CVE-2007-3106

lib/info.c in libvorbis 1.1.2, and possibly other versions before 1.2.0, allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via invalid 1 blocksize0 and 2 blocksize1 values, which trigger a "heap overwrite" in the 01inverse function in res0.c. NOTE...

CVE-2006-4519

Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in 1 DICOM, 2 PNM, 3 PSD, 4 PSP, 5 Sun RAS, 6 XBM, and 7 XWD files...

CVE-2007-3536

Multiple buffer overflows in the AMX NetLinx VNC AmxVnc ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long 1 Host, 2 Password, or 3 LogFile property values...

CVE-2007-3528

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

CVE-2007-3528

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by 1 discarding random bits by the blowfish::makeivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and 2 direct use of a password for keying, which makes it easier for context-dependent...

DEBIAN-CVE-2007-3477

The a imagearc and b imagefilledarc functions in GD Graphics Library libgd before 2.0.35 allow attackers to cause a denial of service CPU consumption via a large 1 start or 2 end angle degree value...

Design/Logic Flaw

Array index error in gdgifin.c in the GD Graphics Library libgd before 2.0.35 allows user-assisted remote attackers to cause a denial of service crash and heap corruption via large color index values in crafted image data, which results in a segmentation fault...

CVE-2007-3477

The a imagearc and b imagefilledarc functions in GD Graphics Library libgd before 2.0.35 allow attackers to cause a denial of service CPU consumption via a large 1 start or 2 end angle degree value...

Debian DSA-1320-1 : clamav - several vulnerabilities

Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2650 It was discovered that the OLE2 parser can be tricked into an infinite loop and memory exhaustion. - CVE-2007-30...

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

DEBIAN-CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

CVE-2007-3151

rpttop.htm in the web management interface in Packeteer PacketShaper 7.3.0g2 and 7.5.0g1 allows remote attackers to cause a denial of service device reboot via a request with empty values of the OP.MEAS.DATAQUERY and MEAS.TYPE parameters...

CVE-2007-3089

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Code injection

Mozilla Firefox before 2.0.0.5 does not prevent use of document.write to replace an IFRAME 1 during the load stage or 2 in the case of an about:blank frame, which allows remote attackers to display arbitrary HTML or execute certain JavaScript code, as demonstrated by code that intercepts keystrok...

Authentication flaw

The Scheduler Service VxSchedService.exe in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create 1 PreScript or 2 PostScript registry values under...

CVE-2007-2279

The Scheduler Service VxSchedService.exe in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create 1 PreScript or 2 PostScript registry values under...

CVE-2007-2669

Multiple cross-site scripting XSS vulnerabilities in PHPChain 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the catid parameter to 1 settings.php or 2 cat.php. NOTE: certain parameter values also trigger path disclosure...

CVE-2006-7195

Cross-site scripting XSS vulnerability in implicit-objects.jsp in Apache Tomcat 5.0.0 through 5.0.30 and 5.5.0 through 5.5.17 allows remote attackers to inject arbitrary web script or HTML via certain header values...

Fixed in Apache Tomcat 5.5.18, 5.0.SVN

Moderate: Cross-site scripting CVE-2006-7195 The implicit-objects.jsp in the examples webapp displayed a number of unfiltered header values. This enabled a XSS attack. These values are now filtered. Affects: 5.0.0-5.0.30, 5.5.0-5.5.17...