Memory corruption

The Internet Authentication Service IAS in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed...

PT-2009-4912 · Microsoft · Windows Server 2008 R2 +2

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Description: A remote code execution issue exists due to improper validation of MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication requests. This allows...

PT-2009-5949 · Microsoft · Ias +3

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to the fixed version Description: The issue concerns the Internet Authentication Service IAS not properly verifying credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol PEAP authentication...

DEBIAN-CVE-2009-3720

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

JDK: XML parsing Denial-Of-Service (6845701)

Previously, a denial-of-service flaw was found in Java which allowed the creation of an inifinte loop in XML headers that would consume all CPU resources. This issue was patched and Java is no longer vulnerable to a denial-of-service flaw due to the initiation of an infinte loop by means of XML...

[SECURITY] Fedora 11 Update: epiphany-2.26.3-2.fc11

Epiphany is the web browser for the GNOME desktop. Its goal is to be simple and easy to use. Epiphany ties together many GNOME components in order to let you focus on the Web content, instead of the browser application. Epiphany is extensible through a plugin system. Existing plugins can be found...

Sql injection

SQL injection vulnerability in include/getread.php in Extensible-BioLawCom CMS X-BLC 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter...

CVE-2009-2310

SQL injection vulnerability in include/getread.php in Extensible-BioLawCom CMS X-BLC 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter...

CVE-2009-2310

SQL injection vulnerability in include/getread.php in Extensible-BioLawCom CMS X-BLC 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter...

CVE-2009-2310

The CVE-2009-2310 entry describes a SQL injection in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier. The vulnerability exists in include/get_read.php and is triggered via the section parameter, allowing remote attackers to execute arbitrary SQL commands. Available connected sources confirm th...

PT-2009-4180 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions prior to 2.2.1 iPhone OS for iPod touch versions prior to 2.2.1 Description: The XSLT implementation in WebKit does not properly handle redirects, allowing remote attackers to read XML...

pidgin PurpleCircBuffer corruption

The PurpleCircBuffer implementation in Pidgin formerly Gaim before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service memory corruption and application crash via vectors involving the 1 XMPP or 2 Sametime protocol...

[SECURITY] Fedora 10 Update: weechat-0.2.6.1-1.fc10

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

[SECURITY] Fedora 9 Update: weechat-0.2.6.1-1.fc9

WeeChat Wee Enhanced Environment for Chat is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts...

Mozilla parsing error in E4X default namespace

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...

libxml2: integer overflow leading to memory corruption in xmlSAX2Characters

Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service memory corruption or possibly execute arbitrary code via a large XML document...

Mozilla parsing error in E4X default namespace

Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 do not properly escape quote characters used for XML processing, which allows remote attackers to conduct XML injection attacks via the default namespace in an E4X...

PT-2008-5344 · Microsoft · Xml Core Services

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services versions 3.0 through 4.0 Description: The issue allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs...

[SECURITY] Fedora 8 Update: ruby-1.8.6.287-2.fc8

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

[SECURITY] Fedora 9 Update: ruby-1.8.6.230-1.fc9

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...