 |
|
|
|
| PHP multiple Denial of Service conditions | | Published: |  | 20.11.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8362 | | Type: |  | library | | Level: |  | 6/10 | | Description: |  | Multiple denial of service conditions. |
| Affected: |  | PHP : PHP 5.2 | | CVE: |  | CVE-2007-5900 | | | | CVE-2007-5899 | | | | CVE-2007-5898 | | | | CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerability.) | | | | CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode_headers, (3) iconv_mime_decode, or (4) iconv_strlen function. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.) | | | | CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution.) |
Firefox / Konqueror / Safari certificate spoofing
updated since 19.11.2007 | | Published: | | 20.11.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 8359 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Link between certificate and web site is not set, if certificate from unknown certification authirity is manually approved, making it's possible to use same certificate for different site withour warning. |
| Citrix NetScaler crossite scripting | | Published: | | 20.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8365 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting in /ws/generic_api_call.pl. |
| Belkin wireless routers denial of service | | Published: | | 20.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8363 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Router is vulnerable to SYN-flood attack. |
| Alcatel OmniPCX audio stream hijack | | Published: | | 20.11.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8364 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to hijack audio strem from server by sending TFTP request with filename containing victim's IP. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 20.11.2007 | | Source: | | | | SecurityVulns ID: | | 8361 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
HBH-Fusion: CAPTCHA protection bypass. |
|
|
|
|
|
|
|
|
