[Full-disclosure] Linux Kernel DCCP Memory Disclosure Vulnerability

Linux Kernel DCCP Memory Disclosure Vulnerability Synopsis: The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to steal data from the kernel memory. Vulnerable Systems: Linux Kernel Versions: = 2.6.20 with DCCP support enabled. Kernel versions 2.6.20 lack...

MOPB-23-2007:PHP 5 Rejected Session Identifier Double Free Vulnerability

Summary Internal session storage modules can reject session identifiers since PHP 5.2.0 when they contain for example characters consideres malicious. When the session extension gets notified that the session id is invalid, it fails to clear an already freed pointer to the invalid session...

csa-driver.txt

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Linux Driver for Omnikey CardMan 4040 Vendor: Omnikey GmbH / Harald Welte Subject: Buffer Overflow Risk: Medium Effect: Locally exploitable Author: Daniel Roethlisberger [email protected] Date: 2007-03-07 CVE Name: CVE-2007-0005...

Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Linux Driver for Omnikey CardMan 4040 Vendor: Omnikey GmbH / Harald Welte Subject: Buffer Overflow Risk: Medium Effect: Locally exploitable Author: Daniel Roethlisberger [email protected] Date: 2007-03-07 CVE Name: CVE-2007-0005...

radscan conquest 8.2 - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/22855/info Conquest is prone to multiple remotely exploitable vulnerabilities, including a stack-based buffer-overflow vulnerability and a memory-corruption vulnerability. An attacker can exploit these issues to execute arbitrary code within the context o...

CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ GnuPG and GnuPG clients unsigned data injection vulnerability Date Published: 2007-03-05 Last Update: 2007-03-05 Advisory ID: CORE-2007-0115 Bugtraq IDs: BID 22757 -...

SUSE-SA:2006:032: sendmail

The remote host is missing the patch for the advisory SUSE-SA:2006:032 sendmail. The Mail Transfer Agent sendmail has a remote exploitable problem, where a specially crafted MIME messages can crash sendmail and block queue processing. This issue is tracked by the Mitre CVE ID CVE-2006-1173 and CE...

SUSE-SA:2007:012: squid

The remote host is missing the patch for the advisory SUSE-SA:2007:012 squid. This update fixes a remotely exploitable denial-of-service bug in squid that can be triggered by using special ftp:// URLs. CVE-2007-0247 Additionally the 10.2 package needed a fix for another DoS bug CVE-2007-0248 and...

mplayer -- DMO File Parsing Buffer Overflow Vulnerability

"Moritz Jodeit reports: There's an exploitable buffer overflow in the current version of MPlayer v1.0rc1 which can be exploited with a maliciously crafted video file. It is hidden in the DMOVideoDecoder function of loader/dmo/DMOVideoDecoder.c' file...

CVE-2006-6535

CVE-2006-6535 affects the Linux kernel 2.6 series, where a flaw in the dev_queue_xmit() error handling path in the network subsystem can lead to data corruption. Multiple advisories and scanners (e.g., Debian DSA-1304-1, Red Hat/CentOS RHSA-2007:0014, OpenVAS entries) map this to a local data cor...

Foro Domus 2.10 - phpbb_root_path Remote File Inclusion

Foro Domus 2.10 - phpbbrootpath Remote File Inclusion C xoron Name: Foro Domus v2.10 phpbbrootpath Remote File Include Exploit Author: xoron Exploit coded by xoron Download: http://sourceforge.net/project/showfiles.php?groupid=8920 xoron.biz Thanx: str0ke, kacper, k1tk4t, SHiKA, can bjorn...

Oracle Buffer Overflow in DBMS_DRS.GET_PROPERTY

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMSDRS.GETPROPERTY DB03 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 and...

Oracle Buffer Overflow in DBMS_LOGMNR.ADD_LOGFILE

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerabilities in procedure DBMSLOGMNR.ADDLOGFILE DB04 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR2 Risk...

Oracle Buffer Overflow in DBMS_LOGREP_UTIL.GET_OBJECT_NAME

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflow vulnerability in procedure DBMSLOGREPUTIL.GETOBJECTNAME DB08 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Server versions 9iR1...

Oracle Multiple Buffer Overflows and DoS attacks in public procedures of MDSYS.MD

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oracle Database Buffer overflows and Denial of service vulnerabilities in public procedures of MDSYS.MD DB05 AppSecInc Team SHATTER Security Advisory http://www.appsecinc.com/resources/alerts/oracle Jan 18, 2007 Affected versions: Oracle Database Serv...

MOAB-10-01-2007: Apple DMG UFS ffs_mountfs() Integer Overflow Vulnerability

Summary The ffsmountfs function, part of the UFS filesystem handling code shared between FreeBSD and Mac OS X XNU is affected by an integer overflow vulnerability, leading to an exploitable denial of service condition and potential arbitrary code execution. This issue is related to those publishe...

PPC Search Engine 1.61 (INC) Multiple Remote File Include Vulnerabilities

No description provided by source. ============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- script demo: http://www.hyper-scripts.com/demo/ppc/ Risk : very danger Thanks To : all...

QUALCOMM Eudora WorldMail Remote Management Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Eudora WorldMail. Authentication is not required to exploit this vulnerability. The specific flaw exists during the parsing of successive delimiters within the Mail Management Server, MAILMA.exe, listenin...

Concurrency strikes MSIE (potentially exploitable msxml3 flaws)

A while ago, apparently angry with Larry Seltzer, I penned a quick write-up on the possible issues with race conditions triggered by asynchronous browser events such as JavaScript timers colliding with synchronous content rendering: http://seclists.org/vulnwatch/2006/q3/0023.html This is in...

Adobe reader plugin PDF files universal crossite scripting

By using URIs like http://path/to/pdf/file.pdfwhatevernameyouwant=javascript:yourcodehere it's possible to execute code in context of any Web site where at least one PDF is stored. 2. By using "trigger action" in PDF document it's possible to execute code in context of the web page where...