Code injection

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...

CVE-2010-4746

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...

CVE-2010-2766

CVE-2010-2766 is a memory/DOM handling flaw in Mozilla’s browser engines where the normalization code could remove DOM nodes during traversal, leading to an access of a deleted object and potential code execution. Affected products and versions per the provided documents: Mozilla Firefox before 3...

CVE-2010-2766

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

Mozilla Patches Firefox DLL Load Hijacking Bug

Mozilla has joined Apple in being among the first to fix the DLL load hijacking attack vector that continues to haunt hundreds of Windows applications. The open-source group released Firefox 3.6.9 with patches for a total of 15 vulnerabilities 11 rated critical, including the publicly known DLL...

Mozilla Crash and remote code execution in normalizeDocument (MFSA 2010-57)

The normalizeDocument function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 does not properly handle the removal of DOM nodes during normalization, which might allow remote attackers to execute arbitrary code...

SeaMonkey < 2.0.7 Multiple Vulnerabilities

Binary data 800885.prm...

Firefox 3.6.x < 3.6.9 Multiple Vulnerabilities

Binary data 800747.prm...

Mozilla Firefox 3.5.x < 3.5.12 Multiple Vulnerabilities

Binary data 5656.prm...

tomcat request dispatcher information disclosure vulnerability

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...

DEBIAN-CVE-2010-0211

The slapmodrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smrnormalize function, which allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a modrdn call with an RDN string containing...

openldap: modrdn processing IA5StringNormalize NULL pointer dereference

OpenLDAP 2.4.22 allows remote attackers to cause a denial of service crash via a modrdn call with a zero-length RDN destination string, which is not properly handled by the smrnormalize function and triggers a NULL pointer dereference in the IA5StringNormalize function in schemainit.c, as...

Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly (MS03-044)

Microsoft Windows Help Centre Handles - Malformed Escape Sequences Incorrectly MS03-044 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly ---------------------------------------------------------------------------- Help and Support Centre is the default application...

tomcat request dispatcher information disclosure vulnerability

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...

RedHat Security Advisory RHSA-2009:1562

The remote host is missing updates announced in advisory RHSA-2009:1562. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. It was discovered that the Red Hat Security Advisory RHSA-2007:0876 did not address all possible flaws in the way Tomcat handle...

Important: Red Hat Security Advisory: tomcat security update

Updated tomcat packages that fix several security issues are now available for Red Hat Developer Suite 3. This update has been rated as having important security impact by the Red Hat Security Response Team. Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP...

tomcat request dispatcher information disclosure vulnerability

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...

Ubuntu: Security Advisory (USN-788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-788-1: Tomcat vulnerabilities

Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. CVE-2008-5515 Yoshihito Fukuyama discovered that Tomcat did not properly handle error...

php file system attacks the wizard-vulnerability warning-the black bar safety net

A. php file system path normalization attack In the path use the/and/. Will make the/etc/passwd/or/etc/passwd/. As a file is opened. II. php file system path truncation attack PHP has a path truncation issuea very evil means of snprintfallowing only the use of MAXPATH is as open file or directory...