CVE-2005-0054

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decodin...

Microsoft Internet Explorer URI Decoding Vulnerability

Description Microsoft Internet Explorer is prone to a vulnerability related to URI decoding. A bug in how the browser parses encoded URI data may allow zone bypass. As a result, it is possible to force the browser to interpret Web content in the Local Zone. This could be exploited to execute...

Microsoft Internet Explorer contains URL decoding cross-domain vulnerability

Overview A URL decoding vulnerability in Microsoft Internet Explorer may allow remote attackers to bypass zone security restrictions and execute arbitrary code on affected systems. Description IE uses a cross-domain security model to maintain separation between browser frames from different...

Painkiller 1.35 - in-game cd-key alpha-numeric Buffer Overflow (PoC)

/ by Luigi Auriemma / include include include include / Painkiller packet's password encoder/decoder 0.1 by Luigi Auriemma e-mail: [email protected] web: http://aluigi.altervista.org INTRODUCTION ============ When you want to join a password protected game server of Painkiller...

tiff: New overflows in image decoding

Background The TIFF library contains encoding and decoding routines for the Tag Image File Format. It is called by numerous programs, including GNOME and KDE applications, to interpret TIFF images. Description infamous41md found a potential integer overflow in the directory entry count routines o...

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

DEBIAN-CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

CVE-2004-1315

Summary: CVE-2004-1315 affects phpBB 2.x prior to 2.0.11. The vulnerability stems from improper URL decoding of the highlight parameter in viewtopic.php, allowing a remote attacker to double-encode the highlight value so that PHP exec runs arbitrary code. Exploited in the wild by the Santy.A worm...

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...

security flaw

Cross-site scripting XSS vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML...

[Full-Disclosure] [ GLSA 200412-03 ] imlib: Buffer overflows in image decoding

Gentoo Linux Security Advisory GLSA 200412-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

imlib: Buffer overflows in image decoding

Background imlib is an advanced replacement library for image manipulation libraries like libXpm. It is called by numerous programs, including gkrellm and several window managers, to help in displaying images. Description Pavel Kankovsky discovered that several overflows found in the libXpm libra...

GLSA-200412-03 : imlib: Buffer overflows in image decoding

The remote host is affected by the vulnerability described in GLSA-200412-03 imlib: Buffer overflows in image decoding Pavel Kankovsky discovered that several overflows found in the libXpm library see GLSA 200409-34 also applied to imlib. He also fixed a number of other potential flaws. Impact : ...

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which...

Debian DSA-589-1 : libgd1 - integer overflows

'infamous41md' discovered several integer overflows in the PNG image decoding routines of the GD graphics library. This could lead to the execution of arbitrary code on the victim's machine. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

DSA-589-1 libgd - integer overflows

Bulletin has no description...

DSA-591-1 libgd2 - integer overflows

Bulletin has no description...

squirrelmail -- cross site scripting vulnerability

A SquirrelMail Security Notice reports: There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings...

security flaw

Multiple vulnerabilities in the RLE run length encoding decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files...