tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

[SECURITY] [DSA 1385-1] New xfs packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1385-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 9th, 2007 http://www.debian.org/security/faq -...

CVE-2007-5229

Cross-site request forgery CSRF vulnerability in the FeedBurner FeedSmith 2.2 plugin for WordPress allows remote attackers to change settings and hijack blog feeds via a request to wp-admin/options-general.php that submits parameter values to FeedBurnerFeedSmithPlugin.php, as demonstrated by the ...

CVE-2007-4568

Integer overflow in the buildrange function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values, which triggers a heap-based buffer overflow...

CVE-2007-4990

The swapchar2b function in X.Org X Font Server xfs before 1.0.5 allows context-dependent attackers to execute arbitrary code via 1 QueryXBitmaps and 2 QueryXExtents protocol requests with crafted size values that specify an arbitrary number of bytes to be swapped on the heap, which triggers heap...

tomcat handling of cookie values

Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the " character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password and rpassword parameters, possibly related to timestamp values...

CVE-2007-5060

Cross-site request forgery CSRF vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password and rpassword parameters, possibly related to timestamp values...

Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:186)

An integer overflow in the TIFF parser in OpenOffice.org prior to version 2.3 allows remote attackers to execute arbitrary code via a TIFF file with crafted values which triggers the allocation of an incorrect amount of memory which results in a heap-based buffer overflow. Updated packages have...

CVE-2007-2834

Integer overflow in the TIFF parser in OpenOffice.org OOo before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite StarSuite; allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of...

CVE-2007-3871

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...

CVE-2007-3871

Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service stamp invalidation via a SOAP request with an id value for a stamp that has not yet been printed...

CVE-2007-4740

The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method...

CVE-2007-4609

eyeOS uses predictable checksum values in the checknum parameter for access control, which allows remote attackers to register many accounts via doCreateUser actions, add many eyeBoard messages via addMsg actions, and cause a denial of service or conduct certain unauthorized activities, by guessi...

Gdm denial of service

The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...

CVE-2007-3381

The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...

CVE-2007-3381

The GDM daemon in GNOME Display Manager GDM before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the gstrsplit function, which allows local users to cause a denial of service persistent daemon crash via a crafted...

CVE-2007-3381

CVE-2007-3381 affects the GDM daemon in GNOME Display Manager. The flaw stems from improper handling of NULL return values from g_strsplit, allowing a local attacker to crash the daemon (denial of service) via a crafted command to the daemon socket. Affected: GDM before 2.14.13; 2.16.x before 2.1...

PHP glob code execution

With negative argument values it's possible to executed code from address space controlled by attacker...

CVE-2007-3106

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid 1 blocksize0 and 2 blocksize1 values, which trigger a "heap overwrite" in the 01inverse function in res0.c. NOTE...