 |
|
|
|
| OpenAFS race conditions | | Published: |  | 12.01.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8558 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Race conditions on acquiring and giving back file callbacks. |
| Affected: |  | OPENAFS : OpenAFS 1.3 | | | | OPENAFS : OpenAFS 1.4 | | | | IMAGEALBUM : ImageAlbum 2.0 | | CVE: |  | CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes the handler for the GiveUpAllCallBacks RPC to perform linked-list operations without the host_glock lock.) |
Apple QuickTime Player buffer overflow
updated since 12.01.2008 | | Published: | | 12.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8556 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow on HTTP error message displaying. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 12.01.2008 | | Source: | | | | SecurityVulns ID: | | 8557 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
|
| Affected: | | MTCMS : MTCMS 2.0 | | | | MOODLE : Moodle 1.8 | | CVE: | | CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.) |
Apache multiple security vulnerabilities
updated since 12.01.2008 | | Published: | | 24.01.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8559 | | Type: | | remote | | Level: | | 5/10 | | Description: | | mod_proxy_balancer сrossite scripting, crossite requests forgery, memory corruption, DoS, mod_proxy_ftp and mod_status, mod_negotiation - crossite scripting. |
| Affected: | | APACHE : Apache 1.3 | | | | APACHE : Apache 2.0 | | | | APACHE : Apache 2.2 | | CVE: | | CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before 2.0.62-dev, and 1.3.x before 1.3.40-dev does not define a charset, which allows remote attackers to conduct cross-site scripting (XSS) attacks using UTF-7 encoding.) | | | | CVE-2007-6423 | | | | CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6, when a threaded Multi-Processing Module is used, allows remote authenticated users to cause a denial of service (child process crash) via an invalid bb variable.) | | | | CVE-2007-6421 | | | | CVE-2007-6420 | | | | CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.) |
|
|
|
|
|
|
|
|
