Applets or Applications are allowed to display an oversized window

Visual truncation vulnerability in the Java Runtime Environment in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.215 and earlier, and SDK and JRE 1.3.120 and earlier allows remote attackers to circumvent display of the untrusted-code warning banner...

Buffer overflow security vulnerabilities in Java Web Start (CVE-2008-1189, CVE-2008-1190)

Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.216 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different issue than CVE-2008-1188, aka the "third" issue...

Mozilla layout engine crashes

The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service crash and possibly trigger memory corruption via vectors related to the 1 nsTableFrame::GetFrameAtOrBefore, 2...

wireshark ppp flaws

Buffer overflow in the PPP dissector Wireshark formerly Ethereal 0.99.6 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown vectors...

httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

java: Vulnerability in the font parsing code

Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.214 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself...

pcre miscalculation of memory requirements if options are changed during pattern compilation

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the 1 -x or 2 -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service PCRE or...

pcre regular expression flaws

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

php money_format format string issue

The moneyformat function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple 1 %i and 2 %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability...

No title provided

The zendalterinientry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memorylimit violation, which has unknown impact and attack vectors...

security flaw

Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528...

CVE-2007-5373

ldapscripts 1.4 and 1.7 sends a password as a command line argument when calling some LDAP programs, which might allow local users to read the password by listing the process and its arguments, as demonstrated by a call to ldappasswd in the changepassword function...

php malformed cookie handling

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...

php malformed cookie handling

Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285...

realplayer ram file heap overflow

Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM .ra or .ram file with a large size value in the RA header...

CVE-2007-2839

gfax 0.4.2 and probably other versions creates temporary files insecurely, which allows local users to execute arbitrary commands via unknown vectors...

lrcf-inject.txt

-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...

Multiple Firefox flaws (CVE-2007-1562, CVE-2007-2867, CVE-2007-2868, CVE-2007-2869, CVE-2007-2870, CVE-2007-2871)

The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service persistent temporary CPU consumption via a large number of characters in a submitted form...

php make_http_soap_request flaw

Buffer overflow in the makehttpsoaprequest function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" slash characters...

java-jre: GIF buffer overflow

Buffer overflow in Sun JDK and Java Runtime Environment JRE 5.0 Update 9 and earlier, SDK and JRE 1.4.212 and earlier, and SDK and JRE 1.3.118 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption...