ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability

ZDI-08-017: Apple QuickTime Kodak Encoding Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-017 April 3, 2008 -- CVE ID: CVE-2008-1020 -- Affected Vendors: Apple -- Affected Products: Apple Quicktime 7.4.1 -- Vulnerability Details: This vulnerability allows attackers...

Apple QuickTime Kodak Encoding Heap Overflow Vulnerability

This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the quicktime.qt...

Debian: Security Advisory (DSA-1087-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2008-0005

modproxyftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting XSS attacks using UTF-7 encoding...

google-utf7xss.txt

XSS with UTF-7 in Google XSS with UTF-7 was found in www.google.com already fixed. Although charset was specified in HTTP response header, but charset-name was incorrect so XSS occurred. PoC: http://www.google.com/search?hl=en&oe=cp932&q=%2BADw-script%2BAD4-alert...

CVE-2007-6318

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DBCHARSET is set to 1 Big5, 2 GBK, or possibly other character set encodings that support a "" in a multibyte character...

Numerous XSS Type 2 vulnerabilities in macros bundled with Confluence

'd like to report critical vulnerabilities in 3 of your macros - Column, Image, Block and Code macros. The vulnerabilities are classified as XSS Type 2 stored and the details with example exploits are in the pdfs attached. Because of similarity of the vulnerabilities assume that it is more than...

SAP NetWeaver和Web Dynpro Java跨站脚本漏洞

SAP Web Dynpro Java是一款Java的WEB应用服务程序。 SAP Web Dynpro Java不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 NetWeaver Application包含的User-Agent-Header内容在服务器应答时没有采用正确的编码，伪造User-Agent-Header可触发跨站脚本问题，构建恶意WEB页，诱使用户访问，可导致获得目标用户敏感信息。 SAP NetWeaver Nw04s SP9 SAP NetWeaver Nw04s SP8 SAP NetWeaver Nw04s SP7 SAP...

jsp vulnerabilities and solutions-vulnerability warning-the black bar safety net

Overview: The server vulnerability is a security Origin, a hacker on the site of the attack is also mostly from the Find each other's vulnerabilities. So only understand its own vulnerability, the site managers to take appropriate measures to prevent foreign attacks. The following describes some ...

MediaWiki Cross-site Scripting

MediaWiki Cross-site Scripting Vulnerabilities. Date: 18/02/2007 Vendor: MediaWiki Vulnerable versions: MediaWiki 1.9.2 latest and below. Description: MediaWiki v1.8.2 and below are vulnerable to plain Cross-site scripting attack by expliting the experimental AJAX features, if enabled default. Th...

MediaWiki Cross-site Scripting

MediaWiki Cross-site Scripting Vulnerabilities. Date: 18/02/2007 Vendor: MediaWiki Vulnerable versions: MediaWiki 1.9.2 latest and below. Description: MediaWiki v1.8.2 and below are vulnerable to plain Cross-site scripting attack by expliting the experimental AJAX features, if enabled default. Th...

WordPress wp-trackback. php vulnerability analysis-vulnerability warning-the black bar safety net

WordPress wp-trackback. php vulnerability analysis Text/Superhei 2007/1/9 1. Stefan Esser, a large cattle 2 0 0 7/0 1/0 5 publish a WordPress Trackback Charset Decoding SQL Injection Vulnerability 1 Code:wp-trackback.php $tburl = $POST'url'; $title = $POST'title'; $excerpt = $POST'excerpt';...

CVE-2006-5718

CVE-2006-5718 is an XSS vulnerability in phpMyAdmin (versions 2.6.4–2.9.0.2) where UTF-7/US-ASCII data injected into error.php could be reflected in error messages. The issue affects phpMyAdmin installations using those versions; SUSE/NASL advisories note a patched package upgrading to 2.9.1.1 th...

PHP functions buffer overflow

Buffer overflow in htmlentities and htmlspecialchars on UTF-8 encoding...

MS Windows WebDAV Remote PoC Exploit

No description provided by source. // / IIS 5.0 WebDAV -Proof of concept- / / Bug: CAN-2003-0109 / / By Roman Medina-Heigl Hernandez / / aka RoMaNSoFt [email protected] / / Madrid, 23.Mar.2003 / / ================================= / / Public release. Version 1. / / -------------------------------...

solaris/sparc connect-back with XNOR encoded session 600 bytes

solaris/sparc connect-back with XNOR encoded session 600 bytes. Shellcode exploit for solarissparc platform / black-RXenc-con-back-SOLARIS.c MIPS This is a relitivly small 600 byte shellcode that encodes all network trafic between the exploited process and the attacker. All clear-text shell i/o i...

CVE-2006-3227

Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, whi...

[SECURITY] [DSA 1087-1] New PostgreSQL packages fix encoding vulnerabilities

-------------------------------------------------------------------------- Debian Security Advisory DSA 1087-1 [email protected] http://www.debian.org/security/ Martin Schulze June 3rd, 2006 http://www.debian.org/security/faq -...

DSA-1087-1 postgresql - programming error

Bulletin has no description...

Design/Logic Flaw

libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service CPU consumption via unknown vectors involving usernames that contain the "=" equals character, which is not properly handled during encoding...