 |
|
|
|
Multiple PDF library PDF parsing DoS
updated since 18.01.2007 | | Published: |  | 21.01.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7067 | | Type: |  | library | | Level: |  | 5/10 | | Description: |  | Infinite loop on page model tree parsing. |
| Affected: |  | XPDF : xpdf 3.0 | | | | KDE : KDE 3.4 | | | | ADOBE : Acrobat Reader 7.0 | | | | KDE : koffice 1.4 | | | | POPPLER : poppler 0.4 | | | | PDFTOHTML : pdftohtml 0.36 | | | | TETEX : tetex 3.0 | | | | JADETEX : jadetex 3.12 | | | | APPLE : Preview.app 3.0 | | CVE: |  | CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.) | | | | CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.) | | | | CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.) |
VLC Media Player buffer overflow
updated since 03.01.2007 | | Published: | | 21.01.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 6990 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized udp:// URI during M3U file parsing. |
| Affected: | | XINE : xine 0.99 | | | | VLC : VLC Media Player 0.8 | | CVE: | | CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.) | | | | CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.) | | | | CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler function in modules/access/cdda/access.c in the CDDA (libcdda_plugin) plugin, and the (2) cdio_log_handler and (3) vcd_log_handler functions in modules/access/vcdx/access.c in the VCDX (libvcdx_plugin) plugin, in VideoLAN VLC 0.7.0 through 0.8.6 allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an invalid URI, as demonstrated by a udp://-- URI in an M3U file.) |
| AVM IGD CTRL Service directory traversal | | Published: | | 21.01.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7078 | | Type: | | remote | | Level: | | 5/10 | | Description: | | HTTP directory traversal with TCP/49001 (UPNP) port. |
| Affected: | | AVM : Fritz!DSL Software 02.02 | | CVE: | | CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in Fritz!DSL 02.02.29 allows remote attackers to read arbitrary files via ..%5C (URL-encoded dot dot backslash) sequences in a URI requested from the AR7 webserver.) |
| T-Com Speedport ADSL router unauthorized access | | Published: | | 21.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7076 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Constant Cookie value is set for Web access verification. |
| Affected: | | T-COM : Speedport 500V | | CVE: | | CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.) |
| WzdFTPD FTP server DoS | | Published: | | 21.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7077 | | Type: | | remote | | Level: | | 5/10 | | Description: | | NULL pointer dereference on FTP commands parsing. |
| Affected: | | WZFTPD : WzdFTPD 8.0 | | CVE: | | CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.) |
| netrik shell characters problems | | Published: | | 21.01.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7079 | | Type: | | client | | Level: | | 5/10 | | Description: | | Shell characters problem on temporary files creation. |
| Affected: | | NETRIK : netrik 1.15 | | CVE: | | CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.) |
| Colloquy IRC client multiple format string vulnerabilities | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7080 | | Type: | | client | | Level: | | 6/10 | | Description: | | Multiple format string vulnerabilities, e.g. invite IRC command. |
| Affected: | | COLLOQUY : Colloquy 2.1 | | CVE: | | CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.) |
| Mac OS X SLP daemon buffer overflow | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7081 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on parsing arguments list of SLP request. |
| Affected: | | APPLE : Mac OS X 10.4 | | CVE: | | CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.8 and earlier allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.) |
| Apple Mac OS X transmit.app buffer overflow | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7083 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow on ftps:// URI parsing. |
| Affected: | | TRANSMIT : Transmit.app 3.5 | | CVE: | | CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.) |
| Unsanity Application Enhancer privilege escalation | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7086 | | Type: | | local | | Level: | | 5/10 | | Description: | | Multiple privilege escalation issues. |
| Affected: | | UNSANITY : Application Enhancer 2.0 | | CVE: | | CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.) |
| Rumpus FTP server multiple security vulnerabilities | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7082 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Shell characters problems, buffer overflows, weaklpermissions. |
| Affected: | | RUMPUS : Rumpus 5.1 | | CVE: | | CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and directories under /usr/local/Rumpus, including the configuration file, which allows local users to have an unknown impact by creating, modifying, or deleting files.) | | | | CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program.) | | | | CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.) |
| Apple iChat format string vulnerability | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7084 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Format string vulnerability on aim:// URI parsing. |
| Affected: | | APPLE : iChat 3.1 | | CVE: | | CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote attackers to cause a denial of service (null pointer dereference and application crash) and possibly execute arbitrary code via format string specifiers in an aim:// URI.) |
| Apple QuickTime HREFTrack crossite scripting | | Published: | | 21.01.2007 | | Source: | | MOAB | | SecurityVulns ID: | | 7085 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Script can refer to local resources. Vulnerability is used in-the-wild for malware code installation. |
| Affected: | | APPLE : QuickTime 7.1 | | CVE: | | CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.) |
| Intel Centrino ipw2200 wireless drivers buffer overflow | | Published: | | 21.01.2007 | | Source: | | MILW0RM | | SecurityVulns ID: | | 7087 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on oversized SSID |
|
|
|
|
|
|
|
|
