Null pointer dereference

Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service Internet Explorer crash via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM...

Important: kernel security and bug fix update

2.6.9-67.0.1.0.1.EL - fix entropy flag in bnx2 driver to generate entropy pool John Sobecki orabug 5931647 - fix enomem due to larger mtu size page alloc Zach Brown orabug 5486128 - fix percpu api bugon with rds Zach Brown orabug 5760648 2.6.9-67.0.1 -kernel ieee80211 off-by-two integer underflow...

DEBIAN-CVE-2007-6306

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

Design/Logic Flaw

The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an...

CVE-2007-5899

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...

openldap slapd DoS via objectClasses attribute

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service slapd crash via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent...

CVE-2007-5707

OpenLDAP before 2.3.39 allows remote attackers to cause a denial of service slapd crash via an LDAP request with a malformed objectClasses attribute. NOTE: this has been reported as a double free, but the reports are inconsistent...

Design/Logic Flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...

security flaw

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated ...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...

security flaw

The focus handling for the onkeydown event in Mozilla Firefox 1.5.0.12, 2.0.0.4 and other versions before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to change field focus and copy keystrokes via the "for" attribute in a label, which bypasses the focus prevention, as demonstrated ...

security flaw

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the window's titlebar when displaying XUL markup language documents, which makes it easier for remote attackers to conduct phishing and spoofing attacks by setting the hidechrome attribute...

openSUSE 10 Security Update : opera (opera-1313)

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. CVE-2006-1834 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Path traversal

Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to 1 delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control PegasusImaging.ActiveX.ThumnailXpress1.dll or 2 overwrite arbitrary files via the CompactFile...

Cross-site scripting vulnerability in 500page.jsp

The test successfully embedded a script in the response, which will be executed once the page is loaded in the user's browser. This means that the application is vulnerable to the Cross-Site Scripting attack. The file 500page.jsp should escape the attributes and parameters to prevent code...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...

CVE-2007-4826

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service crash via a malformed 1 OPEN message or 2 a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled...

Null pointer dereference

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service crash via a malformed 1 OPEN message or 2 a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debugging is enabled...

samba -- nss_info plugin privilege escalation vulnerability

The Samba development team reports: The idmapad.so library provides an nssinfo extension to Winbind for retrieving a user's home directory path, login shell and primary group id from an Active Directory domain controller. This functionality is enabled by defining the "winbind nss info" smb.conf...

Storm 2 mps. the dll component multiple buffer overflow vulnerabilities-vulnerability warning-the black bar safety net

Online burst a storm of the activex vulnerability, the call is rawParse this method, so simple to see, found the problem quite a bit. These issues are able to control eip or seh, that is each vulnerability can lead to arbitrary code execution. Affected versions: storm 2other not tested Unaffected...