Apple QuickTime multiple security vulnerabilities updated since 06.11.2007
Published:		15.11.2007
Source:		BUGTRAQ
SecurityVulns ID:		8320
Type:		remote
Level:		7/10
Description:		Multiple buffer overflows and memory corruption on different graphics and video file formats.

Affected:		APPLE : QuickTime 7.2
CVE:		CVE-2007-4677
		CVE-2007-4676
		CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.)
		CVE-2007-4674
		CVE-2007-4672

Original document		DVLabs, TPTI-07-20: Apple Quicktime Movie Stack Overflow Vulnerability (15.11.2007)
		vulndev 48bits, [48Bits Advisory] QuickTime Panorama Sample Atom Heap Overflow (14.11.2007)
		CERT, US-CERT Technical Cyber Security Alert TA07-310A -- Apple QuickTime Updates for Multiple Vulnerabilities (07.11.2007)
		IDEFENSE, iDefense Security Advisory 11.05.07: Apple QuickTime Panorama Sample Atom Heap Buffer Overflow Vulnerability (06.11.2007)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 15.11.2007
Published:		17.11.2007
Source:
SecurityVulns ID:		8347
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		RUBY : Ruby on Rails 1.2
		LIFERAY : Liferay Portal Enterprise 4.1
CVE:		CVE-2007-5380
		CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values.)

Original document		thetaung_(at)_gmail.com, Javamail login username and password same email problem (17.11.2007)
		ProCheckUp Research, PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter) (17.11.2007)
		MC Iglo, Aida-Web Information Exposure (17.11.2007)
		admin_(at)_biyofrm.com, Sciurus Hosting Panel Code İnjection (17.11.2007)
		GENTOO, [ GLSA 200711-17 ] Ruby on Rails: Multiple vulnerabilities (15.11.2007)

Files:		Exploits Sciurus Hosting Panel Code injection
Discuss:		Read or add your comments to this news (0 comments)

Apple Mac OS X multiple security vulnerabilities updated since 15.11.2007
Published:		17.11.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		8348
Type:		remote
Level:		6/10
Description:		Mach ports privilege escalation. Multiple Appletalk protocol handling vulnerabilities. ldt privilege escalation.

Affected:		APPLE : MacOS X 10.3
		APPLE : MacOS X 10.4
CVE:		CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a crafted AppleTalk Session Protocol (ASP) message on an AppleTalk socket, which triggers a heap-based buffer overflow.)
		CVE-2007-4268
		CVE-2007-4267
		CVE-2007-3749

Original document		RISE Security, [RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability (17.11.2007)
		RISE Security, [Full-disclosure] [RISE-2007004] Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability (16.11.2007)
		tk_(at)_trapkit.de, [TKADV2007-001] Mac OS X TIOCSETD IOCTL Kernel Memory Corruption Vulnerability (16.11.2007)
		CERT, US-CERT Technical Cyber Security Alert TA07-319A -- Apple Updates for Multiple Vulnerabilities (16.11.2007)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 11.14.07: Apple Mac OS X AppleTalk mbuf Kernel Heap Overflow Vulnerability (15.11.2007)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 11.14.07: Apple Mac OS X Mach Port Inheritance Privilege Escalation Vulnerability (15.11.2007)

Files:		Exploits Apple Mac OS X 10.4.x Kernel i386_set_ldt() Integer Overflow Vulnerability
Discuss:		Read or add your comments to this news (0 comments)