Section: .. / 0711-advisories /
| /// File Name: |
uph0702.txt |
Description:
|
Firefly Media Server versions 0.2.4 and below suffer from a remote denial of service condition due to a null pointer dereference during an unchecked increment of the header variable.
| | Author: | nnp | | Homepage: | http://silenthack.co.uk/ | | Related Exploit: | uph0702.py.txt | | File Size: | 1172 | | Last Modified: | Nov 2 19:22:00 2007 |
| MD5 Checksum: | f4c6ec52c94325a33bef950db7e30962 |
|
| /// File Name: |
sentinel-traverse.txt |
Description:
|
A classic directory traversal condition exists within the Sentinel Protection Server. By sending in an HTTP GET request with a path of a file proceeded by and escaped traversal sequence, an attacker can leverage an arbitrary file access condition on the affected system. Sentinel Protection Server version 7.1 is affected.
| | Author: | Corey Lebleu | | Homepage: | http://www.digitaldefense.net/ | | File Size: | 1157 | | Last Modified: | Nov 26 22:22:51 2007 |
| MD5 Checksum: | 1bf464d15cc6808d2e855feb01c1d0c7 |
|
| /// File Name: |
uph0701.txt |
Description:
|
Firefly Media Server versions 0.2.4 and below suffer from a remote denial of service condition due to a null pointer dereference when a : is missing.
| | Author: | nnp | | Homepage: | http://silenthack.co.uk/ | | Related Exploit: | uph0701.py.txt | | File Size: | 1110 | | Last Modified: | Nov 2 19:18:59 2007 |
| MD5 Checksum: | cf51e5c1fad2eaa8517c2beda717d3e1 |
|
| /// File Name: |
TPTI-07-20.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. QuickTime version 7.2 is affected.
| | Author: | Cody Pierce | | Homepage: | http://www.tippingpoint.com/ | | File Size: | 1092 | | Related CVE(s): | CVE-2007-4674 | | Last Modified: | Nov 14 21:07:49 2007 |
| MD5 Checksum: | 84a8aa55dc1e1a424bd1184790f378bf |
|
| /// File Name: |
ligb-sql.txt |
Description:
|
LI-Guestbook version 1.2 suffers from a SQL injection vulnerability.
| | Homepage: | http://www.security-news.ws/ | | File Size: | 1021 | | Last Modified: | Nov 9 12:51:37 2007 |
| MD5 Checksum: | 9939a207569d147189b64af4061d1667 |
|
| /// File Name: |
plone-exec.txt |
Description:
|
Plone versions 2.5 up to and including 2.5.4 and versions 3.0 up to and including 3.0.2 suffer from an arbitrary python code execution vulnerability.
| | Author: | Martijn Pieters | | Homepage: | http://plone.org/ | | File Size: | 985 | | Related CVE(s): | CVE-2007-5741 | | Last Modified: | Nov 6 22:51:02 2007 |
| MD5 Checksum: | a8f693f7cdcde08c01d8482846254698 |
|
| /// File Name: |
phpstream-dos.txt |
Description:
|
PHP versions 5.2.5 and below suffer from a denial of service vulnerability in stream_wrapper_register().
| | Author: | laurent gaffi | | File Size: | 942 | | Last Modified: | Nov 13 22:54:26 2007 |
| MD5 Checksum: | 5b4db4e5101ce323537b625a3cbded22 |
|
| /// File Name: |
wellsfargo-notsogood.txt |
Description:
|
It appears that Wells Fargo's online banking is now allowing third party javascript from Akamai. Hopefully they come to their senses.
| | Author: | joel | | File Size: | 897 | | Last Modified: | Nov 26 17:29:09 2007 |
| MD5 Checksum: | f70c4aad89a603207703fcc4f9b66d8e |
|
| /// File Name: |
konqueror-dos.txt |
Description:
|
Konqueror versions 3.5.6 and below suffer from a denial of service condition when handling too large of cookies.
| | Author: | laurent gaffi | | File Size: | 836 | | Last Modified: | Nov 14 21:04:00 2007 |
| MD5 Checksum: | 2cba9c1bec091343d6db06947e1b965a |
|
| /// File Name: |
oracle-sysdba.txt |
Description:
|
Tanel Poder has found a way to get SYSDBA access to the Oracle database by utilizing a user who has the BECOME USER system privilege, execute privileges on KUPP$PROC.CHANGE_USER and CREATE SESSION.
| | Author: | Pete | | File Size: | 832 | | Last Modified: | Nov 12 23:25:46 2007 |
| MD5 Checksum: | 6e0ac7cb849365bf62c2d03852f33d25 |
|
| /// File Name: |
aida-disclose.txt |
Description:
|
Aida-Web may suffer from some information exposure vulnerabilities.
| | Author: | MC Iglo | | File Size: | 770 | | Last Modified: | Nov 16 02:15:13 2007 |
| MD5 Checksum: | ec86e1096fe986eb00737c870438e9cb |
|
| /// File Name: |
iedosowc11-dos.txt |
Description:
|
An unhandled memory access violation in the OWC11.DataSourceControl in Internet Explorer may cause a denial of service condition.
| | Author: | Elazar Broad | | File Size: | 750 | | Last Modified: | Nov 12 22:12:02 2007 |
| MD5 Checksum: | 167bf60f97e78d10625a872a2a1640e3 |
|
| /// File Name: |
swf-overflow.txt |
Description:
|
The ShockwaveVersion() function in Adobe Shockwave appears to suffer from a stack overflow vulnerability.
| | Author: | Elazar Broad | | File Size: | 744 | | Last Modified: | Nov 9 12:48:42 2007 |
| MD5 Checksum: | f351630dc07d015bb403b4b5f9f56e22 |
|
| /// File Name: |
safrcdlg-overflow.txt |
Description:
|
The Microsoft Remote Help safrcdlg.dll appears to suffer from a buffer overflow vulnerability.
| | Author: | Elazar Broad | | File Size: | 708 | | Last Modified: | Nov 12 23:28:54 2007 |
| MD5 Checksum: | 5b8e23d1f09548e80c7ef89b763d71b8 |
|
| /// File Name: |
mobile-csrf.txt |
Description:
|
Mobile phones can be subjected to denial of service attacks via cross site request forgery attacks.
| | Author: | avivra | | Homepage: | http://aviv.raffon.net/ | | File Size: | 685 | | Last Modified: | Nov 26 21:06:06 2007 |
| MD5 Checksum: | 1756f97c67746f73dac3c2411380a850 |
|
| /// File Name: |
tbsource-sql.txt |
Description:
|
It appears that the bittorrent tracker TBSource is susceptible to SQL injection attacks.
| | Author: | Emiliano Scavuzzo | | File Size: | 499 | | Last Modified: | Nov 12 20:08:14 2007 |
| MD5 Checksum: | b5636d8f3913a6068c774518cfb3a5ea |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
