Design/Logic Flaw

IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with an unlimited recursion depth, which allows remote web servers to cause a denial of service infinite loop via a crafted series of documents...

IBM OmniFind Crawler Denial of Service Vulnerability

Exploit for multiple platform in category dos / poc ==================================================== IBM OmniFind Crawler Denial of Service Vulnerability ==================================================== Crawler endless loop CVE-2010-3899 The crawler has no recursion depth limit. A site wi...

Design/Logic Flaw

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired RD queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query...

CVE-2010-0218

ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ability of Recursion Desired RD queries to access the cache, which allows remote attackers to obtain potentially sensitive information via a DNS query...

ISC BIND 9.7 < 9.7.2 P2 Multiple Vulnerabilities

Binary data 5673.prm...

Wireshark -- DoS in the BER-based dissectors

Secunia reports: A vulnerability has been discovered in Wireshark, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an infinite recursion error in the "dissectunknownber" function in epan/dissectors/packet-ber.c and can be exploited t...

Microsoft IIS Repeated Parameter Request Denial of Service (MS10-065; CVE-2010-1899)

IIS is a collection of Internet services packaged with several versions of the Windows operating system. A denial of service vulnerability has been reported in Microsoft Internet Information Services IIS. A remote attacker could use this issue to create a denial of service condition, thus crashin...

CVE-2010-2531

The varexport function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if displayerrors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution...

Buffer overflow

The varexport function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if displayerrors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution...

CVE-2010-2531

The varexport function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 flushes the output buffer to the user when certain fatal errors occur, even if displayerrors is off, which allows remote attackers to obtain sensitive information by causing the application to exceed limits for memory, execution...

CVE-2010-2238

Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors...

ISC BIND 9 DNSSEC查询响应远程缓存中毒漏洞

BUGTRAQ ID: 37118 CVECAN ID: CVE-2009-4022 BIND是一个应用非常广泛的DNS协议的实现，由ISC负责维护，具体的开发由Nominum公司完成。 启用了DNSSEC验证的名称服务器在解析递归客户端查询期间可能错误的从所接收到响应的附加部分向其缓存添加记录，这是一种缓存中毒的情况。...

DNSSEC Usage Expands

According to research released by Infoblox and The Measurement Factory, there has been a dramatic increase in the percentage of external name servers that are open to recursion. The study put the latest figure at 79.6 percent, a 27 percent increase from 2007. The number of DNSSEC signed zones...

ClamAV AntiVirus cli_check_jpeg_exploit Function Denial of Service (CVE-2008-5314)

ClamAV AntiVirus is an open source product that provides anti-virus scanning utilities and an anti-virus library. The product is capable of decoding and scanning several file formats including image formats like JPEG. A buffer overflow vulnerability exists in the ClamAV AntiVirus product. The...

CVE-2009-2473

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

DEBIAN-CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

CVE-2009-2414

CVE-2009-2414 and CVE-2009-2416 affect libxml2/libxml (legacy 2.5.10/2.6.x and libxml1 1.8.17). CVE-2009-2414 is a stack-growth/recursion issue in DTD processing (depth of element declarations) leading to DoS via application crash; CVE-2009-2416 involves use-after-free via crafted Notation or Enu...

CVE-2009-2414

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...

mingw32-libxml2: Stack overflow by parsing root XML element DTD definition

Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent attackers to cause a denial of service application crash via a large depth of element declarations in a DTD, related to a function recursion, as demonstrated by the...