php multiple integer overflows in gd

Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a large 1 srcW or 2 srcH value to the a gdImageCopyResized function, or a large 3 sy height or 4 sx width value to the b...

New release of MySQL fixes security bugs

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

CVE-2007-4220

Directory traversal vulnerability in Motorola Timbuktu Pro before 8.6.5 for Windows allows remote attackers to create or delete arbitrary files via a .. dot dot in a Send request, probably related to the 1 Send and 2 Exchange services...

GLSA-200708-10 : MySQL: Denial of Service and information leakage

The remote host is affected by the vulnerability described in GLSA-200708-10 MySQL: Denial of Service and information leakage Dormando reported a vulnerability within the handling of password packets in the connection protocol CVE-2007-3780. Andrei Elkin also found that the 'CREATE TABLE LIKE'...

MySQL: Denial of Service and information leakage

Background MySQL is a popular multi-threaded, multi-user SQL server. Description Dormando reported a vulnerability within the handling of password packets in the connection protocol CVE-2007-3780. Andrei Elkin also found that the "CREATE TABLE LIKE" command didn't require SELECT privileges on the...

Borland Interbase 2007 SP1 - Create-Request Remote Overflow

Borland Interbase 2007 SP1 - Create-Request Remote Overflow / http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064882.html Groetjes aan mijn sletjes: Doopie, Sjaakhans, PS en Sleepwalker :P All your base are belong to FD2K2! / include include include include include pragma...

Borland Interbase ibserver.exe create buffer overflow

Added: 07/26/2007 CVE: CVE-2007-3566 BID: 25048 OSVDB: 38602 Background Borland Interbase is a database solution for Windows, Linux, and Solaris platforms. Problem A buffer overflow in the database service, ibserver.exe , allows remote attackers to execute arbitrary commands by sending a speciall...

Borland Interbase database server buffer overflow

Buffer overflow on oversized TCP/3050 CREATE 0x14 request...

Microsoft Windows Vista/2003/XP/2000 file management security issues

Title: Microsoft Windows Vista/2003/XP/2000 file management security issues Author: 3APA3A, http://securityvulns.com/ Vendor: Microsoft and potentially another vendors Products: Microsoft Windows Vista/2003/XP/2000, Microsoft resource kit for Windows 2000 and different utilities. Access Vector:...

CVE-2007-3494

Papoo CMS 3.6, and possibly earlier, does not verify user privileges when accessing the backend administration plugins, which allows remote authenticated users to 1 read the entire database by accessing the database backup plugin via a devtools/templates/newdumpbackend.html argument in the templa...

CVE-2006-7213

Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database...

Inout Search Engine (all version) Remote Code Execution Exploit

Exploit for unknown platform in category web applications =============================================================== Inout Search Engine all version Remote Code Execution Exploit =============================================================== !/usr/bin/php -q -d shortopentag=on this is not a...

Design/Logic Flaw

manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to create additional administrative accounts, and have other unspecified impact, via modified username, newpass, newpass2, status, super, and certain other parameters in an add action...

CVE-2007-2592

Multiple cross-site scripting XSS vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allow remote attackers to inject arbitrary web script or HTML via the 1 username...

Mandrake Linux Security Advisory : php (MDKSA-2007:102)

A heap buffer overflow flaw was found in the xmlrpc extension for PHP. A script that implements an XML-RPC server using this extension could allow a remote attacker to execute arbitrary code as the apache user. This flaw does not, however, affect PHP applications using the pure-PHP XMLRPC class...

MyBlog 0.9.8 - 'Settings.php' Authentication Bypass

source: https://www.securityfocus.com/bid/23521/info MyBlog is prone to an authentication-bypass vulnerability. Attackers can exploit this issue to bypass the authentication mechanism and then access or overwrite files with arbitrary PHP script code. Script code added to certain files are later...

IceBB 1.0-rc5 - Remote Create Admin

!/usr/bin/perl IceBB 1.0-rc5 Remote Create Admin Exploit 1. register a user 2. run this exploit with this usage : $perl xpl.pl host&path uname pass 3. login with admin access : - magicquotesgpc = Off Coded & Discovered By Hessam-x / Hessamx-at-Hessamx.net use LWP::UserAgent; use HTTP::Cookies;...