CVE-2007-1321

Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to trigger a heap-based buffer overflow via certain register values that bypass sanity checks, aka QEMU NE2000 "receive" integer signedness error. NOTE: this identifier wa...

openSUSE 10 Security Update : openldap2 (openldap2-1917)

This fixes a bug in the Access Control Processing that allowed users with 'selfwrite' access to an attribute to modify arbitrary values of that attribute, instead of just allowing them to add/delete their own DN to/from that attribute. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

Debian DSA-1385-1 : xfs - several vulnerabilities

Sean Larsson discovered that two code paths inside the X Font Server handle integer values insecurely, which may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

[SECURITY] [DSA 1385-1] New xfs packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1385-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 9th, 2007 http://www.debian.org/security/faq -...

CVE-2007-5229

Cross-site request forgery CSRF vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurnerFeedSmithPlugin.php, as demonstrated by the ...

CVE-2007-4568

Integer overflow in the buildrange function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow...

CVE-2007-4990

The swapchar2b function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password and rpassword parameters, possibly related to timestamp values...

CVE-2007-5060

Cross-site request forgery CSRF vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password and rpassword parameters, possibly related to timestamp values...

Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:186)

An integer overflow in the TIFF parser in OpenOffice.org prior to version 2.3 allows remote attackers to execute arbitrary code via a TIFF file with crafted values which triggers the allocation of an incorrect amount of memory which results in a heap-based buffer overflow. Updated packages have...

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org OOo before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite StarSuite; allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of...

CVE-2007-3871

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...

CVE-2007-3871

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...

CVE-2007-4740

The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method...

CVE-2007-4609

eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessi...

Gdm denial of service

The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...

CVE-2007-3381

The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...

CVE-2007-3381

The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...