CVE-2008-2408

Heap-based buffer overflow in the XML parsing functionality in talk.dll in Cerulean Studios Trillian Pro before 3.1.10.0 allows remote attackers to execute arbitrary code via a malformed attribute in an IMG tag...

w3m Vulnerability of Unauthorized Access to Files or Cookies

Overview w3m fails to properly escape HTML tags in the ALT attribute of an IMG tag, which could allow an attacker to access files or cookies. Impact An remote attacker could access files and cookies. Solution Please refer to the 'Vendor Information' section for official remediation and take...

Buffer overflow

Buffer overflow in the snprintvalue function in snmpget in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair AVP...

DEBIAN-CVE-2008-2292

Buffer overflow in the snprintvalue function in snmpget in Net-SNMP 5.1.4, 5.2.4, and 5.4.1, as used in SNMP.xs for Perl, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large OCTETSTRING in an attribute value pair AVP...

Cross site scripting

Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...

CVE-2008-1873

Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...

CVE-2008-1873

Cross-site scripting XSS vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property in the STYLE attribute of a DIV element in the mensaje parameter. NOTE: some of...

CVE-2007-5745

Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Quattro Pro QPRO file with crafted 1 Attribute and 2 Font Description records...

CVE-2008-1873

CVE-2008-1873 is a cross-site scripting (XSS) vulnerability in Nuke ET’s private message feature affecting Nuke ET 3.2 and 3.4. The flaw allows remote authenticated users to inject arbitrary script/HTML via a CSS property in the STYLE attribute of a DIV element within the mensaje parameter, with ...

openoffice.org: Quattro Pro files handling heap overflows in Attribute and Font records

Multiple heap-based buffer overflows in OpenOffice.org before 2.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Quattro Pro QPRO file with crafted 1 Attribute and 2 Font Description records...

CVE-2008-1720

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2007-5405

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy formerly Verity KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with 1 a long ENCODING...

CVE-2007-5405

Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in Autonomy formerly Verity KeyView, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a .ag file with 1 a long ENCODING...

CVE-2007-5405

CVE-2007-5405 is an Autonomy KeyView (kpagrdr.dll) buffer-overflow vulnerability affecting Applix Graphics (.ag) parsing. Secunia and related advisories document three overflow paths: (1) unsafe parsing of ENCODING in the *BEGIN tag, (2) boundary errors from overly long tokens, and (3) initial *B...

JFreeChart: XSS vulnerabilities in the image map feature

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

JFreeChart: XSS vulnerabilities in the image map feature

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

CVE-2008-1428

Multiple cross-site scripting XSS vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product...

SA-2008-020 - Ubercart - Cross site scripting

The attribute module allows customers to enter a text value as an attribute for a product, like a name to stitch into a hat. However, when these text values were displayed in the shopping cart or on order pages, there was a possibility for a malicious user to perform a cross site scripting attack...

GLSA-200803-09 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-09 Opera: Multiple vulnerabilities Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might...

CVE-2008-1082

Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting XSS attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation...