Section: .. / 0703-advisories /
| /// File Name: |
wp212-sql.txt |
Description:
|
WordPress version 2.1.2 suffers from a SQL injection vulnerability.
| | Author: | Omid | | File Size: | 419 | | Last Modified: | Mar 13 23:42:01 2007 |
| MD5 Checksum: | a32d884c4d889517051c4ea6cb217e08 |
|
| /// File Name: |
yahoo-msg.txt |
Description:
|
Yahoo mail services when accessed via Yahoo! messenger are vulnerable to information leakage and authentication bypass which is caused due to improper caching of pages by the browser.
| | Author: | Kishor Datar | | File Size: | 3658 | | Last Modified: | Mar 29 07:55:05 2007 |
| MD5 Checksum: | c1be1240f8410d328795203fce4e74f5 |
|
| /// File Name: |
ZDI-07-008.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Tomcat JK Web Server Connector. Authentication is not required to exploit this vulnerability. Tomcat JK Web Server Connector version 1.2.19 and 1.2.20 are affected. Tomcat 4.1.34 and 5.5.20 are affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2721 | | Related CVE(s): | CVE-2007-0774 | | Last Modified: | Mar 6 09:54:14 2007 |
| MD5 Checksum: | 2535802235fc407a788406584530831d |
|
| /// File Name: |
ZDI-07-009.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on Novell NetMail version 3.5.2. Authentication is not required to exploit this vulnerability. The specific flaw exists in the webadmin.exe process bound by default on TCP port 89. During HTTP Basic authentication, a long username of at least 213 bytes will trigger a stack based buffer overflow due to a vulnerable sprintf() call. Exploitation of this issue can result in arbitrary code execution.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2548 | | Related CVE(s): | CVE-2007-1350 | | Last Modified: | Mar 9 03:30:20 2007 |
| MD5 Checksum: | 37113389bf6ad945a40bce9599763946 |
|
| /// File Name: |
ZDI-07-010.txt |
Description:
|
A vulnerability allows attackers to execute arbitrary code on Apple QuickTime Player version 7.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of forged size fields in user-defined data atoms (UDTA). By setting this field to an overly large value, an integer overflow occurs resulting in an exploitable heap overflow. Successful exploitation results in code execution under the context of the running user.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2640 | | Related CVE(s): | CVE-2007-0714 | | Last Modified: | Mar 9 03:32:27 2007 |
| MD5 Checksum: | fa5eb46c403649874472d707ec4b66a1 |
|
| /// File Name: |
ZDI-07-011.txt |
Description:
|
A vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM Lotus Domino Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the CRAM-MD5 authentication mechanism of nimap.exe which binds by default to TCP port 143. No check is done on the length on the supplied username prior to processing it through a custom copy loop. If the username is longer than 256 bytes, a pointer overwrite may occur in the function nnotes.dll.CStream::ToBase64() which is later called and can therefore result in execution of arbitrary code.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2791 | | Related CVE(s): | CVE-2007-1675 | | Last Modified: | Mar 29 08:57:59 2007 |
| MD5 Checksum: | 5c2e6493ad6fd7fd47212cfb14190a41 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
