514 matches found
CVE-2008-5712
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...
Hardcoded credentials
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...
CVE-2008-5712
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...
CVE-2008-5712
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...
CVE-2008-5712
The CVE-2008-5712 issue affects KDE Konqueror 3.5.9 where the HTML parser can trigger a denial of service (application crash) by parsing overly long attributes: (1) COLOR in HR, and (2) BGCOLOR or BORDERCOLOR in TABLE, TD, or TR elements. The FONT vector is noted as covered by CVE-2008-4514. Root...
CVE-2008-4514
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via a font tag with a long color value, which triggers an assertion error...
CVE-2008-4514
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via a font tag with a long color value, which triggers an assertion error...
CVE-2008-4514
The CVE-2008-4514 entry covers a Denial of Service in KDE Konqueror 3.5.9’s HTML parser, triggered by a font tag with an excessively long color value that leads to an assertion error and application crash. Related disclosures (CVE-2008-5712) describe the same DoS condition via long COLOR attribut...
Mozilla Foundation Security Advisory 2008-43
Mozilla Foundation Security Advisory 2008-43 Title: BOM characters, low surrogates stripped from JavaScript before execution Impact: Moderate Announced: September 23, 2008 Reporter: Dave Reed, Chris Weber, Gareth Heyes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox...
CVE-2008-4066
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&56325ascript" sequence, a...
CVE-2008-4066
CVE-2008-4066 affects Mozilla Firefox 2.0.0.x (e.g., 2.0.0.14 and earlier than 2.0.0.17). Description in connected advisories corroborates that HTML-escaped low surrogate characters could bypass XSS protections, enabling XSS. Affected component: Firefox HTML parser/rendering; root cause: HTML esc...
USN-645-1: Firefox and xulrunner vulnerabilities
Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. CVE-2008-0016 It was discovered that the same-origin check in Firefox...
Mozilla low surrogates stripped from JavaScript before execution
Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&56325ascript" sequence, a...
CVE-2008-3583
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected...
Buffer overflow
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected...
CVE-2008-3583
CVE-2008-3583 affects IntelliTamper 2.07 with a buffer overflow in the HTML parser triggered by a long URL in the SRC attribute of an IMG element, enabling remote code execution. The issue is noted to possibly relate to CVE-2008-3360, and reports indicate 2.08 Beta 4 is also affected. The NVD ent...
CVE-2008-3583
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected...
IntelliTamper HTML Parser 'IMG'标签缓冲区溢出漏洞
BUGTRAQ ID: 30521 CNCAN ID:CNCAN-2008080501 IntelliTamper HTML Parser是一款HTML处理程序。 IntelliTamper HTML Parser不正确处理IMG标签,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以应用程序权限执行任意指令。 由于对image标签数据缺少正确的边界条件检查,构建恶意WEB页,诱使用户解析,可导致以应用程序权限执行任意指令。 IntelliTamper 2.07 目前没有解决方案提供: http://www.intellitamper.com/...
intellitamperimgsrc-overflow.txt
/ IntelliTamper 2.07 imgsrc Remote Buffer Overflow Expoit Discovered & Written by r0ut3r writ3r at gmail.com Many Thanks to Luigi Auriemma http://aluigi.org Greets to shinnai http://www.shinnai.net and Guido Landi IntelliTamper contains a remote buffer overflow vulnerability. The HTML parser, mor...
IntelliTamper 2.07 (imgsrc) Remote Buffer Overflow Exploit
Exploit for unknown platform in category remote exploits ========================================================== IntelliTamper 2.07 imgsrc Remote Buffer Overflow Exploit ========================================================== / IntelliTamper 2.07 imgsrc Remote Buffer Overflow Expoit...