OSCA-550, OSCA-550A Security Vulnerabilities

Ubuntu Update for libcairo vulnerability USN-550-1

Ubuntu Update for Linux kernel vulnerabilities...

Ubuntu: Security Advisory (USN-550-1)

The remote host is missing an update for...

Ubuntu: Security Advisory (USN-550-2)

The remote host is missing an update for...

Fedora Update for thunderbird FEDORA-2007-550

Check for the Version of...

Fedora Update for thunderbird FEDORA-2007-550

The remote host is missing an update for...

Realtek Media Player Playlist Buffer Overflow

This module exploits a stack buffer overflow in Realtek Media Player(RtlRack) A4.06. When a Realtek Media Player client opens a specially crafted playlist, an attacker may be able to execute arbitrary...

Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability

Titan FTP Server is prone to a remote buffer overflow ...

Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability

This host is running Titan FTP Server and is prone to remote buffer overflow...

VideoLAN VLC TiVo Buffer Overflow

This module exploits a buffer overflow in VideoLAN VLC 0.9.4. By creating a malicious TY file, a remote attacker could overflow a buffer and execute arbitrary...

CVE-2008-5281

Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE...

Heap overflow

Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows remote attackers to execute arbitrary code via a long DELE...

Discuz! flash csrf vul

Discuz!的安全人员已经意识到csrf方面的漏洞了采用了formhash及判断Referer等来防止外部提交,如果看过<Bypass Preventing CSRF>[1]一文的朋友应该意识到我们可以通过flash来进行csrf攻击. 首先我们看Discuz!6开始自带了crossdomain.xml文件,代码如下: <?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>...

Discuz!/phpwind flash标签的xss

flash标签的xss在以前的是很流行的,以前只要随便一个调用外面的一个swf就ok了,现在的则都不可以直接使用调用外码的swf了,这个是因为一般都设置了allowScriptAccess[1][2].比如dz的codz: dz60904\upload\forumdata\cache\cache_bbcodes.php [同样出现在cache_viewthread.php cache_post.php cache_blog.php里] 00017: 0 => '<marquee width="90%" behavior="alternate"...

DATAC RealWin SCADA Server Buffer Overflow

This module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.0 (Build 6.0.10.37). By sending a specially crafted FC_INFOTAG/SET_CONTROL packet, an attacker may be able to execute arbitrary...

msie7-dos.txt

...

intellitamper207-header.txt

...

IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit

No description provided by...

IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit

Exploit for unknown platform in category remote...

IntelliTamper 2.07 - HTTP Header Remote Code Execution

IntelliTamper 2.07 - HTTP Header Remote Code...

IntelliTamper 2.07 - HTTP Header Remote Code Execution

...

Fixed XSS vulnerability at sh.webhire.com

Security researcher xylitol, has submitted on 08/06/2008 a cross-site-scripting (XSS) vulnerability affecting sh.webhire.com, which at the time of submission ranked 18832 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/06/2008. It is...

Vim不安全文件建立漏洞

BUGTRAQ ID: 30279 CNCAN ID：CNCAN-2008072101 Vim是一款常用的文本编辑器。 Vim configure.in不安全建立临时文件，本地攻击者可以利用漏洞以运行应用程序权限覆盖或删除系统文件。 当构建过程中，在'/tmp'目录中会建立可猜测名字的临时文件，当VIM使用Python支持构建时运行如下代码： src/configure.in: 677 dnl -- we need to examine Python's config/Makefile too 678 dnl see what the interpreter is built from...

CoffeeCup FTP Clients (Direct <= 6.2.0.62) (Free <= 3.0.0.10) BoF Exploit

No description provided by...

FTP Server No Command Accepted (possible backdoor/proxy)

The remote server advertises itself as an FTP server, but it does not accept valid commands, which indicates that it may be a backdoor or a proxy. Further FTP tests on this port will be disabled to avoid false...

CA BrightStor ARCserve for Laptops and Desktops LGServer Buffer Overflow

This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup for Laptops & Desktops 11.1. By sending a specially crafted request, an attacker could overflow the buffer and execute arbitrary...

Computer Associates Alert Notification Buffer Overflow

This module exploits a buffer overflow in Computer Associates Threat Manager for the Enterprise r8.1 By sending a specially crafted RPC request, an attacker could overflow the buffer and execute arbitrary code. In order to successfully exploit this vulnerability, you will need valid logon...

WinComLPD Buffer Overflow

This module exploits a stack buffer overflow in WinComLPD <= 3.0.2. By sending an overly long authentication packet to the remote administration service, an attacker may be able to execute arbitrary...

titan-heap-py.txt

...

