 |
|
|
|
MIT Kerberos buffer overflow
updated since 06.09.2007 | | Published: |  | 13.09.2007 | | Source: |  | CVE | | SecurityVulns ID: |  | 8119 | | Type: |  | library | | Level: |  | 7/10 | | Description: |  | Buffer overflow on oversized string in RPC library svcauth_gss_validate() function. |
| Affected: |  | MIT : krb5 1.6 | | CVE: |  | CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and possibly third-party applications that use krb5, allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long string in an RPC message.) |
| Original document |  | ZDI, ZDI-07-052: Multiple Kerberos Implementations Authentication Context Stack Overflow Vulnerability (13.09.2007) |
| Oracle Jinitiator ActiveX buffer overflow | | Published: | | 13.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8140 | | Type: | | client | | Level: | | 6/10 | | Description: | | Multiple stack based buffer overflows. |
| Affected: | | ORACLE : Jinitiator 1.1 | | CVE: | | CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier allow remote attackers to execute arbitrary code via unspecified "initialization parameters.") |
| Original document | | Integrigy Security Alerts, Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information (13.09.2007) |
| Ekiga VoIP/video application DoS | | Published: | | 13.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8144 | | Type: | | client | | Level: | | 5/10 | | Description: | | SIPURL::GetHostAddress() invalid memory allocation. |
| Affected: | | EKIGA : Ekiga 2.0 |
| Original document | | labs_(at)_s21sec.com, S21SEC-036-EN Ekiga <= 2.0.5 Denial of service (13.09.2007) |
| Apple Quicktime code execution | | Published: | | 13.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8145 | | Type: | | client | | Level: | | 7/10 | | Description: | | It's possible to execute script in browser's system context. |
| Affected: | | APPLE : QuickTime 7.1 |
| Original document | | pdp (architect), 0DAY: QuickTime pwns Firefox (13.09.2007) |
| AOL Instant Messenger alerts spoofing | | Published: | | 13.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8147 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | AOL : Instant Messenger 6.1 |
| Original document | | shell_(at)_dotshell.net, AIM Arbitrary HTML Display in Notification Window (13.09.2007) |
| Multiple video players memory corruption | | Published: | | 13.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8148 | | Type: | | client | | Level: | | 5/10 | | Description: | | Memory corruption on malformed AVI file. |
| Affected: | | MPLAYER : MPlayer 1.0 | | | | MPC : Media Player Classic 6.4 | | | | MYMPC : mympc 1.0 | | | | STORMPLAYER : StormPlayer 1.0 | | | | KMPLAYER : KMPlayer 2.9 |
| Original document | | vulnhunt_(at)_gmail.com, CAL-20070912-1 Multiple vendor produce handling AVI file vulnerabilities (13.09.2007) |
| Apache crossite scripting | | Published: | | 13.09.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8149 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting with UTF-7 characters on directories listing and error messages. |
| Affected: | | APACHE : Apache 2.2 | | CVE: | | CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.) |
| Original document | | Maksymilian Arciemowicz, Apache2 Undefined Charset UTF-7 XSS Vulnerability (13.09.2007) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 13.09.2007 | | Source: | | | | SecurityVulns ID: | | 8141 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| |
|
| |
