konquerer -- address bar spoofing

The KDE development team reports: The Konqueror address bar is vulnerable to spoofing attacks that are based on embedding white spaces in the url. In addition the address bar could be tricked to show an URL which it is intending to visit for a short amount of time instead of the current URL...

qt security update

CentOS Errata and Security Advisory CESA-2007:0883 Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

Directory traversal

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...

CVE-2007-4842

Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. dot dot in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder...

CVE-2007-4842

CVE-2007-4842 affects Enriva Development Magellan Explorer 3.32 build 2305 and earlier. It describes a directory traversal via .. in a filename that remote FTP servers can use to create/overwrite arbitrary files. The note indicates this can be leveraged for code execution by writing to a Startup ...

PHP 5.2.4 <= various mysql functions safemode & open_basedir bypass

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: safemode & openbasedir bypass ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Credits =========== 1 Introduction =========== "PHP is a widely-used general-purpose scripting...

PHP <=5.2.4 open_basedir bypass & code exec & denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1...

[SECURITY] Fedora 7 Update: qgit-1.5.7-1.fc7

With qgit you are able to browse revisions history, view patch content and changed files, graphically following different development branches...

php524-basedir.txt

Application: PHP dll . / Bug: openbasedir bypass & code exec & denial of service/some people call this as a buffer overflow , but it's a denial of service./ special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept ...

Lighttpd <= 1.4.16 FastCGI Header Overflow Remote Exploit

No description provided by source. / Remote Lighttpd + FastCGI + PHP example exploit Tested with Lighttpd 1.4.16 and PHP 5.2.4 To avoid abuse there's a "remove me" in the code. Example: ./exploit localhost 80 /etc/passwd or wget --referer="?php system'/usr/bin/id'; ?" localhost ./exploit localhos...

PHP <= 5.2.4 multiple Iconv functions denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service function: iconv,iconvstrlen,iconvmimedecode,iconvmimedecodeheaders special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4...

[HISPASEC] 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal

HISPASEC Security Advisory http://blog.hispasec.com/lab/ Name : 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP Client Directory Traversal Class : Remote Directory Traversal Threat level : HIGH Discovered : 2007-08-14 Published : 2007-09-06 Credit : Gynvael Coldwind Vulnerable : 3.32 built...

PHP <=5.2.4 iconv_substr() denial of service

Application: PHP =5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service function: iconvsubstr special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

PHP < 5.2.3 fnmatch() denial of service

Application: PHP 5.2.3 Web Site: http://php.net Platform: unix Bug: denial of service fonction: fnmatch special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

PHP < 5.2.4 setlocale() denial of service

Application: PHP 5.2.4 Web Site: http://php.net Platform: unix Bug: denial of service fonction: setlocale special condition: default php-memory-limit ------------------------------------------------------- 1 Introduction 2 Bug 3 Proof of concept 4 Greets 5 Credits =========== 1 Introduction...

SOL7854 - Web Applications Content Processing Scripts vulnerability

F5 Product Development tracked this issue as CR81839 and it was fixed in FirePass 6.0.2. For information about upgrading, refer to the FirePass release notes. Additionally, cumulative hotfix HF-552-10 has been issued for FirePass 5.5.2, cumulative hotfix HF-600-15 has been issued for FirePass 6.0...

Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 8.1 / 9.0 / 9.1 : java (jre, jdk) (SSA:2007-243-01)

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 Updated versions of both the jre and jdk packages are provided whic...

[slackware-security] java (jre, jdk)

Sun has released security advisories pertaining to both the Java Runtime Environment and the Standard Edition Development Kit. One such advisory may be found here: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102995-1 Updated versions of both the jre and jdk packages are provided whic...

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...