DEBIAN-CVE-2007-4770

libicu in International Components for Unicode ICU 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero aka \0, which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames...

CVE-2007-4770

libicu in International Components for Unicode ICU 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero aka \0, which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames...

CVE-2008-0128

The SingleSignOn Valve org.apache.catalina.authenticator.SingleSignOn in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie...

Wireshark crashes when inspecting iSeries traffic

Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service crash via crafted iSeries capture files that trigger a SIGTRAP...

Microsoft DirectX SAMI parsing buffer overflow

Overview Microsoft DirectX is vulnerable to a stack-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming...

In the benefits letter news system application file upload vulnerability-vulnerability warning-the black bar safety net

Recently everyone for dvbbs file upload vulnerability excited, thinking about other inside the system can not be used on? I will for the benefit of the letter of information systems to the topic! System environment: benefits letter press system 3. 1, Windows2000+sp4. Look at this line of code: |...

security flaw

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated ...

Move-2006_SP6 the latest vulnerability to obtain the administrator password-vulnerability warning-the black bar safety net

Ghost boy note: from 7j there to see, and there 7j write the received page. 7j:did not find he said the receiving page,only from have PHP write a. ? $filename = date"Ymd".". txt"; $time = @date"Y years m months d number of H points i points s seconds",time; $cookie = $POST'cookie'; $url =...

GLSA-200708-12 : Wireshark: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200708-12 Wireshark: Multiple vulnerabilities Wireshark doesn't properly handle chunked encoding in HTTP responses CVE-2007-3389, iSeries capture files CVE-2007-3390, certain types of DCP ETSI packets CVE-2007-3391, and SSL or MMS...

[SECURITY] Fedora 7 Update: kdegraphics-3.5.7-2.fc7

Graphics applications for the K Desktop Environment, including kamera digital camera support kcoloredit palette editor and color chooser kdvi displays TeX .dvi files kghostview displays postscript files kiconedit icon editor kooka scanner application kpdf displays PDF files kruler screen ruler an...

CVE-2007-4160

The default configuration of TIBCO Rendezvous RV 7.5.2 clients, when -no-multicast is omitted, uses a multicast group as the destination for a network message, which might make it easier for remote attackers to capture message contents by sniffing the network...

The RIP dynamic routing Protocol attack-vulnerability warning-the black bar safety net

Graphic version of the download address http://www.i170.com/attach/1ACE62D7-1AD6-4F40-AAEC-CB94B07C833A Author:qimingliu Blog:http://john. i170. cn Email:[email protected] A network structure figure ! II configure the RIP routing Protocol On Router A ON do the following RIP routing configuration...

aix53-capture.txt

/ 07/2007: public release qaaz@aix:$ ./aix-capture -------------------------------- AIX capture Local Root Exploit By qaaz -------------------------------- bash: no job control in this shell bash-3.00 / include include include include include include include define TARGET "/usr/bin/capture" defin...

IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation

IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation / 07/2007: public release IBM AIX include include include include include include define TARGET "/usr/bin/capture" define VALCNT 40 define MAXx,y x y ? x : y define ALIGNx,y x + y - 1 / y y unsigned char qaazcode =...

IBM AIX utilities multiple security vulnerabilities

Multiple suid root ftp client buffer overflow, dynamic library loading via -R command line argument in pioout, buffer overflow with terminal control sequences in capture...

iDefense Security Advisory 07.26.07: IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability

IBM AIX capture Terminal Control Sequence Buffer Overflow Vulnerability iDefense Security Advisory 07.26.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 26, 2007 I. BACKGROUND The capture program is a setuid root application, installed by default under multiple versions of IBM AIX,...

IBM AIX 5.3 SP6 - Capture Terminal Sequence Privilege Escalation

/ 07/2007: public release IBM AIX include include include include include include define TARGET "/usr/bin/capture" define VALCNT 40 define MAXx,y x y ? x : y define ALIGNx,y x + y - 1 / y y unsigned char qaazcode = "\x60\x60\x60\x60\x60\x60\x60\x60" "\x7c\x63\x1a\x79\x40\x82\xff\xfd"...

Fedora Core 6 : wireshark-0.99.6-1.fc6 (2007-628)

Upgrade to 0.99.6 due to multiple security issues. - Wireshark could crash when dissecting an HTTP chunked response - Wireshark could crash while reading iSeries capture files - Wireshark could exhaust system memory while reading a malformed DCP ETSI packet - Wireshark could loop excessively whil...

[SECURITY] Fedora 7 Update: wireshark-0.99.6-1.fc7

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...

[SECURITY] Fedora Core 6 Update: wireshark-0.99.6-1.fc6

Wireshark is a network traffic analyzer for Unix-ish operating systems. This package lays base for libpcap, a packet capture and filtering library, contains command-line utilities, contains plugins and documentation for wireshark. A graphical user interface is packaged separately to GTK+ package...