Mandrake Linux Security Advisory : xen (MDKSA-2007:203)

Tavis Ormandy discovered a heap overflow flaw during video-to-video copy operations in the Cirrus VGA extension code that is used in Xen. A malicious local administrator of a guest domain could potentially trigger this flaw and execute arbitrary code outside of the domain CVE-2007-1320. Tavis...

openSUSE 10 Security Update : libexif5 (libexif5-3724)

A denial of service problem crash was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. CVE-2007-2645 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

openSUSE 10 Security Update : xine-lib (xine-lib-2989)

The DirectShow loader uses wrong parameters in the memcpy function call which leads to a buffer overflow. CVE-2007-1246 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...

openSUSE 10 Security Update : gimp (gimp-1921)

A buffer overflow was fixed in the xcf loader in GIMP that allows user-complicit attackers to cause a denial of service crash and possibly execute arbitrary code via an XCF file with a large numaxes value in the VECTORS property. CVE-2006-3404 %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

openSUSE 10 Security Update : libexif5 (libexif5-3704)

A denial of service problem crash was fixed in the EXIF Loader of libexif, which could be used to crash the browser or image viewer when it interprets the EXIF tags in prepared JPEG files. CVE-2007-2645 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

Design/Logic Flaw

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

ioncubeloaderwin5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safemode and disablefunctions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncubereadfile function...

CVE-2007-5447

CVE-2007-5447 affects ionCube Loader 6.5 for PHP 5.2.4. The ioncube_loader_win_5.2.dll does not enforce safe_mode or disable_functions, enabling context-dependent attackers to read arbitrary files via ioncube_read_file. This vulnerability is documented in the NVD entry for CVE-2007-5447 and is ec...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS 2.2.1 allow remote attackers to execute arbitrary PHP code via a URL in the MODULEDIR parameter to 1 core/modules/my/my.module.php or 2 core/modules/xml/xml.module.php; the COREROOT parameter to 3 config.loader.php, 4...

Gimp image loader multiple input validation flaws

The 1 psp aka .tub, 2 bmp, 3 pcx, and 4 psd plugins in gimp allow user-assisted remote attackers to cause a denial of service crash or memory consumption via crafted image files, as discovered using the fusil fuzzing tool...

Mandrake Linux Security Advisory : gimp (MDKSA-2007:170)

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in 1 DICOM, 2 PNM, 3 PSD, 4 PSP, 5 Sun RAS, 6 XBM, and 7 XWD files. CVE-2006-4519 Integer overflow in the seektoandunpackpixeldata...

Critical: Red Hat Security Advisory: java-1.5.0-ibm security update

Updated java-1.5.0-ibm packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. IBM's 1.5.0 Java release includes the IBM Java 2...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are available for Red Hat Enterprise Linux 4 Extras. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Java Runtime Environment JRE contains the software and tools that user...

Vulnerability in the Java Runtime Environment May Allow an Untrusted Applet to Circumvent Network Access Restrictions

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

CVE-2007-3922

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE Applet Class Loader in Sun JDK and JRE 5.0 Update 11 and earlier, 6 through 6 Update 1, and SDK and JRE 1.4.214 and earlier, allows remote attackers to violate the security model for an applet's outbound connections by connecting to...

CVE-2007-3922

CVE-2007-3922 describes an unspecified vulnerability in the Sun JDK/JRE applet class loader that allows a remote attacker to violate the applet’s outbound connection restrictions by connecting to localhost services on the host that loaded the applet. Affected products/versions include Sun JDK/JRE...

Microsoft .NET Framework PE加载器远程溢出漏洞（MS07-040）

BUGTRAQ ID: 24778 CVECAN ID: CVE-2007-0041 Microsoft .NET Framework是一个流行的软件开发工具包。 .NET Framework PE加载器处理包含畸形数据的PE文件时存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 .NET Framework...

MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check)

The remote web server is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. - A ASP.NET NULL byte termination vulnerability could allow an...