[Advisory] Invision Power Board <= 2.3.5 Multiple Vulnerabilities and Security Bypass

Title: Invision Power Board = 2.3.5 Multiple Vulnerabilities and Security Bypass Vendor: http://www.invisionpower.com/community/board/ Advisory: http://acid-root.new.fr/?0:18 Author: DarkFig gmdarkfig at gmail dot com Released on: 2008/08/29 Changelog: 2008/08/29 Summary: Introduction Blind SQL...

Code injection

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

DEBIAN-CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

libxml2 -- two vulnerabilities

Secunia reports: Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise an application using the library. 1 A recursion error exists when processing certain XML content. This can be exploited to e.g...

PT-2008-1091 · Xmlsoft +1 · Libxml2 +1

Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.6.32 and earlier Description: The issue allows context-dependent attackers to cause a denial of service, consuming memory and CPU, via a crafted XML document. This is due to improper detection of recursion during entity...

Apache multiple DoS conditions

modproxy requests recursion, modssl memory leak...

SOL8938 - BIND DNS cache poisoning vulnerability - CVE-2008-1447 - VU#800113

This security advisory describes a BIND 8 and BIND 9 vulnerability which allows remote attackers to spoof DNS traffic using cache poisoning techniques against recursive resolvers. With the exception of FirePass, the F5 products listed as affected in this security advisory run a version of BIND th...

Debian Security Advisory DSA 1155-2 (sendmail)

The remote host is missing an update to sendmail announced via advisory DSA 1155-2. It turned out that the sendmail binary depends on libsasl2 = 2.1.19.dfsg1 which is neither available in the stable nor in the the security archive. This version is scheduled for the inclusion in the next update of...

Debian: Security Advisory (DSA-1155-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 10 Security Update : libexif (libexif-4886)

Two bugs in libexif were identified by a Google Security Audit done by Meder Kydyraliev. CVE-2007-6351: Loading EXIF data could be used to cause a infinite recursion and crash CVE-2007-6352: Integer overflows in the thumbnail handler could be used to overflow buffers and potentially execute code ...

GLSA-200712-17 : exiftags: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-17 exiftags: Multiple vulnerabilities Meder Kydyraliev Google Security discovered that Exif metadata is not properly sanitized before being processed, resulting in illegal memory access in the postprop and other functions...

GLSA-200712-15 : libexif: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200712-15 libexif: Multiple vulnerabilities Meder Kydyraliev Google Security discovered an integer overflow vulnerability in the exifdataloaddatathumbnail function leading to a memory corruption CVE-2007-6352 and an infinite...

exiftags: Multiple vulnerabilities

Background exiftags is a library and set of tools for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered that Exif metadata i...

libexif: Multiple vulnerabilities

Background libexif is a library for parsing, editing and saving Exif metadata from images. Exif, the Exchangeable image file format, specifies the addition of metadata tags to JPEG, TIFF and RIFF files. Description Meder Kydyraliev Google Security discovered an integer overflow vulnerability in t...

[Full-disclosure] [ GLSA 200712-15 ] libexif: Multiple vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200712-15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

CVE-2007-6351

libexif 0.6.16 and earlier allows context-dependent attackers to cause a denial of service infinite recursion via an image file with crafted EXIF tags, possibly involving the exifloaderwrite function in exifloader.c...

CVE-2007-6351

CVE-2007-6351 affects libexif up to version 0.6.16 and earlier via crafted Exif tags, causing an infinite recursion that can crash the application; CVE-2007-6352 is an accompanying integer-overflow issue in the same Exif parsing path that could crash or, in some contexts, allow code execution. Th...