java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

CVE-2011-3387

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

CVE-2011-3387

CVE-2011-3387 targets IBM Java 1.4.2 SR13 FP9 (IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10). A denial-of-service is caused by a crafted class file attribute length field, due to validation timing, leading to memory consumption or an infinite loop. The issue is distinc...

IBM JDK Class file parsing denial-of-service

The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in IBM Runtimes for Java Technology 5.0.0 before SR13 and 6.0.0 before SR10, allows remote authenticated users to cause a denial of service JVM segmentation fault, and possibly memory consumption or an infinite loop via a crafted...

java-1.4.2-ibm: DoS via class file parser in IBM Java 1.4.2.SR13.FP9

The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote authenticated users to cause a denial of service memory consumption or an infinite loop via a crafted attribute length field in a class file, related to validation of a length field at the wrong time, a different vulnerability than...

Android Browser Cross-Application Scripting (CVE-2011-2357)

============================================================= Android Browser Cross-Application Scripting CVE-2011-2357 ============================================================= 1 Background -------------- Android applications are executed in a sandbox environment, to ensure that no applicati...

UBUNTU-CVE-2011-1180

Multiple stack-based buffer overflows in the iriapgetvaluebyclassindication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared...

CVE-2011-2759

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server TDS 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstati...

CVE-2011-2759

The login page of IDSWebApp in the Web Administration Tool in IBM Tivoli Directory Server TDS 6.2 before 6.2.0.3-TIV-ITDS-IF0004 does not have an off autocomplete attribute for authentication fields, which makes it easier for remote attackers to obtain access by leveraging an unattended workstati...

Prontus CMS Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prontus is a /chilean/ "CMS" used by many sites in Chile. The vulnerability is into "antialone.html" which contains some frames using the value of "page" as "src" attribute:...

CVE-2011-2626

Opera before 11.50 allows remote attackers to cause a denial of service application crash by using "injected script" to set the SRC attribute of an IFRAME element...

Ubuntu 6.06 LTS / 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : perl vulnerabilities (USN-1129-1)

It was discovered that the Safe.pm Perl module incorrectly handled Safe::reval and Safe::rdo access restrictions. An attacker could use this flaw to bypass intended restrictions and possibly execute arbitrary code. CVE-2010-1168, CVE-2010-1447 It was discovered that the CGI.pm Perl module...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in common.php in Post Revolution before 0.8.0c-2 allow remote attackers to inject arbitrary web script or HTML via an attribute of a 1 P, a 2 STRONG, a 3 A, a 4 EM, a 5 I, a 6 IMG, a 7 LI, an 8 OL, a 9 VIDEO, or a 10 BLOCKQUOTE element...

Information disclosure

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrat...

Mandriva Update for perl MDVSA-2011:091 (perl)

Check for the Version of perl OpenVAS Vulnerability Test Mandriva Update for perl MDVSA-2011:091 perl Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

AIX 6.1 TL 6 : bos.rte.security (U833130)

The remote host is missing AIX PTF U833130, which is related to the security of the package bos.rte.security. After installing bos.rte.security 6.1.6.4 fileset, an LDAP user will be able to log in with an incorrect password. This occurs only when authtype is set to ldapauth in the...

Design/Logic Flaw

The VEGAOpBitmap::AddLine function in Opera before 10.61 does not properly initialize memory during processing of the SIZE attribute of a SELECT element, which allows remote attackers to trigger an invalid memory write operation, and consequently cause a denial of service application crash or...

Ubuntu: Security Advisory (USN-1129-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenID Warns of Serious Bugs in Some Implementations

OpenID Warns of Serious Bugs in Some Implementations Amidst the fallout of the latest bungled password service kerfuffle at LastPass, comes a warning from the OpenID foundation of a critically serious flaw in certain deployments of the product to suffer a certain level of inter-process data...

OpenID Warns of Serious Bug in Some Implementations

The OpenID Foundation is warning users about a weakness in the software that could enable an attacker to change some of the data that’s exchanged between parties that use OpenID. The group is telling sites that implement OpenID to update to a new version in order to fix the problem. The bug in...