SOL8280 - Cross-site scripting vulnerabilities in BIG-IP Configuration utility CVE-2008-0265

The vulnerability is only available to authenticated users. Theoretically, a malicious site could use another tab in an admin user's browser to hit a list URL and cause the admin user's Configuration utility to render malicious JavaScript in the admin user's browser. The results are not saved...

[SECURITY] Fedora 7 Update: python-cherrypy-2.2.1-8.fc7

CherryPy allows developers to build web applications in much the same way they would build any other object-oriented Python program. This usually results in smaller source code developed in less time...

SOL8186 - Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting XSS vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

No description provided by source. / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

applesmb-overflow.txt

/ Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179 http://seclists.org/fulldisclosure/2007/Dec/0445.html...

Array overflow in id3lib (devel CVS)

Luigi Auriemma Application: id3lib http://id3lib.sourceforge.net Versions: only devel CVS stable 3.8.3 is NOT affected Platforms: Windows, nix and Mac Bug: array overflow Exploitation: local Date: 19 Dec 2007 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug...

Apple Mac OSX - mount_smbfs Local Stack Buffer Overflow

Apple Mac OSX - mountsmbfs Local Stack Buffer Overflow / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

FreeBSD : liveMedia -- DoS vulnerability (821afaa2-9e9a-11dc-a7e3-0016360406fa)

The live555 development team reports : Fixed a bounds-checking error in 'parseRTSPRequestString' caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...

Unfixed XSS vulnerability at www.leadershipdevelopment.co.uk

Security researcher Narcoticxs, has submitted on 12/09/2007 a cross-site-scripting XSS vulnerability affecting www.leadershipdevelopment.co.uk, which at the time of submission ranked 4753624 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

aquick-winosx.txt

Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code http://www.milw0rm.com/exploits/4651 recent Microsoft Windows exploit From Metasploit:...

Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (win/osx)

No description provided by source. Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code...

Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal

Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code http://www.milw0rm.com/exploits/4651 recent Microsoft Windows exploit From Metasploit:...

liveMedia -- DoS vulnerability

The live555 development team reports: Fixed a bounds-checking error in "parseRTSPRequestString" caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...

[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 8 Update: chmsee-1.0.0-1.26.fc8

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...

PHP <= 5.2.5 stream_wrapper_register() denial of service

Application: PHP = 5.2.5 Web Site: http://php.net Platform: unix Bug: Denial of service fonction: streamwrapperregister special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1...

[SECURITY] Fedora 7 Update: kdewebdev-3.5.8-3.fc7

Web development applications, including: kfilereplace: batch search and replace tool kimagemapeditor: HTML image map editor klinkstatus: link checker kommander: visual dialog building tool kxsldbg: xslt Debugger quanta+: web development...

[SECURITY] Fedora 7 Update: kdevelop-3.5.0-4.fc7

The KDevelop Integrated Development Environment provides many features that developers need as well as providing a unified interface to programs like gdb, the C/C++ compiler, and make. KDevelop manages or provides: All development tools needed for C++ programming like Compiler, Linker, automake a...