Debian: Security Advisory (DSA-951-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1152)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 951-1 (trac)

The remote host is missing an update to trac announced via advisory DSA 951-1. Several vulnerabilities have been discovered in trac, an enhanced wiki and issue tracking system for software development projects. The Common Vulnerabilities and Exposures project identifie the following problems:...

SOL8280 - Cross-site scripting vulnerabilities in BIG-IP Configuration utility CVE-2008-0265

The vulnerability is only available to authenticated users. Theoretically, a malicious site could use another tab in an admin user's browser to hit a list URL and cause the admin user's Configuration utility to render malicious JavaScript in the admin user's browser. The results are not saved...

[SECURITY] Fedora 7 Update: python-cherrypy-2.2.1-8.fc7

CherryPy allows developers to build web applications in much the same way they would build any other object-oriented Python program. This usually results in smaller source code developed in less time...

SOL8186 - Cross-site scripting vulnerability in Apache mod_imap CVE-2007-5000

F5 Product Development has determined the likelihood of exploitation is low for the cross-site scripting XSS vulnerability disclosed in CVE-2007-5000. Exploiting this vulnerability would require an administrator of an F5 device to interact with a web page crafted by an attacker. Possible attacks...

applesmb-overflow.txt

/ Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179 http://seclists.org/fulldisclosure/2007/Dec/0445.html...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

No description provided by source. / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

Array overflow in id3lib (devel CVS)

Luigi Auriemma Application: id3lib http://id3lib.sourceforge.net Versions: only devel CVS stable 3.8.3 is NOT affected Platforms: Windows, nix and Mac Bug: array overflow Exploitation: local Date: 19 Dec 2007 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug...

Apple Mac OSX - mount_smbfs Local Stack Buffer Overflow

Apple Mac OSX - mountsmbfs Local Stack Buffer Overflow / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

FreeBSD : liveMedia -- DoS vulnerability (821afaa2-9e9a-11dc-a7e3-0016360406fa)

The live555 development team reports : Fixed a bounds-checking error in 'parseRTSPRequestString' caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...

Unfixed XSS vulnerability at www.leadershipdevelopment.co.uk

Security researcher Narcoticxs, has submitted on 12/09/2007 a cross-site-scripting XSS vulnerability affecting www.leadershipdevelopment.co.uk, which at the time of submission ranked 4753624 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Apple QuickTime 7.2/7.3 RSTP Response Universal Exploit (win/osx)

No description provided by source. Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code...

aquick-winosx.txt

Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code http://www.milw0rm.com/exploits/4651 recent Microsoft Windows exploit From Metasploit:...

Apple QuickTime 7.2/7.3 (OSX/Windows) - RSTP Response Universal

Copyright C 2007 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: http://www.milw0rm.com/exploits/4648 original Microsoft Windows code http://www.milw0rm.com/exploits/4651 recent Microsoft Windows exploit From Metasploit:...

liveMedia -- DoS vulnerability

The live555 development team reports: Fixed a bounds-checking error in "parseRTSPRequestString" caused by an int vs. unsigned problem. The function which handles the incoming queries from the clients is affected by a vulnerability which allows an attacker to crash the server remotely using the...

[SECURITY] Fedora 8 Update: tomcat5-5.5.25-1jpp.1.fc8

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 7 Update: tomcat5-5.5.25-1jpp.1.fc7

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

[SECURITY] Fedora 8 Update: chmsee-1.0.0-1.26.fc8

A gtk2 chm document viewer. It uses chmlib to extract files. It uses gecko to display pages. It supports displaying multilingual pages due to gecko. It features bookmarks and tabs. The tabs could be used to jump inside the chm file conveniently. Its UI is clean and handy, also is well localized. ...

SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135

F5 Product Development has determined that the BIG-IP and Enterprise Manager products use a vulnerable version of OpenSSL; however, the vulnerable code is not used in either TMM or in Apache on the BIG-IP system. The vulnerability is considered to be a local vulnerability and cannot be exploited...