CVE-2006-2382

CVE-2006-2382 (HTML Decoding Memory Corruption Vulnerability) affects Microsoft Internet Explorer 5.01 SP4, 6 SP1 and earlier. It is a heap-based memory corruption flaw in decoding UTF-8 HTML, caused by a miscalculation of memory sizes when translating UTF-8 characters to Unicode, which could all...

Microsoft Internet Explorer UTF-8 decoding vulnerability

Overview Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Unicode The Unicode character set contains more than 96,000 characters. Because of this, Unicode can be...

libgdDoS.txt

Introduction --------------- from GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is commonly used to generate...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

Code injection

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

CVE-2006-2906

CVE-2006-2906 affects the GD graphics library (libgd2) via the LZW decoding path in gdImageCreateFromGifPtr, causing an infinite loop and CPU denial of service when processing malformed GIFs. Affected packages include libgd2 used by PHP-gd and standalone libgd2 implementations; multiple advisorie...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

libgd graphical library DoS

gdImageCreateFromGifPtr GIF decoding infinite loop...

libgd 2.0.33 infinite loop in GIF decoding ?

Introduction --------------- from http://www.boutell.com/gd/ GD is an open source code library for the dynamic creation of images by programmers. GD is written in C, and "wrappers" are available for Perl, PHP and other languages. GD creates PNG, JPEG and GIF images, among other formats. GD is...

Novell client fro Windows buffer overflow

Buffer overflow in DPRPC library on XDR stream decoding...

security flaw

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the htmlentitydecode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to a...

MediaWiki: Cross-site scripting vulnerability

Background MediaWiki is a collaborative editing software, used by big projects like Wikipedia. Description MediaWiki fails to decode certain encoded URLs correctly. Impact By supplying specially crafted links, a remote attacker could exploit this vulnerability to inject malicious HTML or JavaScri...

GnuPG unsigned data injection

While decoding non-detached with signature within text messages unsigned data behind signature is invalidely decoded as a part of the messages...

[SECURITY] [DSA 986-1] New gnutls11 packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 986-1 [email protected] http://www.debian.org/security/ Martin Schulze March 6th, 2006 http://www.debian.org/security/faq -...

libtasn1 tiny ASN.1 library / GnuTLS TLS implementation multiple security issues

Out-of-bounds access and buffer overflows in DER decoding...

GLSA-200603-03 : MPlayer: Multiple integer overflows

The remote host is affected by the vulnerability described in GLSA-200603-03 MPlayer: Multiple integer overflows MPlayer makes use of the FFmpeg library, which is vulnerable to a heap overflow in the avcodecdefaultgetbuffer function discovered by Simon Kilvington see GLSA 200601-06. Furthermore,...

DSA-986-1 gnutls11 - buffer overflows

Bulletin has no description...

DSA-985-1 libtasn1-2 - buffer overflows

Bulletin has no description...

phpRPC Library 0.7 - XML Data Decoding Remote Code Execution (2)

!/usr/bin/perl phpRPC All rights reserved. never ctrl+c again. cijfer$ http://target.com/dir host changed to 'http://target.com/dir' cijfer$ $Id: cijfer-prpcxpl.pl,v 0.1 2006/03/01 05:46:00 cijfer Exp $ use LWP::UserAgent; use URI::Escape; use Getopt::Long; use Term::ANSIColor; $res =...