CVE-2007-3765

The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service crash via a crafted STUN length attribute in a STUN packet sent on an RTP port...

Code injection

The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service gateway stop via certain certificates...

CVE-2007-3805

The IKE implementation in Clavister CorePlus before 8.80.03, and 8.80.00, does not properly validate certificates during IKE negotiation, which allows remote attackers to cause a denial of service gateway stop via certain certificates...

Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net

On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...

CVE-2007-3341

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217...

DSA-1314-1 open-iscsi

Bulletin has no description...

[Full-disclosure] SafeNET High Assurance Remote/SoftRemote (IPSecDrv.sys) remote DoS

Attached is POC for a remote DoS in IPSecDrv.sys shipped with SafeNET High Assurance Remote and SoftRemote. The version tested is 10.4.0.12. The bug itself is due to SafeNET making a complete hash of IPv6 support for IPSec. The result of the code is a complete DoS of the machine in Kernel mode...

Buffer overflow

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service listener crash via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party...

Blackdown Java: Applet privilege escalation

Background Blackdown provides implementations of the Java Development Kit JDK and the Java Runtime Environment JRE. Description Chris Evans has discovered multiple buffer overflows in the Sun JDK and the Sun JRE possibly related to various AWT and font layout functions. Tom Hawtin has discovered ...

PHP mcrypt_create_iv不安全加密实现漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP生成随机加密种子的算法上存在漏洞，远程攻击者可能利用此漏洞获取非授权访问。 PHP的mcryptcreateiv函数以未初始化的变量做为种子调用phprandr，导致生成器反复生成相同的IV，具体取决于系统的栈结构。在某些情况下栈结构可能导致生成完全可预测的种子，因此也会生成可预测的IV，而非随机的IV会导致较弱的加密算法。 PHP PHP = 5.2.1 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

SunShop Shopping Cart 4.0 - 'index.php?l' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to steal cookie-based authentication...

Apple QTJava toQTPointer() code execution

Unsafe implementation of Java method allows to overwrite memory regions...

Phorum 5.1.20 - admin.php?module[] Full Path Disclosure

Phorum 5.1.20 - admin.php?module Full Path Disclosure source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting...

Phorum 5.1.20 - 'admin.php?Groups Module group_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

Sun Solaris IP实现远程拒绝服务漏洞

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris 8/9的IP实现上存在安全漏洞，远程非特权用户可能利用此漏洞通过发送特制IP报文降低联网Solaris系统的性能。 Solaris系统上可见大量的伪造IP碎片和/或大量的IP碎片重组失败。例如，运行以下命令： % /usr/bin/netstat -s | /usr/bin/egrep 'ReasmDuplicates|ReasmFails' 可能显示很高的ipv6ReasmDuplicates和ipv6ReasmFails计数器值。 此外，单处理器的Solaris...

CVE-2007-2045

Unspecified vulnerability in the IP implementation in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service CPU consumption via crafted IP packets, probably related to fragmented packets with duplicate or missing fragments...

CVE-2007-2045

The CVE-2007-2045 vulnerability affects the IP stack in Sun Solaris 8 and 9. A remote attacker can trigger a denial-of-service (CPU consumption) by sending crafted IP packets, likely involving fragmented packets with duplicate or missing fragments. Impact is described as CPU depletion leading to ...

FreeBSD : fetchmail -- insecure APOP authentication (f1c4d133-e6d3-11db-99ea-0060084a00e5)

Matthias Andree reports : The POP3 standard, currently RFC-1939, has specified an optional, MD5-based authentication scheme called 'APOP' which no longer should be considered secure. Additionally, fetchmail's POP3 client implementation has been validating the APOP challenge too lightly and accept...

DropAFew 0.2 - editlogcal.php?save Action calories SQL Injection

DropAFew 0.2 - editlogcal.php?save Action calories SQL Injection source: https://www.securityfocus.com/bid/23400/info DropAFew is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues...

UBBCentral UBB.Threads 6.1.1 - 'UBBThreads.php' SQL Injection

source: https://www.securityfocus.com/bid/23369/info UBB.threads is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...