PT-2008-5349 · Microsoft · Windows Xp +4

Name of the Vulnerable Software and Affected Versions: Microsoft Windows XP versions SP2 through SP3 Microsoft Windows Server 2003 versions SP1 through SP2 Microsoft Windows Vista versions Gold through SP1 Microsoft Windows Server 2008 affected versions not specified Description: The issue is...

qemu/xen/kvm: ioemu: Fix PVFB backend to limit frame buffer size

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

/ / / / / | | | | / / ||| | | | | | | | | | / | | | | | | || | / | | || | / / / |/ / / / MapCal - The Mapping Calendar v. 0.1 Remote SQL Injection Author: 0x90 HomePage: www.0x90.com.ar Contact: Gunsat0x90dotcomdotar Script: MapCal - The Mapping Calendar site: http://mapcal.sourceforge.net...

[SECURITY] Fedora 9 Update: xastir-1.9.2-9.fc9

Xastir is a graphical application that interfaces HAM radio and internet access to realtime mapping software. Install XASTIR if you are interested in APRStm and HAM radio software...

[SECURITY] Fedora 8 Update: xastir-1.9.2-8.fc8

Xastir is a graphical application that interfaces HAM radio and internet access to realtime mapping software. Install XASTIR if you are interested in APRStm and HAM radio software...

[SECURITY] Fedora 8 Update: xastir-1.9.2-8.fc8

Xastir is a graphical application that interfaces HAM radio and internet access to realtime mapping software. Install XASTIR if you are interested in APRStm and HAM radio software...

DEBIAN-CVE-2008-3789

Samba 3.2.0 uses weak permissions 0666 for the 1 groupmapping.tdb and 2 groupmapping.ldb files, which allows local users to modify the membership of Unix groups...

kernel security and bug fix update

2.6.18-92.1.10.0.1.el5 - NET Add entropy support to e1000 and bnx2 John Sobecki orabug 6045759 - splice Fix bad unlockpage in error case Jens Axboe orabug 6263574 - dio fix error-path crashes Linus Torvalds orabug 6242289 - NET fix netpoll race Tina Yang orabugz 5791 2.6.18-92.1.10.el5 - ia64...

Design/Logic Flaw

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

CVE-2008-1952

The backend for XenSource Xen Para Virtualized Frame Buffer PVFB in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service crash by mapping an arbitrary amount of guest memory...

DMS POP3 Server (1.5.3 build 37) Buffer Overflow Exploit

No description provided by source. ===== Start DMSPOP3Overflow.pl ===== Usage: DMSPOP3Overflow.pl ip port DMSPOP3Overflow.pl 127.0.0.1 110 DMS POP3 Server for Windows 2000/XP 1.5.3 build 37 Download: http://www.digitalmapping.sk.ca/pop3srv/default.asp Patch:...

Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

Overview modimap and modimagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server...

Android软件开发工具包BMP文件处理整数溢出漏洞

BUGTRAQ ID: 28006 CVECAN ID: CVE-2008-0986 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android SDK的libsgl.so库中的BMP::readFromStreamStream , ImageDecoder::Mode方式在解析BMP图形文件头时存在整数溢出漏洞，远程攻击者可能利用此漏洞控制用户设备。 如果BMP文件头的offset字段值为负数且Bitmap Information部分（DIB头）指定了8...

php5. 2. 3 remote CGI buffer overflow vulnerability-vulnerability warning-the black bar safety net

yuange Affected versions: php5. 2. 3 Does not affect the version: other version php5. 2. 3 in processing the CGI of the time, due to a programming error, missing parentheses, and wrong calculation of string length, resulting in a heap buffer overflow and possible remote execution of arbitrary cod...

CVE-2008-0717

Cross-site scripting XSS vulnerability in Caching Proxy CP 5.1 through 6.1 in IBM WebSphere Edge Server, when CGI mapping rules are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger injection into an error response...

CVE-2008-0717

CVE-2008-0717 affects IBM WebSphere Edge Server’s Caching Proxy (CP) 5.1–6.1. When CGI mapping rules are enabled, it enables cross-site scripting by injecting arbitrary script/HTML that is reflected in an error response. The NVD entry lists a NETWORK attack vector with MEDIUM complexity, requirin...

Debian Security Advisory DSA 1257-1 (samba)

The remote host is missing an update to samba announced via advisory DSA 1257-1. Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and...

Apple Mac OS X mount_smbfs Stack Based Buffer Overflow Exploit

No description provided by source. / Copyright C 2007-2008 Subreption LLC. All rights reserved. Visit http://blog.subreption.com for exploit development notes. References: CVE-2007-3876 http://docs.info.apple.com/article.html?artnum=307179...

Apache 2.2.6 (Windows) - Share PHP File Extension Mapping Information Disclosure

source: https://www.securityfocus.com/bid/26939/info Apache is prone to an information-disclosure vulnerability. This issue occurs because Apache fails to properly associate file extensions with the correct engines when handling specially crafted requests for files on Windows SMB shares. Attacker...

CVE-2007-6416

The copytouser function in the PAL emulation functionality for Xen 3.1.2 and earlier, when running on ia64 systems, allows HVM guest users to access arbitrary physical memory by triggering certain mapping operations...