 |
|
|
|
| OpenEdge buffer overflow | | Published: |  | 28.06.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7862 | | Type: |  | remote | | Level: |  | 6/10 | | Description: |  | Buffer overflow on parsing TCP/IP message. |
| Internet Communication Framework multiple security vulnerabilities | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7865 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple crossite cripting vulnerabilities. |
| KVIrc IRC client buffer overflow | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7868 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer overflow in irc:// URL handler. |
| Affected: |  | KVIRC : KVIrc 3.2 | | CVE: |  | CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 28.06.2007 | | Source: | | | | SecurityVulns ID: | | 7869 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | DIRECTADMIN : DirectAdmin 1.30 | | | | ETICKET : eTicket 1.5 | | CVE: | | CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters. NOTE: the vendor disputes the significance of the issue, stating that "eTicket is not designed to work with register_globals On.") | | | | CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to obtain sensitive information via the (1) name[], (2) email[], (3) phone[], or (4) subject[] parameters, which reveals the installation path in the resulting error messages.) |
| Conti FTP Server DoS | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7860 | | Type: | | remote | | Level: | | 5/10 | | Description: | | LIST //A: request causes server to hang. |
| Juniper Steel Belted RADIUS CRL access problem | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7863 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Certificates revocation list download ffeature doesn't work. |
| Symantec Mail Security for SMTP buffer overflow | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7867 | | Type: | | remote | | Level: | | 8/10 | | Description: | | Buffer overflow on packed executables parsing. |
| Affected: | | SYMANTEC : Symantec Mail Security for SMTP 5.0 | | CVE: | | CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".) |
| HP Photo Digital Imaging ActiveX unauthorized access | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7861 | | Type: | | client | | Level: | | 6/10 | | Description: | | Unsafe saveXMLAsFile method in hpqxml.dll. |
| SAP NetWeaver / Web Dynpro Java multiple security vulnerabilities | | Published: | | 28.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7864 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple crossite scripting conditions. |
| Avahi DBUS DoS | | Published: | | 28.06.2007 | | Source: | | CVE | | SecurityVulns ID: | | 7870 | | Type: | | local | | Level: | | 5/10 | | Description: | | Empty TXT record causes daemon to crash. |
| Affected: | | AVAHI : Avahi 0.6 | | CVE: | | CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.) |
Wireshark DoS
updated since 28.06.2007 | | Published: | | 17.08.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7866 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Endless loop on MMS and SSL parsing, off-by-one on iSeries and DHCP/BOOTP parsing. |
| Affected: | | WIRESHARK : wireshark 0.99 | | CVE: | | CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via crafted DHCP-over-DOCSIS packets.) | | | | CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of service via malformed (1) SSL or (2) MMS packets that trigger an infinite loop.) | | | | CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service (memory consumption) via a malformed DCP ETSI packet that triggers an infinite loop.) | | | | CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain systems, allows remote attackers to cause a denial of service (crash) via crafted iSeries capture files that trigger a SIGTRAP.) | | | | CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of service (crash) via a crafted chunked encoding in an HTTP response, possibly related to a zero-length payload.) |
|
|
|
|
|
|
|
|
