CVE-2007-3468

input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a crafted WAV file that causes an uninitialized inbresamplers variable to be used...

DEBIAN-CVE-2007-3468

input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a crafted WAV file that causes an uninitialized inbresamplers variable to be used...

CVE-2007-3468

input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a crafted WAV file that causes an uninitialized inbresamplers variable to be used...

CVE-2007-3468

input.c in VideoLAN VLC Media Player before 0.8.6c allows remote attackers to cause a denial of service crash via a crafted WAV file that causes an uninitialized inbresamplers variable to be used...

[Full-disclosure] Overwrite variables eqDKP 1.3.2d and prior (login.php)

If you want to run old code that relies on registerglobals temporarily, make sure you use one of the non-overwriting extracttype values such as EXTRSKIP and be aware that you should extract in the same order that's defined in variablesorder within the php.ini ----- eqDKP 1.3.2d and prior login.ph...

VLC 0.8.6b format string vulnerability & integer overflow

iSEC Partners Security Advisory - 2007-001-vlc http://www.isecpartners.com ---------------------------------------------- VLC 0.8.6b format string vulnerability & integer overflow Vendor: VideoLan Vendor URL: http://www.videolan.org Systems Affected: Confirmed on Windows XP, FreeBSD 6.2, MacOS X...

CVE-2007-3205

The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...

CVE-2007-3205

Summary: CVE-2007-3205 affects the parse_str function in PHP, Hardened-PHP, and Suhosin when called without a second parameter. The vulnerability allows a remote attacker to overwrite arbitrary variables by supplying variable names and values in the string to be parsed. The description notes unce...

Design/Logic Flaw

sudo, when linked with MIT Kerberos 5 krb5, does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5 environment variable settings. NOTE: another researcher...

CVE-2007-3149

sudo, when linked with MIT Kerberos 5 krb5, does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5 environment variable settings. NOTE: another researcher...

MIT krb5: makes sudo authentication issue MUCH worse.

On Wed, Jun 06, 2007 at 11:19:01PM -0400, Thor Lancelot Simon wrote: On Wed, Jun 06, 2007 at 09:57:25PM -0400, Thor Lancelot Simon wrote: But woe betide any system administrator who accidentally puts a Kerberos-enabled sudo on a host that's configured as a Kerberos client only! Actually, if you...

Code injection

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition SAV CE 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via...

vlc -- format string vulnerability and integer overflow

isecpartners reports: VLC is vulnerable to a format string attack in the parsing of Vorbis comments in Ogg Vorbis and Ogg Theora files, CDDA data or SAP/SDP service discovery messages. Additionally, there are two errors in the handling of wav files, one a denial of service due to an uninitialized...

hlstarts-xss2.txt

HLstats v1.35 - Cross-Site Scripting Vulnerability 2 HLstats v1.35 - Cross-Site Scripting Vulnerability 2 discovered by John Martinelli of RedLevel Security Google d0rk: "generated in real-time by HLstats" file hlstats.php - variable action - method get alert1"...

[Full-disclosure] PsychoStats 3.0.6b and prior

newtheme variable only expects "sane" behaivor, no arguement or an arguement with any special character, etc.. will cause it to error and display the full path to $pathtohlstats/includes/smarty/Smarty.class.php $pathtohlstats/server.php?newcss=styles.css&newtheme=00 Ex: Warning: Smarty error:...

RedLevel Advisory #015 - Redoable 1.2 Cross-Site Scripting Vulnerability (patch included)

note to editors: this patch resolves this vulnerability: http://redlevel.org/wp-content/uploads/patch.zip !-- Redoable 1.2 - Cross-Site Scripting Vulnerability --------------- Vulnerable Code --------------- header.php line 6: ... elseif issearch ? Search for ?php echo $s ... searchloop.php line...

CVE-2007-2728

The soap extension in PHP calls phprandr with an uninitialized seed variable, which has unknown impact and attack vectors, a related issue to the mcryptcreateiv issue covered by CVE-2007-2727. Note: The PHP team argue that this is not a valid security issue...

CVE-2007-2728

CVE-2007-2728 concerns the PHP soap extension calling php_rand_r with an uninitialized seed variable. The impact and attack vectors are not clearly defined in the provided documents; it is noted as related to CVE-2007-2727 and the PHP team argued it is not a valid security issue. No exploitation ...

PT-2007-4044 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP affected versions not specified Description: A design error in the make http soap request function in PHP's soap extension causes it to call php rand r with an uninitialized variable, potentially leading to weak encryption of sensitive...

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution

webdesproxy 0.0.1 - exec-shield GET Remote Code Execution / Fedora Core 6 exec-shield based Webdesproxy webdesproxy-0.0.1.tgz remote root exploit reverse connect-back method by Xpl017Elz Advanced exploitation in exec-shield Fedora Core case study URL:...