Computer Security
[EN] securityvulns.ru no-pyccku


Apache Tomcat Accept-Language crossite scripting
Published:19.06.2007
Source:
SecurityVulns ID:7823
Type:remote
Threat Level:
4/10
Description:Crossite scripting with invalid Accept-Language header.
Affected:APACHE : Tomcat 4.0
 APACHE : Tomcat 4.1
 APACHE : Tomcat 5.0
 APACHE : Tomcat 5.5
 APACHE : Tomcat 6.0
CVE:CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".)
Original documentdocumentAPACHE, [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing (19.06.2007)

Trillian instant messenger buffer overflow
updated since 19.06.2007
Published:19.06.2007
Source:
SecurityVulns ID:7824
Type:remote
Threat Level:
6/10
Description:Invalid processing of UTF-8 text.
Affected:TRILLIAN : Trillian 3.1
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.18.07: Cerulean Studios Trillian UTF-8 Word Wrap Heap Overflow Vulnerability (19.06.2007)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 19.06.2007
Published:19.06.2007
Source:
SecurityVulns ID:7825
Type:remote
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:YABB : YaBB 2.1
 IGSHOP : iG Shop 1.4
Original documentdocumentMatteo Carli, Persistent cross-site scripting in wordpress.com dashboard (19.06.2007)
 documentkrasza_(at)_gmail.com, Local File Include Vulnerabilities in YaBB <= 2.1(all version) (19.06.2007)
 documentifx_(at)_cupu.us, iG Shop 1.4 eval Inclusion Vulnerability (19.06.2007)
 documentIvan Almuina, fusetalk SQL (autherror.cfm) (19.06.2007)
Files:iG Shop 1.4 eval Inclusion Vulnerability

MaraDNS DoS
updated since 19.06.2007
Published:19.06.2007
Source:
SecurityVulns ID:7826
Type:remote
Threat Level:
5/10
Description:Dynamic memory leak on unsupported query class or opcode .
Affected:MARADNS : MaraDNS 1.2
 MARADNS : MaraDNS 1.3
Original documentdocumentJoгo Antunes, MaraDNS denial of service vulnerabilities (19.06.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod