8389 matches found
CVE-2006-7037
Mathcad 12 through 13.1 allows local users to bypass the security features by directly accessing or editing the XML representation of the worksheet with a text editor or other program, which allows attackers to 1 bypass password protection by replacing the password field with a hash of a known...
Mandrake Linux Security Advisory : kdegraphics (MDKSA-2007:024)
The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 craft...
Mandrake Linux Security Advisory : tetex (MDKSA-2007:022)
The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in KDE before 3.5.5, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 craft...
CVE-2006-6986
Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which...
CVE-2006-6987
Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target...
CVE-2006-6990
Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...
CVE-2006-6983
CVE-2006-6983 documents a cross-domain information disclosure in MYweb4net Browser 3.8.8.0. The vulnerability arises from an object tag with a data parameter referencing a link that points to a Location header on the attacker's site, allowing the target content to be exposed via the outerHTML att...
CVE-2006-6991
Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...
Fixed in Apache Tomcat 6.0.9
Moderate: Session hi-jacking CVE-2008-0128 When using the SingleSignOn Valve via https the Cookie JSESSIONIDSSO is transmitted without the "secure" attribute, resulting in it being transmitted to any content that is - by purpose or error - requested via http from the same server. Affects:...
CVE-2007-0614
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...
Design/Logic Flaw
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...
CVE-2007-0614
The Bonjour functionality in mDNSResponder, iChat 3.1.6, and InstantMessage framework 428 in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service persistent application crash via a crafted phsh hash attribute in a TXT key...
Code injection
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service null dereference and application crash via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-20...
CVE-2007-0342
CVE-2007-0342 concerns WebCore in Apple WebKit build 18794. The vulnerability enables remote DoS via a TD element with an excessively large ROWSPAN value, causing a null dereference and application crash, as demonstrated by OmniWeb 5.5.3 on Mac OS X 10.4.8. Reports consistently reference this as ...
CVE-2007-0342
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service null dereference and application crash via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-20...
CVE-2007-0103
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted...
CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
Memory corruption
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
Memory corruption
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted Pages...
Memory corruption
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted...