 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 15.10.2007 | | Source: |  | | | SecurityVulns ID: |  | 8253 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| TK graphics library buffer overflow | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8258 | | Type: | | library | | Level: | | 6/10 | | Description: | | Buffer overflow on GIF images parsing |
| CVE: |  | CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) before 8.4.16 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first.) |
| Cisco CallManager / OpenSer authentication relaying attacks | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8262 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Insufficient Digest authentication validation allows active man-in-the-middle to access resources unrequested by client. |
| Linux Madwifi wireless drivers DoS | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8252 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Assert on oversized "extended supported rates" beacon frame. |
| VImpX ActiveX buffer overflow | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8254 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow with oversized RejectRecordFile paramater. |
| Microsoft Internet Explorer executable files download filter protection bypass | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8255 | | Type: | | client | | Level: | | 4/10 | | Description: | | It's possible to upload file to temporary internet files folder by adding GET parameters to filename, e.g. http://example.com/program.exe?1.cda/ |
| Opal library / Ekiga memory corruption | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8259 | | Type: | | library | | Level: | | 6/10 | | Description: | | Insufficient SIP Content-Length validation allows to overwrite single byte of memory. |
| Apache Tomcat WebDav directory traversal | | Published: | | 15.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8260 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to retrieve file by aboslute path with LOCK DAV request. |
| Netgear SSL312 crossite scripting | | Published: | | 15.10.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 8261 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting with Web interface. |
Live for Speed game buffer overflow
updated since 15.10.2007 | | Published: | | 26.12.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8256 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow on skin file parsing. |
HP Select Identity unauthorized access
updated since 15.10.2007 | | Published: | | 07.02.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8257 | | Type: | | remote | | Level: | | 5/10 |
|
|
|
|
|
|
|
|
