본문 바로가기

Securities

Apple iPhone Mobile Safari Memory Exhaustion Remote Denial of Service Vulnerability Apple Mobile Safari 0 + Apple Mac OS X 10.4.2 + Apple Mac OS X 10.4.2 + Apple Mac OS X 10.4.1 + Apple Mac OS X 10.4.1 + Apple Mac OS X 10.4 + Apple Mac OS X 10.4 + Apple Mac OS X Server 10.4.2 + Apple Mac OS X Server 10.4.2 + Apple Mac OS X Server 10.4.1 + Apple Mac OS X Server 10.4.1 + Apple Mac OS X Server 10.4 + Apple Mac OS X Server 10.4 Apple iPhone 1.1.3 Apple iPhone 1.1.2 Apple iPhone is .. 더보기
Cisco Call Manager CTLProvider Heap Overflow Vulnerability TPTI-08-02: Cisco Call Manager CTLProvider Heap Overflow Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-08-02 January 16, 2008 -- CVE ID: CVE-2008-0027 -- Affected Vendor: Cisco -- Affected Products: Cisco Call Manager 4.1(3) -- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco CallManager. Authentication .. 더보기
Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability The Apache HTTP Server 'mod_status' module is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launc.. 더보기
Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability Bugtraq ID: 26789 Class: Boundary Condition Error CVE: CVE-2007-3901 Remote: Yes Local: No Published: Dec 11 2007 12:00AM Updated: Jan 12 2008 12:59AM Credit: Jun Mao of VeriSign iDefense is credited with the discovery of this vulnerability. Vulnerable: Nortel Networks Centrex IP Client Manager 9.0 Nortel Networks Centrex IP Client Manager 10.0 Nortel Networks CallPilot 703t Nortel Networks Call.. 더보기
Mozilla Firefox Malformed GIF File Denial of Service Vulnerability Bugtraq ID: 27243 Class: Failure to Handle Exceptional Conditions CVE: Remote: Yes Local: No Published: Jan 11 2008 12:00AM Updated: Jan 12 2008 01:09AM Credit: Hanno Bock is credited with discovering this vulnerability. Vulnerable: Mozilla Firefox 2.0 8 Mozilla Firefox 2.0 .9 Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozil.. 더보기
Microsoft Visual Interdev SLN File Buffer Overflow Vulnerability Bugtraq ID: 27250 Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: Jan 11 2008 12:00AM Updated: Jan 12 2008 01:09AM Credit: shinnai is credited with the discovery of this vulnerability. Vulnerable: Microsoft Visual InterDev 6.0 Not Vulnerable: [discussion] Microsoft Visual Interdev is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary chec.. 더보기
MTCMS <=2.0 SQL Injection Vulnerbility MTCMS 더보기
Word 2007 Email as PDF path disclosure flaw Word 2007 Email as PDF path disclosure flaw Jan 10 2008 04:07PM ebk_lists hotmail com Intro: Word 2007 is the latest installment of Microsoft's word processing program Bug: Word 2007 with the "save as pdf" add-on is vulnerable to a path disclosure when using the feature's email as pdf option, accessible through the office button. This feature enables a user to email a word doc as a pdf without s.. 더보기
Buffer-overflow in Quicktime Player 7.3.1.70 Buffer-overflow in Quicktime Player 7.3.1.70 Jan 10 2008 06:45PM Luigi Auriemma (aluigi autistici org) (1 replies) ####################################################################### Luigi Auriemma Application: Quicktime Player http://www.apple.com/quicktime Versions: 더보기
[SECURITY] [DSA 1439-1] New typo3-src packages fix SQL injection Dec 28 2007 03:41PM Debian Security Advisory DSA-1439-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Thijs Kinkhorst December 28, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : typo3-src Vulnerability : missing input sanitising Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-6381 Debian Bug .. 더보기
[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression Dec 27 2007 09:21PM - ------------------------------------------------------------------------ -- Debian Security Advisory DSA 1405-3 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Thijs Kinkhorst December 1st, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ -- Package : zope-cmfplone Vulnerability : missing input s.. 더보기
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilities Dec 28 2007 03:29PM Debian Security Advisory DSA-1438-1 security (at) debian (dot) org [email concealed] http://www.debian.org/security/ Florian Weimer December 28, 2007 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : tar Vulnerability : several Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2007-4131, CVE-2007-4476 Several vu.. 더보기
2z-project 0.9.6.1 Multiple Security Vulnerabilities Dec 28 2007 01:26PM Digital Security Research Group [DSecRG] Advisory Name: 2z project Systems Affected: 2z project 0.9.6.1 Vendor URL: http://2z-project.ru Authors: Alexandr Polyakov, Stas Svistunovich Digital Security Reasearch Group [DSecRG] (research [at] dsec [dot] ru) Reported: 27.12.2007 Vendor response: 27.12.2007 Date of Public Advisory: 28.12.2007 Description *********** 2z system has multiple security vu.. 더보기
FAQMasterFlexPlus multiple vulnerabilities - Security Advisory - - FAQMasterFlexPlus multiple vulnerabilities - --------------------------------------------------------------- Product: FAQMasterFlexPlus Version: Latest version is affected, other not tested Vendor: http://www.netbizcity.com Affected by: Cross-Site Scripting & SQL injection I. Introduction. FaqMasterFlexPlus is a free, database-driven web-based application written in php f.. 더보기
OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities - Security Advisory - - OpenBiblio 0.5.2-pre4 and prior multiple vulnerabilities - ---------------------------------------------------- Product: OpenBiblio Version: Version 0.5.2 Prerelease 4 and prior is affected Url: http://obiblio.sourceforge.net/ Affected by: Full path disclosure, local file include, phpinfo disclosure, multiple Cross Site Scripting, SQL injection I. Introduction. OpenBiblio.. 더보기