7096 matches found
CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...
CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...
CVE-2007-3806
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platforms, and possibly related to lack of initializati...
High Risk Flaw in Sun's Java Web Start
John Heasman of NGSSoftware has discovered a high risk vulnerability in Sun Microsystem's Java Web Start that ships with the JRE and JDK on Windows platforms. The vulnerability affects the following version of Java Web Start: Java Web Start in JDK and JRE 5.0 Update 11 and earlier Java Web Start ...
mydatebook-xsssql.txt
Application: My Datebook Web Sites: http://mealex.com/scripts.html http://www.theadminshop.com/ Versions: any no version numbers can be found Platform: linux, windows, freebsd, sun Bug: SQL Injection + XSS Severity: High since there is no need to authenticate. Fix Available: No...
lightblog-xss.txt
Application: Light Blog Web Site: http://www.publicwarehouse.co.uk/phpscripts/lightblog.php Versions: 4.1 Platform: linux, windows, freebsd, sun Bug: Cross site Scripting XSS Fix Available: Yes fixed with the Same version number. download file now called LightBlog.zip instead of Light.zip Advisor...
Symantec Enterprise Security Manager Denial-of-Service
SUMMARY Symantec Enterprise Security Manager ESM is susceptible to a race condition that can lead to a denial-of-service. Risk Impact Medium Remote Access | Yes ---|--- Local Access | No Authentication Required | No Exploit publicly available | No AFFECTED PRODUCTS Vulnerable Products Only the...
Immunity Canvas: ASUS_SAMBA
Name| asussamba ---|--- CVE| CVE-2007-2446 Exploit Pack| CANVAS Description| SAMBA apilsalookupsids Notes| CVE Name: CVE-2007-2446 VENDOR: Samba Platforms Tested: ASUS EEE with SAMBA 3.24 Date public: 5/15/2007 CVE Url: https://vulners.com/cve/CVE-2007-2446 CVSS: 10.0...
tomcat directory traversal
Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...
Low: Red Hat Security Advisory: cpio security and bug fix update
An updated cpio package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GNU cpio copies files into or out of a cpio or tar archive. A buffer overflow was found in cpio on 64-bit platform...
Apple QuickTime 7.1.5 - QTJava toQTPointer() Java Handling Arbitrary Code Execution
Apple QuickTime 7.1.5 - QTJava toQTPointer Java Handling Arbitrary Code Execution source: https://www.securityfocus.com/bid/23608/info QuickTime is prone to a vulnerability that may aid in the remote compromise of a vulnerable computer. The issue occurs when a Java-enabled browser is used to view...
security flaw
The CUPS service on multiple platforms allows remote attackers to cause a denial of service service hang via a "partially-negotiated" SSL connection, which prevents other requests from being accepted...
CYBSEC Pre-Advisory: SAP TRUSTED_SYSTEM_SECURITY RFC Function Information Disclosure
The following pre-advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSEC-SecurityAdvisorySAPTRUSTEDSYSTEMSECURITYRFCFunctionInformationDisclosure.pdf CYBSEC S.A. www.cybsec.com Pre-Advisory Name: SAP TRUSTEDSYSTEMSECURITY RFC Function Information Disclosure...
CVE-2007-1212
Buffer overflow in the Graphics Device Interface GDI in Microsoft Windows 2000 SP4; XP SP2; Server 2003 Gold, SP1, and SP2; and Vista allows local users to gain privileges via a crafted Enhanced Metafile EMF image format file...
Mercury IMAP data continuation buffer overflow
Added: 03/22/2007 CVE: CVE-2007-1373 OSVDB: 33883 Background Mercury Mail Transport System is an e-mail server product for Windows and NetWare. Problem A buffer overflow vulnerability in the Mercury IMAP service when processing data continuation specifiers allows remote attackers to execute...
CVE-2007-0720
The CUPS service on multiple platforms allows remote attackers to cause a denial of service service hang via a "partially-negotiated" SSL connection, which prevents other requests from being accepted...
PHP zend_hash_init function infinite loop
Infinite loop on 64-bit platforms...
Important: Red Hat Security Advisory: php security update
Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...
MDKA-2006:007 : festival
The festival program on x86 platforms crashes when the user attempts to use it. The updated packages are rebuilt against the correct libraries and correct this issue. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disable...
Fedora Core 4 : libwmf-0.2.8.3-8.2 (2006-832)
CVE-2006-3376: fix minor side-effect on 64bit platforms Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...