CVE-2007-3467

Integer overflow in the statusUpdate function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a WAV file with a large sample rate...

DEBIAN-CVE-2007-3467

Integer overflow in the statusUpdate function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a WAV file with a large sample rate...

CVE-2007-3467

Integer overflow in the statusUpdate function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a WAV file with a large sample rate...

CVE-2007-3467

Integer overflow in the statusUpdate function in stats.c VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a WAV file with a large sample rate...

myserver-xss.txt

MyServer-0.8.9 - xss in sample cgi page ---------------------------------------- site: http://www.myserverproject.net/ poc: ---- http://localhost/cgi-bin/post.mscgi Post:alert'xss'; Found By Shay Priel aka Prili...

Tomcat Sample App hello.jsp 'test' Parameter XSS

The remote web server includes an example JSP application that fails to sanitize user-supplied input before using it to generate dynamic content in an error page. An unauthenticated, remote attacker can exploit this issue to inject arbitrary HTML or script code into a user's browser to be execute...

[CVE-2007-1355] Tomcat documentation XSS vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-1355: Tomcat documentation XSS vulnerabilities Severity: Moderate Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.0.0 to 4.0.6 Tomcat 4.1.0 to 4.1.36 Tomcat 5.0.0 to 5.0.30 Tomcat 5.5.0 to 5.5.23 Tomcat...

tomcat -- XSS vulnerability in sample applications

The Apache Project reports: The JSP and Servlet included in the sample application within the Tomcat documentation webapp did not escape user provided data before including it in the output. This enabled a XSS attack. These pages have been simplified not to use any user provided data in the outpu...

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor STSD atom size in a QuickTime movie...

CVE-2007-0754

Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor STSD atom size in a QuickTime movie...

CVE-2007-1871.txt

Cross site scripting in chcounter 3.1.3 security advisory References: http://chcounter.org/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1871 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be use...

CVE-2007-1871: Cross site scripting in chcounter 3.1.3

Cross site scripting in chcounter 3.1.3 security advisory References: http://chcounter.org/ https://vulners.com/cve/CVE-2007-1871 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session...

Code injection

Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 before 20070315 allows remote attackers to "gain unauthorized access to data", possibly involving a sample application...

Opera 9.10 - '.jpg' Image DHT Marker Heap Corruption

Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457...

Apple iTunes integer overflow

Inter overflow on AAC files parsing .M4A, .M4P with invalid samplesizetable value...

Integer overflow

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...

CVE-2006-1467

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...

CVE-2006-2205

The audiowrite function in NetBSD 3.0 allows local users to cause a denial of service kernel crash by using the audiosetinfo ioctl to change the sample rate of an audio device...

CVE-2006-2205

The audiowrite function in NetBSD 3.0 allows local users to cause a denial of service kernel crash by using the audiosetinfo ioctl to change the sample rate of an audio device...

Mandrake Linux Security Advisory : kernel (MDKSA-2006:040)

A number of vulnerabilities were discovered and corrected in the Linux 2.6 kernel : The udpv6getport function in udp.c, when running IPv6, allows local users to cause a Denial of Service infinite loop and crash CVE-2005-2973. The mqopen system call in certain situations can decrement a counter...