Authorization

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

CVE-2007-5825

Format string vulnerability in the wsaddarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the 1 username or 2 password portion of base64-encoded...

CVE-2007-5824

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

CVE-2007-5824

webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service NULL dereference and daemon crash via a stats method action to /xml-rpc with 1 an empty Authorization header line, which triggers a crash in the wsdecodepassword function; or 2 a...

Firefly Media Server <= 0.2.4 Remote Denial of Service Exploit

Exploit for linux platform in category dos / poc ============================================================== Firefly Media Server = 0.2.4 Remote Denial of Service Exploit ============================================================== !C:\python25\python25.exe """ Advisory : UPH-07-02...

GLSA-200709-18 : Bugzilla: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200709-18 Bugzilla: Multiple vulnerabilities Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the 'buildid' parameter when filing bugs CVE-2007-4543. The next two vulnerabiliti...

Bugzilla: Multiple vulnerabilities

Background Bugzilla is a web application designed to help with managing software development. Description Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not properly sanitize the content of the "buildid" parameter when filing bugs CVE-2007-4543. The next two vulnerabilities onl...

RHN Satellite xmlrpc flaw

Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 allows remote authenticated users to execute arbitrary code via unknown vectors in a "back-end XMLRPC handler."...

CVE-2007-4539

The WebService XML-RPC interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the 1 Deadline and 2 Estimated Time fields...

CVE-2007-4539

The WebService XML-RPC interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the 1 Deadline and 2 Estimated Time fields...

Design/Logic Flaw

The WebService XML-RPC interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the 1 Deadline and 2 Estimated Time fields...

CVE-2007-4539

CVE-2007-4539 concerns Bugzilla’s WebService (XML-RPC) interface. Affected product versions are Bugzilla 2.23.3 through 3.0.0. The root cause is that the XML-RPC interface does not enforce permissions for the time-tracking fields of bugs, enabling a remote attacker to obtain sensitive information...

CVE-2007-4539

The WebService XML-RPC interface in Bugzilla 2.23.3 through 3.0.0 does not enforce permissions for the time-tracking fields of bugs, which allows remote attackers to obtain sensitive information via certain XML-RPC requests, as demonstrated by the 1 Deadline and 2 Estimated Time fields...

Bugzilla多个远程安全漏洞

BUGTRAQ ID: 25420 Bugzilla是很多软件项目都在使用的基于Web的bug跟踪系统。 Bugzilla的实现上存在多个远程安全漏洞，远程攻击者可能利用这些漏洞在服务器上执行恶意命令或导致信息泄露。 在归档bug的时候Bugzilla没有正确地转义指导表单中的buildid字段，这可能允许用户通过向enterbug.cgi提交恶意URL覆盖User-Agent字符串，执行跨站脚本攻击。...

Sql injection

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897...

CVE-2007-3140

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897...

CVE-2007-3140

SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a different vector than CVE-2007-1897...

php security update

CentOS Errata and Security Advisory CESA-2007:0348 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting langua...

RHEL 4 : php (RHSA-2007:0349)

Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A hea...

php security update

CentOS Errata and Security Advisory CESA-2007:0349 Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language...