173 matches found
UBUNTU-CVE-2017-8923
The zendstringextend function in Zend/zendstring.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact by leveraging a script's use ...
[SECURITY] [DLA 399-1] foomatic-filters security update
Package : foomatic-filters Version : 4.0.5-6+squeeze2+deb6u13 CVE ID : not yet assigned cups-filters contains multiple buffer overflows caused by lack of size checks when copying from environment variables to local buffers strcpy as well on string concatenation operations strcat...
Amazon Linux: Security Advisory (ALAS-2015-630)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
MGASA-2015-0456 Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
Updated python-pygments packages fix security vulnerability
An unsafe use of string concatenation in a shell string occurs in FontManager. If the developer allows the attacker to choose the font and outputs an image, the attacker can execute any shell command on the remote system. The name variable injected comes from the constructor of FontManager, which...
Mozilla Firefox 17.x <= 17 Multiple Vulnerabilities
Binary data 801345.prm...
Mozilla: Buffer overflow in Javascript string concatenation (MFSA 2013-12)
Integer overflow in the JavaScript implementation in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary...
NeoInvoice Blind SQL Injection
NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...
CVE-2010-1987
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption, out-of-bounds read, and application crash via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring...
CVE-2010-1987
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption, out-of-bounds read, and application crash via JavaScript code that appends long strings to the content of a P element, and performs certain other string concatenation and substring...
Null pointer dereference
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than...
CVE-2010-1988
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via JavaScript code that performs certain string concatenation and substring operations, a different vulnerability than...
Microsoft Internet Explorer 6 - New ActiveX Object String Concatenation Memory Corruption
Microsoft Internet Explorer 6 - New ActiveX Object String Concatenation Memory Corruption source: https://www.securityfocus.com/bid/30219/info Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to crash the affected applicatio...