2361 matches found
CVE-2006-0292
CVE-2006-0292 affects Mozilla/Firefox before 1.5.1; the bug in jsinterp.c dereferences objects during garbage collection, enabling remote crash or code execution via unknown attack vectors. A fix is available in version 1.5.1; apply update to mitigate.
mozilla security update
CentOS Errata and Security Advisory CESA-2006:0199 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2006-February/074774.html https://lists.centos.org/pipermail/centos-announce/2006-February/074775.html...
Critical: Red Hat Security Advisory: firefox security update
An updated firefox package that fixes several security bugs is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Igor Bukanov discovered a bug in the way Firefox's Javascript interpret...
[KDE Security Advisory] kjs encodeuri/decodeuri heap overflow
KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability Original Release Date: 2006-01-19 URL: http://www.kde.org/info/security/advisory-20060119-1.txt 0. References CVE-2006-0019 1. Systems affected: KDE 3.2.0 up to including KDE 3.5.0 2. Overview: Maksim Orlovich discovered a...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2006:019)
A heap overflow vulnerability was discovered in kjs, the KDE JavaScript interpretter engine. An attacker could create a malicious web site that contained carefully crafted JavaScript code that could trigger the flaw and potentially lead to the arbitrary execution of code as the user visiting the...
Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)
Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the...
SUSE-SA:2006:003: kdelibs3
The remote host is missing the patch for the advisory SUSE-SA:2006:003 kdelibs3. Maksim Orlovich discovered a bug in the JavaScript interpreter used by Konqueror. UTF-8 encoded URLs could lead to a buffer overflow that causes the browser to crash or execute arbitrary code. Attackers could trick...
Fedora Core 4 : kdelibs-3.5.0-0.4.fc4 (2006-050)
A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious website containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The...
CVE-2006-0019
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI...
CVE-2006-0019
CVE-2006-0019 affects KDE kdelibs/kjs (KDE 3.2.0–3.5.0). The vulnerability is a heap-based overflow in encodeURI/decodeURI when parsing UTF-8 URIs, allowing remote code execution. CVSS v2 base 7.5 (NETWORK, LOW complexity, no auth). OpenVAS and vendor advisories (Debian DSA-948-1; Gentoo GLSA 200...
[SECURITY] [DSA 948-1] New kdelibs packages fix buffer overflow
-------------------------------------------------------------------------- Debian Security Advisory DSA 948-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff January 20th, 2005 http://www.debian.org/security/faq -...
[Full-disclosure] [USN-245-1] KDE library vulnerability
=========================================================== Ubuntu Security Notice USN-245-1 January 20, 2006 kdelibs vulnerability CVE-2006-0019 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Hoary Hedgehoga Ubuntu...
Critical: Red Hat Security Advisory: kdelibs security update
Updated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. kdelibs contains libraries for the K Desktop Environment KDE. A heap overflow flaw was discovered affecting kjs, the...
Ubuntu 4.10 : php4 vulnerability (USN-66-2)
Ubuntu Security Notice USN-66-1 described a circumvention of the 'openbasedir' restriction by using the cURL module. Adam Conrad discovered that the fix from USN-66-1 still allowed to bypass this restriction with certain variants of path specifications. In addition this update fixes the crash of...
Ubuntu 4.10 : php4 vulnerabilities (USN-99-2)
USN-99-1 fixed a safe mode bypass which allowed malicious PHP scripts to circumvent path restrictions by creating a specially crafted directory whose length exceeded the capacity of the realpath function CAN-2004-1064. However, this caused severe regressions, some applications like SquirrelMail a...
CVE-2005-4814
Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory...
USN-222-2: Perl vulnerability
USN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory: Jack Louis of Dyad Security...
Perl contains an integer sign error in format string processing
Overview The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl. Description Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes...
USN-222-1: Perl vulnerability
Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the...
Mandrake Linux Security Advisory : ruby (MDKSA-2005:191)
Yutaka Oiwa discovered a bug in Ruby, the interpreter for the object-oriented scripting language, that can cause illegal program code to bypass the safe level and taint flag protections check and be executed. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C...