 |
|
|
|
| Apple iPhones multiple security vulnerabilities | | Published: |  | 23.10.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 8282 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Vulnerable version of libtiff allows code execution and, as a result, allows to unlock phone. |
| Affected: |  | APPLE : iPhone 1.1 |
| Original document |  | H D Moore, Cracking the iPhone (5 article series) (23.10.2007) |
| 3proxy double free() security vulnerability | | Published: | | 23.10.2007 | | Source: | | SECURITYVULNS | | SecurityVulns ID: | | 8284 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Double free() on FTP proxy OPEN request handling. |
| Affected: | | 3PROXY : 3proxy 0.5 | | CVE: |  | CVE-2007-5622 (Double-free vulnerability in the ftpprchild function in ftppr in 3proxy 0.5 through 0.5.3i allows remote attackers to cause a denial of service (daemon crash) via multiple OPEN commands to the FTP proxy.) |
| Original document | | 3APA3A, 3proxy 0.5.3j released (bugfix) (23.10.2007) |
| | | xiaojunli.air, 3proxy double free vulnerability (23.10.2007) |
| Mozilla Firefox /Thunderbird / Seamonkey multiple security vulnerabilities | | Published: | | 23.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8285 | | Type: | | client | | Level: | | 8/10 | | Description: | | Code exectuion with invalid % encoding in Windows, lcaol files accesss with sftp URL, content spoofing, user input focus stealing, memory corruption, code execution. |
| Affected: | | MOZILLA : Firefox 2.0 | | | | MOZILLA : Thunderbird 2.0 | | | | MOZILLA : SeaMonkey 1.1 | | CVE: | | CVE-2007-5340 | | | | CVE-2007-5339 | | | | CVE-2007-5338 | | | | CVE-2007-5337 | | | | CVE-2007-5334 | | | | CVE-2007-4841 (Mozilla Firefox 2.0.0.6 allows remote attackers to execute arbitrary commands via a "single unexpected URI" within a (1) mailto, (2) nntp, (3) news, or (4) snews URI, related to improper file type handling, a variant of CVE-2007-3845. NOTE: this information is based upon a vague pre-advisory.) | | | | CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12 and 2.0.0.4 allows remote attackers to change field focus and copy keystrokes via JavaScript, as demonstrated by changing focus from a textarea to a file upload field.) | | | | CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for Mozilla Firefox 2.0.0.3 allows remote attackers to conduct HTTP response splitting attacks via a LF (%0a) in the username attribute.) | | | | CVE-2007-1095 (Mozilla Firefox does not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.) | | | | CVE-2006-2894 (Mozilla Firefox 1.5.0.4, Mozilla Suite 1.7.13, Mozilla SeaMonkey 1.0.2, and Netscape 8.1 and earlier allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.) |
| Original document | | MOZILLA, Mozilla Foundation Security Advisory 2007-36 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-35 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-34 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-33 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-32 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-31 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-30 (23.10.2007) |
| | | MOZILLA, Mozilla Foundation Security Advisory 2007-29 (23.10.2007) |
| Zaptel драйвер buffer overflow | | Published: | | 23.10.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 8281 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized IOCTL interface name. |
| Affected: | | ZAPTEL : Zaptel 1.4 |
| Original document | | Michal Bucko, [ELEYTT] Public Advisory 20-10-2007 (23.10.2007) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 23.10.2007 | | Source: | | | | SecurityVulns ID: | | 8280 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | DMCMS : dmcms 0.7 | | | | SPHPBLOG : Simple PHP Blog 0.5 | | | | HACKISH : Hackish 1.1 | | | | EFILEMAN : eFileman 7.1 | | | | SEEBLICK : SeeBlick 1.0 |
| Original document | | pete.houston.17187_(at)_gmail.com, Korean GHBoard Multiple Vulnerabilities by Xcross87 (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] PHP Basic Multiple Vulnerabilities by Xcross87 & Alucar (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] Seeblick 1.0 Beta File Upload Vulz (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] eFileMan 7.x Multiple Vulnerabilities by Xcross87 (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] eLouai's Download Script Remote File Download Vulnerability (23.10.2007) |
| | | pete.houston.17187_(at)_gmail.com, [Vulz] Japanese PHP Gallery Hosting File Upload Vulz (23.10.2007) |
| | | SkyOut, [Full-disclosure] ifnet.it WEBIF XSS Vulnerability (23.10.2007) |
| | | hack2prison_(at)_yahoo.com, Jeebles Directory Local File Inclusion (23.10.2007) |
| | | deme_(at)_hackish.eu, Hackish XSS in shoutbox/blocco.php (23.10.2007) |
| | | gmdarkfig_(at)_gmail.com, Simple PHP Blog (sphpblog) <= 0.5.1 Multiple Vulnerabilities (23.10.2007) |
| | | Advisory_(at)_Aria-Security.net, [Aria-Security.Net] dmcms.0.7.0 SQL Injection (23.10.2007) |
| |
|
| |
