VulnCheck KEV: CVE-2004-0431

Integer overflow in Apple QuickTime QuickTime.qts before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow...

CVE-2010-0528

Apple QuickTime before 7.6.6 on Windows allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via crafted color tables in a movie file, related to malformed MediaVideo data, a sample description atom STSD, and a crafted length value...

UHTTP Server Path Traversal

uhttp Server Path Traversal Vulnerability Name uhttp Server Vendor http://uhttps.sourceforge.net Versions Affected 0.1.0-alpha Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-03-10 X. INDEX I. ABOUT THE APPLICATION I...

[SECURITY] Fedora 12 Update: argyllcms-1.0.4-5.fc12

The Argyll color management system supports accurate ICC profile creation f or scanners, CMYK printers, film recorders and calibration and profiling of displays. Spectral sample data is supported, allowing a selection of illuminants obse rver types, and paper fluorescent whitener additive...

Cyclist Floyd Landis Suspected of Hiring Hacker

In a bid to demonstrate that the French Chatenay-Malabry laboratory made a mistake while analyzing his fateful urine sample that stripped him of his 2006 Tour de France win, Landis apparently commissioned a hacker to break into their computers and steal documents that would help his cause. Read a...

Apple iTunes AAC File Handling Integer Overflow (CVE-2006-1467)

Apple iTunes is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous video and audio formats. One of the formats that the player is capable of processing is the protected advanced audio coding AAC media fil...

SAMPLE Lord 1.0 Cross Site Scripting

+===================================================================================+ ./SEC-R1Z / / / / /\ \ |/ / \ \ / / / / | | / | | / / \ / / / / | || / | | / / \ \ \ \2009 | \ | | / / / \ /\ / ||\ \ ||/ \ R.I.P MichaelJackson !!!!!...

Microsoft IIS 5.0 危险的Sample文件检测

No description provided by source...

Miniweb 2.0 - Full Path Disclosure

Miniweb 2.0 - Full Path Disclosure Miniweb 2.0 Full Path Disclosure Name Miniweb 2.0 Vendor http://www.miniweb2.com Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-12 X. INDEX I. ABOUT THE APPLICATION II...

phpCollegeExchange 0.1.5c - Multiple SQL Injections

phpCollegeExchange 0.1.5c Multiple SQL Injection Vulnerabilities Name phpCollegeExchange Vendor http://phpcollegeex.sourceforge.net Versions Affected 0.1.5c Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-11 X...

Cross site scripting

Cross-site scripting XSS vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter...

CVE-2009-3911

Cross-site scripting XSS vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter...

CVE-2009-3911

TFTgallery 0.13 is vulnerable to a cross-site scripting (XSS) flaw in settings.php via the sample parameter, allowing remote injection of script/HTML. OpenVAS notes TFTgallery

CVE-2009-3911

Cross-site scripting XSS vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter...

Microsoft Windows Media Player Audio Voice Sample Rate Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists in the handling of Windows...

Xerver HTTP Server 4.32 Disclosure

Xerver HTTP Server v4.32 Remote Arbitrary Source Code Disclosure Found By: DrIDE Download: http://www.javascript.nu/xerver Tested On: Windows XPSP3 - Description - Xerver v4.32 is a Windows based HTTP server. This is the latest version of the application available. Xerver v4.32 is vulnerable to...

[SECURITY] Fedora 10 Update: OpenEXR-1.6.1-8.fc10

OpenEXR is a high dynamic-range HDR image file format developed by Indust rial Light & Magic for use in computer imaging applications. This package contai ns libraries and sample applications for handling the format...

[SECURITY] Fedora 11 Update: OpenEXR-1.6.1-8.fc11

OpenEXR is a high dynamic-range HDR image file format developed by Indust rial Light & Magic for use in computer imaging applications. This package contai ns libraries and sample applications for handling the format...

Adobe Flash (Embedded in PDF) LIVE VIRUS/MALWARE Exploit

Exploit for unknown platform in category local exploits ======================================================== Adobe Flash Embedded in PDF LIVE VIRUS/MALWARE Exploit ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0...

Advisory: Apple QuickTime Image Description Atom Sign Extension Memory Corruption

INTRODUCTION ============ According to QuickTime's specification, The sample description atom STSD stores information that allows QuickTime to decode samples in the media. It has the following structure: 0 DWORD Size 4 DWORD Type 8 BYTE Version 9 BYTE3 FLAGS 12 DWORD Number of entries 16 DWORD...