DEBIAN-CVE-2007-3765

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted STUN length attribute in a STUN packet sent on an RTP port...

Cross site scripting

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...

Stack overflow

Multiple stack-based buffer overflows in a InterActual Player 2.60.12.0717 and b Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a 1 long FailURL attribute in the IAMCE ActiveX Control IAMCE.dll or a 2 long URLCode attribute in the IAKey ActiveX Control IAKey.dll. NOTE:...

CVE-2007-3511

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated ...

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

Design/Logic Flaw

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated ...

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...

CVE-2007-3482

CVE-2007-3482 concerns Cross-domain vulnerability in Apple Safari for Windows 3.0.1 where JavaScript can overwrite the document variable and statically set document.domain, allowing a remote attacker to bypass the same-origin policy and access restricted information from other domains. The connec...

CVE-2007-3417

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

CVE-2007-3417

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

CVE-2007-3342

Multiple cross-site scripting XSS vulnerabilities in Movable Type MT before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have 1 a malformed SGML numeric character reference with a '\0' 0x00 character in a javascript: URI or 2 an attribute in an element that...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Movable Type MT before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have 1 a malformed SGML numeric character reference with a '\0' 0x00 character in a javascript: URI or 2 an attribute in an element that...

Code injection

Unspecified vulnerability in Sun ONE/Java System Directory Server slapd 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors...

CVE-2007-3224

Unspecified vulnerability in Sun ONE/Java System Directory Server slapd 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the rich text editor in Webwiz allows remote attackers to inject arbitrary web script or HTML via URL-encoded HTML composed of a frameset in which a frame has a SRC attribute pointing to a JavaScript document...

CVE-2007-3006

Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute. NOTE: it was later claimed that 4.51 Build 147 is also affected...

PHP 5.2.3 - EXTSession HTTP Response Header Injection

PHP 5.2.3 - EXTSession HTTP Response Header Injection source: https://www.securityfocus.com/bid/24268/info PHP is prone to an HTTP-response-header-injection vulnerability because it fails to sanitize user-supplied input. An attacker can exploit this issue to inject additional cookie attributes in...

Code injection

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...

CVE-2007-2722

Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers to cause a denial of service application instability via certain invalid strings in the URL attribute of an ENCLOSURE element, as demonstrated by a "%s" sequence, a "%Y" sequence, a "%%" sequence, and an "n," sequence...

CVE-2007-2698

The Administration Console in BEA WebLogic Server 9.0 may show plaintext Web Service attributes during configuration creation, which allows remote attackers to obtain sensitive credential information...