002更新修复多个安全漏洞

BUGTRAQ ID: 28304 CVE(CAN) ID:...

CVE-2008-0054

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be...

CVE-2008-0054

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be...

Code injection

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be...

CVE-2008-0054

Foundation in Apple Mac OS X 10.4.11 might allow context-dependent attackers to execute arbitrary code via a malformed selector name to the NSSelectorFromString API, which causes an "unexpected selector" to be...

Fedora 7 : httpd-2.2.8-1.fc7 (2008-1711)

Notes: This update includes the latest release of httpd 2.2, which fixes a number of minor security issues and other bugs. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible....

Fedora 8 : httpd-2.2.8-1.fc8 (2008-1695)

This update includes the latest release of httpd 2.2, which fixes a number of minor security issues and other bugs. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible....

(RHSA-2008:0009) Moderate: httpd security update

The Apache HTTP Server is a popular and freely-available Web server. These updated httpd packages resolve the following security issues: A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack...

Debian Security Advisory DSA 1038-1 (xzgv)

The remote host is missing an update to xzgv announced via advisory DSA 1038-1. Andrea Barisani discovered that xzgv, a picture viewer for X with a thumbnail-based selector, attempts to decode JPEG images within the CMYK/YCCK colour space incorrectly, which could lead to the execution of arbitrary....

Debian Security Advisory DSA 614-1 (xzgv)

The remote host is missing an update to xzgv announced via advisory DSA...

Debian: Security Advisory (DSA-614-1)

The remote host is missing an update for the...

Debian: Security Advisory (DSA-1038-1)

The remote host is missing an update for the...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0008 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw...

apache security update

CentOS Errata and Security Advisory CESA-2008:0004-01 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0006 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found.....

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2008:0005 The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found.....

RHEL 4 : httpd (RHSA-2008:0006)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap...

(RHSA-2008:0008) Moderate: httpd security update

The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where....

RHEL 3 : httpd (RHSA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap...

CentOS 4 : httpd (CESA-2008:0006)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap...

(RHSA-2008:0004) Moderate: apache security update

The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where...

(RHSA-2008:0007) Moderate: httpd security update

The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imagemap module. On sites where mod_imagemap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_status module. On sites where...

RHEL 5 : httpd (RHSA-2008:0008)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imagemap....

RHEL 2.1 : apache (RHSA-2008:0004)

Updated apache packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module.....

CentOS 3 : httpd (CESA-2008:0005)

Updated Apache httpd packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap...

(RHSA-2008:0005) Moderate: httpd security update

The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where...

(RHSA-2008:0006) Moderate: httpd security update

The Apache HTTP Server is a popular Web server. A flaw was found in the mod_imap module. On sites where mod_imap was enabled and an imagemap file was publicly available, a cross-site scripting attack was possible. (CVE-2007-5000) A flaw was found in the mod_autoindex module. On sites where...

JVN#80057925: Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability. The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting. ## Impact An arbitrary script can....

SuSE 10 Security Update : Apache2 (ZYPP Patch Number 1906)

This update fixes security problems in the Apache2 webserver : mod_rewrite: Fixed an off-by-one security problem in the ldap scheme handling. For some RewriteRules this could lead to a pointer being written out of bounds. (CVE-2006-3747) For SUSE Linux Enterprise Server 10 additionally an old...

CVE-2007-6306

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart...

Cross site scripting

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart...

CVE-2007-6306

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart...

CVE-2007-6306

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart...

[RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability http://risesecurity.org/advisory/RISE-2007004/ Published: November 16, 2007 Updated: November 16, 2007 INTRODUCTION There exists a vulnerability within an architecture dependent....

RISE-2007004.txt

...

[Full-disclosure] [RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability http://risesecurity.org/advisory/RISE-2007004/ Published: November 16, 2007 Updated: November 16, 2007 INTRODUCTION There exists a vulnerability within an architecture dependent....

[SECURITY] Fedora 7 Update: kdeutils-3.5.8-2.fc7

Utilities for the K Desktop Environment. Includes: * ark (tar/gzip archive manager); * kcalc (scientific calculator); * kcharselect (character selector); * kdepasswd (change password); * kdessh (ssh front end); * kdf (view disk usage); * kedit (simple text editor); * kfloppy...

Apache Httpd < 2.0.63 : mod_imagemap XSS

A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is...

Apache Httpd < 2.2.8 : mod_imagemap XSS

A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is...

Apache Httpd < 1.3.41 : mod_imagemap XSS

A flaw was found in the mod_imagemap module. On sites where mod_imagemap is enabled and an imagemap file is publicly available, a cross-site scripting attack is...

CVE-2007-3731

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and...

CVE-2007-3731

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and...

Design/Logic Flaw

The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain code that makes ptrace PTRACE_SETREGS and...