Design/Logic Flaw

Bandersnatch 0.4 allows remote attackers to obtain sensitive information via a malformed request for index.php with 1 a certain func parameter value; or 2 certain func, jid, page, and limit parameter values; which reveals the path in various error messages...

texinfo-poc.txt

--==+=============================================+==-- --==+ texinfo = 4.9 format string vuln PoC +==-- --==+=============================================+==-- DISCOVERED BY: Cody Rester WEBSITE: www.codyrester.com --==+=============================================+==-- TIMELINE:...

php -- multiple security vulnerabilities

PHP project reports: Security Enhancements and Fixes in PHP 5.2.5: Fixed dl to only accept filenames. Reported by Laurent Gaffie. Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences...

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom CTAB in a movie file, related to the CTAB RGB values...

Fedora 7 : kernel-2.6.22.4-65.fc7 (2007-1785)

Update to kernel 2.6.22.2, 2.6.22.3 and 2.6.22.4: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.3 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.4 - Fix failure to find serial ports on some machines. -...

Fedora 7 : util-linux-2.13-0.54.1.fc7 (2007-2462)

Mon Oct 8 2007 Karel Zak 2.13-0.54.1 - fix 320131 - CVE-2007-5191 util-linux umount doesn't drop privileges properly when calling helpers F7 - Wed Aug 8 2007 Karel Zak 2.13-0.54 - backport mount relatime patch - Thu Aug 2 2007 Karel Zak 2.13-0.53 - fix 236848 - mount/fstab.c:lockmtab should open...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

CVE-2007-1321

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier wa...

openSUSE 10 Security Update : openldap2 (openldap2-1917)

This fixes a bug in the Access Control Processing that allowed users with 'selfwrite' access to an attribute to modify arbitrary values of that attribute, instead of just allowing them to add/delete their own DN to/from that attribute. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1385-1 : xfs - several vulnerabilities

Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

[SECURITY] [DSA 1385-1] New xfs packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1385-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 9th, 2007 http://www.debian.org/security/faq -...

CVE-2007-5229

Cross-site request forgery CSRF vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurnerFeedSmithPlugin.php, as demonstrated by the ...

CVE-2007-4568

Integer overflow in the buildrange function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow...

CVE-2007-4990

The swapchar2b function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password and rpassword parameters, possibly related to timestamp values...

CVE-2007-5060

Cross-site request forgery CSRF vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password and rpassword parameters, possibly related to timestamp values...

Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:186)

An integer overflow in the TIFF parser in OpenOffice.org prior to version 2.3 allows remote attackers to execute arbitrary code via a TIFF file with crafted values which triggers the allocation of an incorrect amount of memory which results in a heap-based buffer overflow. Updated packages have...

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org OOo before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite StarSuite; allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of...