CVE-2007-3365

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...

CVE-2007-3365

MyServer 0.8.9 and earlier does not properly handle uppercase characters in filename extensions, which allows remote attackers to obtain sensitive information script source code via a modified extension, as demonstrated by post.mscgI...

CVE-2007-3365

Affected software: MyServer ≤ 0.8.9. Vulnerability: improper handling of uppercase characters in filename extensions. Impact: remote attackers can obtain sensitive information, including script source code, via a modified extension. Evidence from connected docs: description confirms the issue and...

PT-2007-4642 · Myserver · Myserver

Name of the Vulnerable Software and Affected Versions: MyServer versions 0.8.9 and earlier Description: The issue allows remote attackers to obtain sensitive information, such as script source code, by exploiting the improper handling of uppercase characters in filename extensions. This can be...

SQL injection in macina_banners / ric_rotation

It has been discovered that the extensions macinabanners and its descendant ricrotation are exposed to an SQL injection issue because they fail to properly sanitize user-supplied input. Component Type: Third party extensions. These extensions are not part of the TYPO3 default installation Affecte...

[Full-disclosure] New Vulnerability against Firefox/ Major Extensions

This information also posted with html link goodness to http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html -------------------------- Executive Summary -------------------------- A vulnerability exists in the upgrade mechanism used by a number of high profile Firefox...

Apple QTJava toQTPointer() Pointer Arithmetic Memory Overwrite Vulnerability

This vulnerability allows attackers to execute arbitrary code on systems with vulnerable installations of Apple's QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The flaw exists within the QuickTime Java extensions QTJava.dll,...

CVE-2007-2175

Apple QuickTime Java extensions QTJava.dll, as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating...

CVE-2007-2175

Apple QuickTime for Java (QTJava.dll) contains a heap memory corruption vulnerability in the toQTPointer function of QTHandleRef that can allow a remote, unauthenticated attacker to execute arbitrary code when Java is enabled in a browser (as demonstrated at CanSecWest 2007). The issue affects Qu...

CVE-2007-2025

Unrestricted file upload vulnerability in the UpLoad feature lib/plugin/UpLoad.php in PhpWiki 1.3.11p1 allows remote attackers to upload arbitrary PHP files with a double extension, as demonstrated by .php.3, which is interpreted by Apache as being a valid PHP file...

Code injection

The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...

CVE-2007-1595

The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...

DEBIAN-CVE-2007-1595

The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...

CVE-2007-1595

The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...

CVE-2007-1595

The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...

security flaw

Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the 1 session, 2 zip, 3 imap, and 4 sqlite extensions; 5 stream filters; and the 6 strreplace, 7 mail, 8 ibasedeleteuser, 9 ibaseadduser, and 1...

Design/Logic Flaw

The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol JMX RMI-IIOP API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server...

CVE-2007-1419

The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol JMX RMI-IIOP API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server...

CVE-2007-1419

The Java Management Extensions Remote API Remote Method Invocation over Internet Inter-ORB Protocol JMX RMI-IIOP API in Java Dynamic Management Kit 5.1 before 20070309 does not properly enforce the java.policy, which allows local users to obtain certain MBeans data access by operating a server...

CVE-2007-1419

CVE-2007-1419 affects Java Dynamic Management Kit 5.1, where the JMX RMI-IIOP Remote API does not properly enforce java.policy. This allows a local attacker with privileged remote authenticated access to obtain certain MBeans data. The issue is described as a local-privilege/数据访问 risk with a base...