HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

qt security update

CentOS Errata and Security Advisory CESA-2007:0721 Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

Windows RSH daemon 1.7 Remote Buffer Overflow Exploit

No description provided by source. / Attached and in-line is an exploit for a newly announced item on the WabiSabiLabi auction block. I hope this completely devalues the item so that the original finder dies of starvation. DON'T SELL BUGS THROUGH WABISABILABLA USE EXPLOITS TO HACK COMPUTERS INSTE...

sh3llc0de development and testing in the dumpbin of use-vulnerability warning-the black bar safety net

Of course, based on the MSFMetasploit Frameworkshellcode development of a simple have almost don't you go learn programming on something details, please refer to himself the preparation of the MSF Chinese manual, but for a beginner and like to explore the bottom of the people, The do-it-yourself...

emul-linux-x86-java: Multiple vulnerabilities

Background emul-linux-x86-java is the 32 bit version of the Sun's J2SE Development Kit. Description Chris Evans of the Google Security Team has discovered an integer overflow in the ICC parser, and another vulnerability in the BMP parser. An unspecified vulnerability involving an "incorrect use o...

[ GLSA 200705-23 ] Sun JDK/JRE: Multiple vulnerabilities

Gentoo Linux Security Advisory GLSA 200705-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

Sun JDK/JRE: Multiple vulnerabilities

Background The Sun Java Development Kit JDK and the Sun Java Runtime Environment JRE provide the Sun Java platform. Description An unspecified vulnerability involving an "incorrect use of system classes" was reported by the Fujitsu security team. Additionally, Chris Evans from the Google Security...

jetboxcms21-xss.txt

netVigilance Security Advisory 29 Jetbox CMS version 2.1 XSS Attack Vulnerability Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from layout. It uses p...

Integer overflow

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

Code injection

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

CVE-2007-2789

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

CVE-2007-2788

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

CVE-2007-2788

Integer overflow in the embedded ICC profile image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.120 and earlier...

CVE-2007-2789

CVE-2007-2789 concerns the BMP image parser in Sun JDK/JRE on Unix/Linux, where untrusted applets or applications that open arbitrary local files via a crafted BMP can cause the JVM to hang (DoS). Affected product ranges include JDK/JRE prior to 1.5.0_11-b03, 1.6.x prior to 1.6.0_01-b06, and olde...

[Full-disclosure] Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities

netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...

SOL4207 - Buffer overflow in mod_include - CAN-2004-0940

The version of modinclude used in BIG-IP and 3-DNS versions prior to 4.5.12 and 4.6.3 is vulnerable, but it is not enabled by default and is not enabled by using any BIG-IP or 3-DNS features. To enable modinclude, you must modify the httpd.conf file and then install HTML pages that use modinclude...

SOL4009 - Vulnerabilities in libpng - CAN-2004-0597, CAN-2004-0598, CAN-2004-0599

These vulnerabilities are described as methods under which an attacker could generate a PNG file that would cause applications that use libpng to execute arbitrary code. Since an attacker would require root access to the BIG-IP or 3-DNS in order to exploit this vulnerability, it is considered to ...

SOL4743 - Inadequate validation for TCP segments CVE-2005-0356

Multiple TCP implementations with Protection Against Wrapped Sequence Numbers PAWS with the timestamps option enabled allow remote attackers to cause a denial of service connection loss via a spoofed packet with a large timer value, which causes the host to discard later packets because they appe...

CVE-2007-2466

CVE-2007-2466 affects the LDAP Software Development Kit (SDK) for C used in Sun Java System Directory Server 5.2 (up to Patch 4) and Sun ONE Directory Server 5.1. The vulnerability is described as unspecified but enables remote attackers to cause a denial of service (crash) via certain BER encodi...

GLSA-200704-17 : 3proxy: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200704-17 3proxy: Buffer overflow The 3proxy development team reported a buffer overflow in the logurl function when processing overly long requests. Impact : A remote attacker could send a specially crafted transparent request to...