 |
|
|
|
| Apple iPhones multiple security vulnerabilities | | Published: |  | 23.10.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8282 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Vulnerable version of libtiff allows code execution and, as a result, allows to unlock phone. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 23.10.2007 | | Source: | | | | SecurityVulns ID: | | 8280 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | pete.houston.17187_(at)_gmail.com, Korean GHBoard Multiple Vulnerabilities by Xcross87 (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] Seeblick 1.0 Beta File Upload Vulz (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87 (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] eLouai's Download Script Remote File Download Vulnerability (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] Japanese PHP Gallery Hosting File Upload Vulz (23.10.2007) |
| | | SkyOut, [Full-disclosure] ifnet.it WEBIF XSS Vulnerability (23.10.2007) |
| | | hack2prison_(at)_yahoo.com, Jeebles Directory Local File Inclusion (23.10.2007) |
| | | deme_(at)_hackish.eu, Hackish XSS in shoutbox/blocco.php (23.10.2007) |
| | | gmdarkfig_(at)_gmail.com, Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities (23.10.2007) |
| | | Advisory_(at)_Aria-Security.net, [Aria-Security.Net] dmcms.0.7.0 SQL Injection (23.10.2007) |
| Citrix Access Gateway information leak | | Published: | | 23.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8283 | | Type: | | remote | | Level: | | 5/10 | | Description: | | HTTP session cookie is passed through HTTP GET request parameters, making it possible to leak it value thorugh Referer: field or in the browsing history. |
| 3proxy double free() security vulnerability | | Published: | | 23.10.2007 | | Source: | | SECURITYVULNS | | SecurityVulns ID: | | 8284 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Double free() on FTP proxy OPEN request handling. |
| Affected: |  | 3PROXY : 3proxy 0.5 | | CVE: |  | CVE-2007-5622 (Double-free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.) |
| Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities | | Published: | | 23.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8285 | | Type: | | client | | Level: | | 8/10 | | Description: | | Code exectuion with invalid % encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution. |
| Affected: | | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | CVE: | | CVE-2007-5340 | | | | CVE-2007-5339 | | | | CVE-2007-5338 | | | | CVE-2007-5337 | | | | CVE-2007-5334 | | | | CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary commands via a "single unexpected URI" within a (1) mailto, (2) nntp, (3) news, or (4) snews URI, related to improper file type handling, a variant of CVE-2007-3845. NOTE: this information is based upon a vague pre-advisory.) | | | | CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field.) | | | | CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.) | | | | CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.) | | | | CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.) |
| Zaptel драйвер buffer overflow | | Published: | | 23.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8281 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized IOCTL interface name. |
IBM Lotus Notes multiple security vulnerabilities
updated since 23.10.2007 | | Published: | | 24.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8286 | | Type: | | client | | Level: | | 7/10 | | Description: | | Buffer overflow on viewing of different attachment types, information leak between local users thorugh memory mapped files. |
|
|
|
|
|
|
|
|
