8394 matches found
CVE-2007-0103
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted...
CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
Memory corruption
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted Pages...
Memory corruption
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
Memory corruption
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted...
CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
CVE-2007-0102
The Adobe PDF specification 1.3, as implemented by Apple Mac OS X Preview, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted Pages...
CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
CVE-2007-0103
CVE-2007-0103 concerns the Adobe PDF specification 1.3 as implemented by Adobe Acrobat prior to 8.0.0. A remote attacker can abuse a PDF file with a crafted catalog dictionary or a crafted Pages attribute referencing an invalid page tree node, potentially triggering denial of service (infinite lo...
CVE-2007-0104
The Adobe PDF specification 1.3, as implemented by a xpdf 3.0.1 patch 2, b kpdf in KDE before 3.5.5, c poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, v...
CVE-2006-6885
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service Internet Explorer 7 crash via a long string in the swURL attribute...
hotmail_xss.txt
Adivisory Name : Hotmail and Windows Live Mail XSS Vulnerabilities Release Date : 2006.11.03 Test On : Microsoft IE 6.0 Discover : Cheng Peng Suapplesoupatgmail.com Introduction: Hotmail and Windows Live Mail are both web-based e-mail services by Microsoft. Details: Hotmail's filter identifies...
[DRUPAL-SA-2006-026] Drupal 4.6.10 / 4.7.4 fixes HTML attribute injection issue
------------------------------------------------------------------------ ---- Drupal security advisory DRUPAL-SA-2006-026 ------------------------------------------------------------------------ ---- Project: Drupal core Date: 2006-Oct-18 Security risk: Less critical Exploitable from: Remote...
FreeBSD : drupal -- HTML attribute injection (19207592-5f17-11db-ae08-0008743bf21a)
The Drupal Team reports : A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail...
drupal -- HTML attribute injection
The Drupal Team reports: A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail...
Debian DSA-975-1 : nfs-user-server - buffer overflow
Marcus Meissner discovered that attackers can trigger a buffer overflow in the path handling code by creating or abusing existing symlinks, which may lead to the execution of arbitrary code. This vulnerability isn't present in the kernel NFS server. This update includes a bugfix for attribute...
CVE-2006-4635
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in WebExtensions - Notitia I/II. NOTE: due to lack of details, it is not...
[SA21757] MySource Classic Equation Attribute PHP Code Injection
TITLE: MySource Classic Equation Attribute PHP Code Injection SECUNIA ADVISORY ID: SA21757 VERIFY ADVISORY: http://secunia.com/advisories/21757/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote SOFTWARE: MySource Classic 2.x http://secunia.com/product/5773/ DESCRIPTION: A...
A very large href attribute value in HTML can crash Opera
A Web page containing a very large href attribute value cancause Opera to crash.This exploit causes Opera to access the wrong location inmemory, so Opera is forced to quit. It is not possibleexploit this to run arbitrary code...
CVE-2003-1305
Microsoft Internet Explorer allows remote attackers to cause a denial of service resource consumption via a Javascript src attribute that recursively loads the current web page...