PHP <= 5.2.5 stream_wrapper_register() denial of service

Application: PHP = 5.2.5 Web Site: http://php.net Platform: unix Bug: Denial of service fonction: streamwrapperregister special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1...

[SECURITY] Fedora 7 Update: kdevelop-3.5.0-4.fc7

The KDevelop Integrated Development Environment provides many features that developers need as well as providing a unified interface to programs like gdb, the C/C++ compiler, and make. KDevelop manages or provides: All development tools needed for C++ programming like Compiler, Linker, automake a...

[SECURITY] Fedora 7 Update: kdewebdev-3.5.8-3.fc7

Web development applications, including: kfilereplace: batch search and replace tool kimagemapeditor: HTML image map editor klinkstatus: link checker kommander: visual dialog building tool kxsldbg: xslt Debugger quanta+: web development...

[SECURITY] Fedora 7 Update: Django-0.96.1-1.fc7

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

[SECURITY] Fedora 8 Update: Django-0.96.1-1.fc8

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

DSA-1402-1 gforge - insecure temporary files

Bulletin has no description...

helios-xss.txt

Hi PacketStormSecurity.org; I'm reporting a vulnerability of type XSS in Helios Calendar, thank you for all. +==============================================================================+ + Helios Calendar =1.2.1 Beta XSS Multiple Remote Vulnerabilities +...

Microsoft Visual Studio PDWizard.ocx ActiveX Control Code Execution (CVE-2007-4891)

Microsoft Visual Studio is a software development product for computer programmers. It centers on an integrated development environment which lets programmers create standalone applications, web sites, web applications, and web services.The vulnerability is due to an error in the Microsoft Visual...

openSUSE 10 Security Update : km_drm (km_drm-4484)

This update fixes the following issues: X Font Server buildrange Integer Overflow Vulnerability IDEF2708, X Font Server swapchar2b Heap Overflow Vulnerability IDEF2709, Composite extension buffer overflow. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package check...

openSUSE 10 Security Update : libmusicbrainz (libmusicbrainz-2044)

This update fixes various buffer overflows that can by exploited by malicious servers to execute arbitrary code. CVE-2006-4197 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

PT-2007-6354 · Oracle +1 · Jdk +3

Name of the Vulnerable Software and Affected Versions: sun jdk affected versions not specified sun jre affected versions not specified sun sdk affected versions not specified Description: Potential security vulnerabilities have been identified in Java Runtime Environment JRE and Java Developer Ki...

Unfixed XSS vulnerability at www.classicwebdevelopment.com

Security researcher OMEHA, has submitted on 10/05/2007 a cross-site-scripting XSS vulnerability affecting www.classicwebdevelopment.com, which at the time of submission ranked 4190254 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/05/2007. ...

Unfixed XSS vulnerability at www.yycc.net

Security researcher MaXWeL, has submitted on 10/03/2007 a cross-site-scripting XSS vulnerability affecting www.yycc.net, which at the time of submission ranked 536725 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/03/2007. It is currently...

obedit-xss.txt

=============================================== Obedit v3.03 - XSS Vuln. =============================================== Author: Ishkur Impact: XSS and Cookie Alert Patches: in development ------------------------------------------- Affected Software Description:...

XSS on Obedit v3.03

=============================================== Obedit v3.03 - XSS Vuln. =============================================== Author: Ishkur fuxxx0rz at gmail com Impact: XSS and Cookie Alert Patches: in development ------------------------------------------- Affected Software Description:...

kdm -- passwordless login vulnerability

The KDE development team reports: KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled...

SOL7923 - Cross-site scripting vulnerability in the logon page after enabling a pre-logon sequence - CVE-2007-6704

A cross-site scripting XSS vulnerability—CVE-2007-6704—exists in the FirePass logon page when a pre-logon sequence is enabled. The affected FirePass URL fails to fully sanitize URL input before the web page content is sent to the browser. It is possible for an attacker to create web pages,...