 |
|
|
|
| McAfee multiple antiviral products Security Center ActiveX buffer overflow | | Published: |  | 12.05.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7699 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Buffer overflow in IsOldAppInstalled() function. |
| PHP libxmlrpc buffer overflow | | Published: | | 12.05.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7704 | | Type: | | library | | Level: | | 6/10 |
| Affected: |  | PHP : PHP 4.4 | | | | PHP : PHP 5.2 | | CVE: |  | CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, and 5.x before 5.2.2, has unknown impact and remote attack vectors.) |
| Novell NetMail buffer overflow | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7706 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Stack based overflow in NMDMC.EXE on SSL access. |
| Apple Darwin Streaming Proxy multiple buffer overflows | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7707 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple buffer overflows on parsing different commands. |
| TFTPdWin TFTP server directory traversal | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7708 | | Type: | | remote | | Level: | | 5/10 |
CA eTrust antivirus multiple security vulnerabilities
updated since 11.05.2007 | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7696 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Local buffer overflow in task scheduler, remote buffer overflow in antiviral server (TCP/12168). |
| vim sandbox protection bypass | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7697 | | Type: | | local | | Level: | | 5/10 | | Description: | | Potentially dangerous functions are allowed in modeline processing. |
| Affected: | | VIM : vim 7.0 | | CVE: | | CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted attackers to execute shell commands and write files via modelines.) |
| Sun Solaris srsexec unauthorized files accesss | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7705 | | Type: | | local | | Level: | | 5/10 | | Description: | | By using combination of -d and -v command line options it's possible to read first line of any file. |
| ISC BIND named DoS | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7698 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS on SOA records processing if recursion is enabled. |
| Affected: | | BIND : bind 9.4 | | | | BIND : bind 9.5 | | CVE: | | CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.) |
| Symantec Norton Internet Security Code Execution | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7701 | | Type: | | client | | Level: | | 5/10 | | Description: | | Invalid processing of exceptional conditions allows to access ActiveX not makrked as safe for scripting. |
| Affected: | | SYMANTEC : Norton Internet Security 2006 | | | | SYMANTEC : Norton AntiVirus 2006 | | CVE: | | CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.) |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.05.2007 | | Published: | | 12.05.2007 | | Source: | | | | SecurityVulns ID: | | 7702 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Multiple ActiveX security vulnerabilities | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7703 | | Type: | | client | | Level: | | 4/10 | | Description: | | DoS conditions. |
Apple QuickTime / iTunes multiple vulnerabilities
updated since 12.01.2006 | | Published: | | 12.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5620 | | Type: | | client | | Level: | | 6/10 | | Description: | | Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing. |
| Affected: | | APPLE : QuickTime 7.0 | | CVE: | | CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.) |
| Original document |  | 3COM, TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability (12.05.2007) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability" (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability" (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces (13.01.2006) |
| | | Fortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability (13.01.2006) |
| | | CERT, US-CERT Technical Cyber Security Alert TA06-011A -- Apple QuickTime Vulnerabilities (12.01.2006) |
| | | EEYE, [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow (12.01.2006) |
| | | EEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006) |
| | | EEYE, [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow (12.01.2006) |
| | | EEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006) |
Cisco IOS embedded FTP server multiple security vulneraiblities
updated since 12.05.2007 | | Published: | | 21.08.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7700 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS, unauthorized access, directory traversal. |
|
|
|
|
|
|
|
|
