 |
|
|
|
| OpenOffice buffer overflow | | Published: |  | 14.06.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7813 | | Type: |  | client | | Level: |  | 6/10 | | Description: |  | Ivalid dynamic memory allocation on RTF document prtdata tag parsing. |
| Affected: |  | OPENOFFICE : OpenOffice 2.2 | | CVE: |  | CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overflow.) | | | | CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.) |
| libgd PNG DoS | | Published: | | 14.06.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7814 | | Type: | | library | | Level: | | 5/10 | | Description: | | Resource exhaustion on PNG parsing. |
| Spamassasin local DoS | | Published: | | 14.06.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7816 | | Type: | | local | | Level: | | 4/10 | | Description: | | It's possible to overwrite arbitrary file. |
| CVE: | | CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as root in unusual configurations using vpopmail or virtual users, allows local users to cause a denial of service (corrupt arbitrary files) via a symlink attack on a file that is used by spamd.) |
| Apache Tomcat crossite scripting | | Published: | | 14.06.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7815 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting with Manager / Host Manager or JSP pages examples. |
| Affected: | | APACHE : Tomcat 4.0 | | | | APACHE : Tomcat 4.1 | | | | APACHE : Tomcat 5.0 | | | | APACHE : Tomcat 5.5 | | | | APACHE : Tomcat 6.0 | | CVE: | | CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.) | | | | CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.) |
|
|
|
|
|
|
|
|
