DEBIAN-CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

CVE-2009-3474

OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just...

Ubuntu USN-832-1 (freeradius)

The remote host is missing an update to freeradius announced via advisory USN-832-1. OpenVAS Vulnerability Test $Id: ubuntu8321.nasl 8616 2018-02-01 08:24:13Z cfischer $ $Id: ubuntu8321.nasl 8616 2018-02-01 08:24:13Z cfischer $ Description: Auto-generated from advisory USN-832-1 freeradius Author...

FreeRADIUS RADIUS server DoS

Crash on zero-length Tunnel-Password attribute...

CVE-2009-3111

The raddecode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service radiusd crash via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through 8.11. NOTE: this is a regression error related to...

Design/Logic Flaw

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service process crash via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute...

CVE-2009-1154

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service process crash via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute...

Design/Logic Flaw

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service session reset via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009...

CVE-2009-2055

Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service session reset via a BGP UPDATE message with an invalid attribute, as demonstrated in the wild on 17 August 2009...

Apple Safari Multiple Vulnerabilities - Aug09

This host is installed with Apple Safari Web Browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodapplesafarimultvulnaug09.nasl 5055 2017-01-20 14:08:39Z teissa $ Apple Safari Multiple Vulnerabilities - Aug09 Authors: Nikita MR Copyright: Copyright c 2009 SecPod...

PT-2009-4508 · Cisco · Cisco Ios Xr

Name of the Vulnerable Software and Affected Versions: Cisco IOS XR versions 3.4.0 through 3.8.1 Description: The issue allows remote attackers to cause a denial of service session reset via a BGP UPDATE message with an invalid attribute. This was demonstrated in the wild on 17 August 2009. The...

Microsoft Internet Explorer Crash

Irfan Asrar Set Attribute Crash : Tested with IE7 Vista IE6 XP2 IE6 XP3 function c var li = document.createElement"li"; li.setAttribute"value", "1"; li.value = "1";...

CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document...

CVE-2009-2200

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document...

DEBIAN-CVE-2009-2416

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...

mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types

Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...

CVE-2008-6885

Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...

CVE-2008-6885

Cross-site scripting XSS vulnerability in pmlite.php in XOOPS 2.3.1 and 2.3.2a allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute in a URL BBcode tag in a private message...

kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...

kdelibs: KHTML CSS parser - incorrect handling CSS "style" attribute content (DoS, ACE)

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...