Design/Logic Flaw

The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...

CVE-2012-1178

The msnoimreporttouser function in oim.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.2 allows remote servers to cause a denial of service application crash via an OIM message that lacks UTF-8 encoding...

CVE-2009-5016

Integer overflow in the xmlutf8decode function in ext/xml/xml.c in PHP before 5.2.11 makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string that uses overlong UTF-8 encoding, a different vulnerability than CVE-2010-3870...

CVE-2009-5017

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210...

Cross site scripting

Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting XSS protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210...

CVE-2010-3870

The utf8decode function in PHP before 5.3.4 does not properly handle non-shortest form UTF-8 encoding and ill-formed subsequences in UTF-8 data, which makes it easier for remote attackers to bypass cross-site scripting XSS and SQL injection protection mechanisms via a crafted string...

Inout Ad server Ultimate - Arbitrary File Upload

============================================================== Inout Ad server Ultimate -- Shell upload Vulnerabilty ============================================================== Name : Inout Ad server Ultimate Shell upload Vulnerabilty Date : july 9,2010 Critical Level :VERY HIGH vendor URL...

Inout Ad server Ultimate Shell upload Vulnerabilty

Exploit for php platform in category web applications ================================================== Inout Ad server Ultimate Shell upload Vulnerabilty ================================================== Name : Inout Ad server Ultimate Shell upload Vulnerabilty Critical Level :VERY HIGH vendor...

Design/Logic Flaw

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of 1 form values and 2 JSignal arguments, which has unspecified impact and remote attack vectors...

CVE-2010-1273

CVE-2010-1273 affects Emweb Wt prior to 3.1.1. The root cause is that UTF-8 encoding for (1) form values and (2) JSignal arguments is not validated. The provided sources describe the condition and impact as unspecified, with remote attack vectors implied but not detailed. No remediation or fixed ...

Cross site scripting

Cross-site scripting XSS vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding...

CVE-2009-2814

Cross-site scripting XSS vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding...

Mandriva Update for gdm MDKA-2007:116 (gdm)

Check for the Version of gdm OpenVAS Vulnerability Test Mandriva Update for gdm MDKA-2007:116 gdm Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Mandriva Update for gdm MDKA-2007:116 (gdm)

Check for the Version of gdm OpenVAS Vulnerability Test Mandriva Update for gdm MDKA-2007:116 gdm Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6

Address Bar Spoofing Attacks against Microsoft Internet Explorer 6 Amit Klein, Trusteer Summary ======= IE6 is the second most popular web browser after IE7, with market share of around 25 according to recent surveys e.g. http://marketshare.hitslink.com/report.aspx?qprid=2. This write-up presents...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...

CVE-2008-2807

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly handle an invalid .properties file for an add-on, which allows remote attackers to read uninitialized memory, as demonstrated by use of ISO 8859 encoding instead of UTF-8 encoding in a French .properties file...

CVE-2006-3921

Summary (CVE-2006-3921): Affects Sun Java System Application Server (SJSAS) 7–8.1 and Web Server (SJSWS) 6.0–6.1. The issue permits remote authenticated users to read files outside the “document root” via a direct request using a UTF-8 encoded URI. The NVD entry lists a Medium base score (AV:N/AC...

DSA-948-1 kdelibs - heap overflow

Bulletin has no description...

CVE-2004-2579

ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."...