 |
|
|
|
| Apple Quicktime code execution | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8145 | | Type: |  | client | | Level: |  | 7/10 | | Description: |  | It's possible to execute script in browser's system context. |
| AOL Instant Messenger alerts spoofing | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8147 | | Type: |  | remote | | Level: |  | 5/10 |
| Multiple video players memory corruption | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8148 | | Type: |  | client | | Level: |  | 5/10 | | Description: |  | Memory corruption on malformed AVI file. |
| Apache crossite scripting | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8149 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crossite scripting with UTF-7 characters on directories listing and error messages. |
| Affected: |  | APACHE : Apache 2.2 | | CVE: |  | CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.) |
| Oracle Jinitiator ActiveX buffer overflow | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8140 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Multiple stack based buffer overflows. |
| Affected: |  | ORACLE : Jinitiator 1.1 | | CVE: |  | CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier allow remote attackers to execute arbitrary code via unspecified "initialization parameters.") |
| Ekiga VoIP/video application DoS | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8144 | | Type: |  | client | | Level: |  | 5/10 | | Description: |  | SIPURL::GetHostAddress() invalid memory allocation. |
MIT Kerberos buffer overflow updated since 06.09.2007 | | Published: |  | 13.09.2007 | | Source: |  | CVE | | SecurityVulns ID: |  | 8119 | | Type: |  | library | | Level: |  | 7/10 | | Description: |  | Buffer overflow on oversized string in RPC library svcauth_gss_validate() function. |
| Affected: |  | MIT : krb5 1.6 | | CVE: |  | CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and possibly third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 13.09.2007 | | Source: |  | | | SecurityVulns ID: |  | 8141 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Autodesk Backburner backdoor | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8146 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Service accepts commands thorugh TCP/3234. |
| Affected: |  | AUTODESK : Backburner 3.0 | | CVE: |  | CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote attackers to execute arbitrary commands on render servers by queueing jobs that contain these commands. NOTE: this is only a vulnerability in environments in which the administrator has not followed documentation that outlines the security risks of operating Backburner on untrusted networks.) |
| X.Org X server composite extention buffer overflow | | Published: |  | 13.09.2007 | | Source: |  | CVE | | SecurityVulns ID: |  | 8142 | | Type: |  | local | | Level: |  | 5/10 |
| Affected: |  | XORG : X.Org 1.3 | | CVE: |  | CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap.) |
| RSA Envision crossite scripting | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8143 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crossite scripting with username. |
| Quagga bgpd BGP routing daemon DoS | | Published: |  | 13.09.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8150 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crash on invalid OPEN and UPDATE requests. |
|
|
|
|
|
|
|
|