Adobe Acrobat util.printf JavaScript function buffer overflow

Added: 11/10/2008 CVE: CVE-2008-2992 BID: 30035 OSVDB: 49520 Background Adobe Acrobat is software for creating PDF documents. Problem A buffer overflow vulnerability allows command execution when a user opens a PDF file which calls the util.printf JavaScript function with a specially crafted form...

CVE-2008-2992

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104...

CVE-2008-2992

Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. Recent assessments: Assessed Attacker...

Stack overflow

Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings...

CVE-2007-6461

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...

CVE-2007-6461

Multiple cross-site scripting XSS vulnerabilities in index.php in Flyspray 0.9.9 through 0.9.9.3 allow remote attackers to inject arbitrary web script or HTML via 1 the query string in an index action, related to the savesearch JavaScript function; and 2 the details parameter in a details action,...

Microsoft Internet Explorer cloneNode()和nodeValue()远程内存破坏漏洞

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理"cloneNode"和"nodeValue"函数存在内存破坏问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 由于不正确使用"cloneNode"和"nodeValue" JavaScript函数，在重复的调用其中某个函数过程中使用特定构建的元素，可导致内存破坏，可能以应用程序进程权限执行任意指令。 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 -...

Debian DSA-1258-1 : mozilla-thunderbird - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-6497 Several vulnerabilities in the layout engine allow remote attackers to cause ...

CVE-2006-6501

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function...

CVE-2006-6501

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function...

CVE-2006-6501

Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function...

CVE-2006-5747

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function...

CVE-2006-5747

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function...

CVE-2006-5747

Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function...

Privilege escalation using named-functions and redefined "new Object()" — Mozilla

mozbugra4 discovered that named JavaScript functions have a parent object created using the standard Object constructor ECMA-specified behavior and that this constructor can be redefined by script also ECMA-specified behavior. If the Object constructor is changed to return a reference to a...

Cross site scripting

DISPUTED Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when...

CVE-2006-0070

Drupal allows remote attackers to conduct cross-site scripting XSS attacks via an IMG tag with an unusual encoded Javascript function name, as demonstrated using variations of the alert function. NOTE: a followup by the vendor suggests that the issue does not exist in 4.5.6 or 4.6.4 when "Filtere...

security flaw

Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service application crash via JavaScript that repeatedly calls an empty function...

US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure

The remote host appears to be a US Robotics Broadband router. The device's administrator password is stored as plaintext in a JavaScript function in the file '/menu.htm', which can be viewed by anyone. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: Date: Tue, 8 Jun 2004 13:41:11 +0200...

CVE-2003-1419

Netscape 7.0 allows remote attackers to cause a denial of service crash via a web page with an invalid regular expression argument to the JavaScript reformatDate function...