|
|
Colapse all |
Post message
[EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability 2005-11-05 Advisories eeye com DMA[2005-1104a] - 'GpsDrive friendsd2 format string vulnerability' 2005-11-04 kfinisterre (kfinisterre cfm ohio-state edu) [ GLSA 200511-02 ] QDBM, ImageMagick, GDAL: RUNPATH issues 2005-11-02 Thierry Carrez (koon gentoo org) [ GLSA 200511-01 ] libgda: Format string vulnerabilities 2005-11-02 Thierry Carrez (koon gentoo org) Apache Tomcat 5.5.x remote Denial Of Service 2005-11-04 David Maciejak (david maciejak kyxar fr) Apache Tomcat is the famous servlet container for Java Servlet and JSP technologies released under ASL. Version 5.5.x is intented for servlet/jsp specification 2.4/2.0. More information on http://tomcat.apache.org/ Description: Many time consuming directory listing requests can cause a denial of [ more ] [ reply ] readdir_r considered harmful 2005-11-01 Ben Hutchings (ben decadentplace org uk) (1 replies) readdir_r considered harmful ============================ Issued by Ben Hutchings <ben (at) decadentplace.org (dot) uk [email concealed]>, 2005-11-01. Background ---------- The POSIX readdir_r function is a thread-safe version of the readdir function used to read directory entries. Whereas readdir returns a pointer to a sys [ more ] [ reply ] SUSE Security Announcement: pwdutils, shadow (SUSE-SA:2005:064) 2005-11-04 Ludwig Nussel (ludwig nussel suse de) Parosproxy 3.2.6: Local Exploitation, Command injection vulnerability 2005-11-04 Marc Schoenefeld (marc schoenefeld gmx org) Hello, first word to say: Parosproxy is a great tool, it has helped me a lot during pentesting. Unfortunately the JDK until version 1.4.2_08 is vulnerable in a way that allows to use JDBC as an attack path. Parosproxy uses JDBC to persist some state data. Concerning the release 3.2.6 of Parosproxy [ more ] [ reply ] ZDI-05-002: Clam Antivirus Remote Code Execution 2005-11-04 zdi-disclosures 3com com ZDI-05-002: Clam Antivirus Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-05-002.html November 4th, 2005 -- CVE ID: CAN-2005-3303 -- Affected Vendor: Clam AntiVirus -- Affected Products: Clam AntiVirus 0.80 through 0.87 -- TippingPoint(TM) IPS Customer Protec [ more ] [ reply ] Secunia Research: cPanel Entropy Chat Script InsertionVulnerability 2005-11-04 Secunia Research (vuln secunia com) [SECURITY] [DSA 882-1] New OpenSSL packages fix cryptographic weakness 2005-11-04 joey infodrom org (Martin Schulze) [SECURITY] [DSA 883-1] New thttpd packages fix insecure temporary file 2005-11-04 joey infodrom org (Martin Schulze) [SECURITY] [DSA 881-1] New OpenSSL 0.9.6 packages fix cryptographic weakness 2005-11-04 joey infodrom org (Martin Schulze) Advisory: Apple QuickTime Player Remote Denial Of Service 2005-11-04 Piotr Bania (bania piotr gmail com) Apple QuickTime Player Remote Denial Of Service by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2755 Original location: http://pb.specialised.info/all/adv/quicktime-mov-dos-adv.txt Severity: Critical - attack against any application [ more ] [ reply ] Advisory: Apple QuickTime PICT Remote Memory Overwrite 2005-11-04 Piotr Bania (bania piotr gmail com) Apple QuickTime PICT Remote Memory Overwrite by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2756 Original location: http://pb.specialised.info/all/adv/quicktime-pict-adv.txt Severity: Critical - remote code execution. Software aff [ more ] [ reply ] Advisory: Apple QuickTime Player Remote Integer Overflow (1) 2005-11-04 Piotr Bania (bania piotr gmail com) Apple QuickTime Player Remote Integer Overflow (1) by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2753 Original location: http://pb.specialised.info/all/adv/quicktime-mov-io1-adv.txt Severity: Critical - remote code execution. Softw [ more ] [ reply ] Advisory: Apple QuickTime Player Remote Integer Overflow (2) 2005-11-04 Piotr Bania (bania piotr gmail com) Apple QuickTime Player Remote Integer Overflow (2) by Piotr Bania <bania.piotr (at) gmail (dot) com [email concealed]> http://pb.specialised.info All rights reserved. CVE-ID: CVE-2005-2754 Original location: http://pb.specialised.info/all/adv/quicktime-mov-io2-adv.txt Severity: Critical - remote code execution. Soft [ more ] [ reply ] Remotely DoSing JBoss 4.0.2 with serialized java objects 2005-11-04 Marc Schoenefeld (marc schoenefeld gmx org) =+============================================================= Remotely DoSing JBoss 4.0.2 with serialized java objects Implications of serialisation vulnerabilies in JDK =+============================================================= Author: Marc Schoenefeld , illegalaccess.org marc/at/illegalacc [ more ] [ reply ] On Interpretation Conflict Vulnerabilities 2005-11-03 Steven M. Christey (coley mitre org) In a post "SEC-CONSULT-SA-20051021-0: Yahoo/MSIE XSS", Bernhard Mueller said: >SEC-Consult believes that input-validation thru blacklists can just be >a temporary solution to problems like this. From our point of view >there are many other applications vulnerable to this special type of >problem w [ more ] [ reply ] Re: [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting(XSS)XVulnerability in phpinfo() 2005-11-03 phole hushmail com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 great Work PoC: phpinfo.php?GLOBALS[test]=<script>alert(document.cookie);</script> this Don't Work: phpinfo.php?test=<script>alert(document.cookie);</script> -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools. [ more ] [ reply ] Buffer-overflow in GO-Global for Windows 3.1.0.3270 2005-11-02 Luigi Auriemma (aluigi autistici org) Mambo Open Source, Path disclosure 2005-11-02 alireza hassani (trueend5 yahoo com) [KAPDA::#11] - Mambo Open Source, Path disclosure KAPDA New advisory Vendor: http://www.mamboserver.com Vulnerable Versions: 4.5.2.3 , 4.5.2.2 , 4.5.2.1 ,4.5.2 Bug: path disclosure Exploitation: Remote with browser Discussion: -------------------- Mambo is a feature-rich dynamic portal engine/co [ more ] [ reply ] Re: [Full-disclosure] On Interpretation Conflict Vulnerabilities 2005-11-03 Florian Weimer (fw deneb enyo de) * Steven M. Christey: > This falls under a class of vulnerabilities that I refer to as either > "interpretation conflicts" or "multiple interpretation errors" > depending on what time it is, though I'm leaning toward interpretation > conflicts. I agree that this class of vulnerabilities deserves i [ more ] [ reply ] Norton Unerase - Need Contact 2005-11-02 alex cottle (eddie5659 hotmail com) Hiya Read these all the time, and decided to post at last :o) Thing is, its a well known flaw with Norton Unerase, and Norton don't have a fix yet. However, a user in a forum has been having this exact same problem, and we may have resolved it. However, I've tried to contact Norton but no reply [ more ] [ reply ] Buffer-overflow and directory traversal in Asus Video Security 3.5.0.0 2005-11-02 Luigi Auriemma (aluigi autistici org) |
|
Privacy Statement |
Release Date:
November 4, 2005
Date Reported:
June 27, 2005
Severity:
High
Vendor:
Macromedia
Systems Affected:
Macromedia Flash 6 (on all Windows platforms)
Macromedia Flash 7 (on all Windows platforms)
Overview:
eEye Digital Secu
[ more ] [ reply ]