Titan FTP Server 6.05 build 550 - DELE Remote Buffer Overflow (PoC)

Titan FTP Server 6.05 build 550 - DELE Remote Buffer Overflow...

Titan FTP Server 6.05 build 550 - 'DELE' Remote Buffer Overflow (PoC)

...

lycos-overflow.txt

...

Lycos FileUploader Control ActiveX Remote Buffer Overflow Exploit

No description provided by...

Lycos FileUploader Control - ActiveX Remote Buffer Overflow

...

Lycos FileUploader Control ActiveX Remote Buffer Overflow Exploit

Exploit for unknown platform in category remote...

Lycos FileUploader Control - ActiveX Remote Buffer Overflow

Lycos FileUploader Control - ActiveX Remote Buffer...

Debian: Security Advisory (DSA-550-1)

The remote host is missing an update for the...

Debian Security Advisory DSA 550-1 (wv)

The remote host is missing an update to wv announced via advisory DSA...

Apache HTTP Server 2.2.6, 2.0.61和1.3.39 'mod_status'跨站脚本漏洞

BUGTRAQ ID: 27237 CVE ID:CVE-2007-6388 CNCVE ID:CNCVE-20076388 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的mod_status模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 server-status页默认不启用。目前没有详细漏洞细节提供。 Posadis Posadis 1.3.31 Posadis Posadis 1.3.28 Apache Software Foundation Apache 2.2.6 ...

Apache 'mod_proxy_ftp'未定义字符集UTF-7跨站脚本漏洞

BUGTRAQ ID: 27234 CVE ID:CVE-2008-0005 CNCVE ID:CNCVE-20080005 Apache HTTP Server是一款开放源码的WEB服务程序。 Apache HTTP Server包含的mod_proxy_ftp模块存在输入验证问题，远程攻击者可以利用漏洞进行跨站脚本攻击，可能获得目标用户敏感信息。 mod_proxy_ftp.c存在跨站脚本问题，字符集没有定义，我们可以通过设置字符集未UTF-7，在URL中使用";"字符进行跨站脚本攻击。 Apache Software Foundation Apache 2.2.6 Apache...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libcairo regression (USN-550-3)

USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or height would not render any more. This update fixes the problem. We apologize for the...

Cairo regression

Releases Ubuntu 7.10 Ubuntu 7.04 Ubuntu 6.10 Ubuntu 6.06 Packages libcairo - Details USN-550-1 fixed vulnerabilities in Cairo. A bug in font glyph rendering was uncovered as a result of the new memory allocation routines. In certain situations, fonts containing characters with no width or...

Ubuntu 7.04 / 7.10 : libcairo regression (USN-550-2)

USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete, and under certain situations, applications using Cairo would crash with a floating point error. This update fixes the problem. We apologize for the inconvenience. Peter Valchev discovered that Cairo did not correctly...

MySQL Server重命名表系统表覆盖漏洞

MySQL Server是一款开放源代码的数据库。<br /> MySQL Server不正确处理符号链接，本地攻击者可以利用漏洞覆盖MySQL系统表导致拒绝服务攻击。<br /> 使用明确的DATA DIRECTORY和INDEX DIRECTORY选项使用RENAME TABLE对表进行操作。可导致通过符号链接使用替代文件来覆盖系统表信息。可造成数据库崩溃。<br /> MySQL AB MySQL 5.0.50 MySQL AB MySQL 5.0.49 MySQL AB MySQL 5.0.48 MySQL AB MySQL 5.0.47 MySQL AB MySQL 5.0.46....

Cairo regression

Releases Ubuntu 7.10 Ubuntu 7.04 Packages libcairo - Details USN-550-1 fixed vulnerabilities in Cairo. The upstream fixes were incomplete, and under certain situations, applications using Cairo would crash with a floating point error. This update fixes the problem. We apologize for the...

Firefox 2.0.0.11 INPUT Denial Of Service

Author: Azizov Emin ([email protected]) ITDEFENCE.ru Denial of Service at INPUT tag processing (designMode = on) POC: &lt;html&gt; &lt;head&gt; &lt;title&gt;!&lt;/title&gt; &lt;script type='text/javascript'&gt; function wnd_open&#40;uri,size&#41; { ...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : libcairo vulnerability (USN-550-1)

Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the...

Cairo vulnerability

Releases Ubuntu 7.10 Ubuntu 7.04 Ubuntu 6.10 Ubuntu 6.06 Packages libcairo - Details Peter Valchev discovered that Cairo did not correctly decode PNG image data. By tricking a user or automated system into processing a specially crafted PNG with Cairo, a remote attacker could execute...

Integer overflow

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png...

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png...

CVE-2007-5503

Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image with large width and height values, which is not properly handled by the read_png...