CVE-2007-3659

Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 allows local users to execute arbitrary code via a crafted BROWSER environment variable. NOTE: it is not clear whether this issue crosses privilege boundaries...

Information disclosure

Unspecified vulnerability in the G/PGP GPG Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpgsignattachment function, aka ZD-00000004. this information is based upon a...

CVE-2007-3508

Integer overflow in the processenvvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LDHWCAPMASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution...

CVE-2007-3508

Integer overflow in the processenvvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LDHWCAPMASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution...

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows remote attackers to bypass the Same Origin Policy and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute to a file:// location, ...

CVE-2007-2835

Multiple stack-based buffer overflows in 1 CCEpinyin.c and 2 xlpinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable...

DEBIAN-CVE-2007-2835

Multiple stack-based buffer overflows in 1 CCEpinyin.c and 2 xlpinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable...

Stack overflow

Multiple stack-based buffer overflows in 1 CCEpinyin.c and 2 xlpinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable...

CVE-2007-2835

Multiple stack-based buffer overflows in 1 CCEpinyin.c and 2 xlpinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable...

CVE-2007-2835

Multiple stack-based buffer overflows in 1 CCEpinyin.c and 2 xlpinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable...

PT-2007-1104 · Gnu · Glibc

Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.5-rc4 Description: The issue is related to an integer overflow in the process envvars function in elf/rtld.c in glibc. This might allow local users to execute arbitrary code via a large LD HWCAP MASK environment...

[Full-disclosure] POWER PHLOGGER v.2.2.5 (username) SQL Injection

POWER PHLOGGER v.2.2.5 username SQL Injection Author: Attila Gerendi Darkz Date: June 25, 2007 Package: POWER PHLOGGER http://www.phpee.com/ Versions Affected: v.2.2.5 Other versions may also be affected Severity: SQL Injection Description: Input passed to the "username" parameter in "login.php"...

unicon-imc2 code execution

Unsafe environment variable usage...

[SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow

------------------------------------------------------------------------ Debian Security Advisory DSA-1328 [email protected] http://www.debian.org/security/ Steve Kemp July 01, 2007 - ------------------------------------------------------------------------ Package : unicon-imc2 Vulnerability :...

DSA-1328-1 unicon - buffer overflow

Bulletin has no description...

CVE-2007-3497

Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable...

CVE-2007-3497

Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable...

Cross site scripting

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...

CVE-2007-3482

CVE-2007-3482 concerns Cross-domain vulnerability in Apple Safari for Windows 3.0.1 where JavaScript can overwrite the document variable and statically set document.domain, allowing a remote attacker to bypass the same-origin policy and access restricted information from other domains. The connec...

CVE-2007-3482

Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute...