 |
|
|
|
| Mozilla multiple addons upgrade weakness | | Published: |  | 30.05.2007 | | Source: |  | FULL-DISCLOSURE | | SecurityVulns ID: |  | 7759 | | Type: |  | m-i-t-m | | Level: |  | 5/10 | | Description: |  | Upgrade mechanism of multiple addons allows upgrade via unsecure HTTP connection without using of SSL/TLS certificates, makeing active man-in-the-middle attacks possible. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 30.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7758 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
Apache httpd multiple local DoS conditions
updated since 30.05.2007 | | Published: | | 20.06.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7757 | | Type: | | local | | Level: | | 5/10 | | Description: | | It's possible to manipalte main worker process causing it to send SIGUSR signal from root to any process, process halt, resources exhaustions. |
| Affected: |  | APACHE : Apache 1.3 | | | | APACHE : Apache 2.0 | | | | APACHE : Apache 2.2 | | CVE: |  | CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer.") |
|
|
|
|
|
|
|
|
