CVE-2010-2086

Affected software: Apache MyFaces 1.1.7 and 1.2.8 (as used in IBM WebSphere Application Server and other apps). Vulnerability : Unencrypted view state handling allows remote attackers to perform cross-site scripting (XSS) or execute arbitrary EL statements by modifying the serialized view object....

PCRE library buffer overflow

Buffer overflow on regular expresssion compilation...

PCRE compile workspace overflow

In versions of the PCRE regular expression library before 8.02, compiling a very large regular expression will overflow the workspace buffer. Although the code checks for the size of the compiled regular expression, the check only returns true after the end of the buffer has been overrun. The bug...

PCRE Library 8.02 Overflow

In versions of the PCRE regular expression library before 8.02, compiling a very large regular expression will overflow the workspace buffer. Although the code checks for the size of the compiled regular expression, the check only returns true after the end of the buffer has been overrun. The bug...

Integer overflow

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service stack consumption and application crash by matching a crafted regular expression against a long string...

CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service stack consumption and application crash by matching a crafted regular expression against a long string...

CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service stack consumption and application crash by matching a crafted regular expression against a long string...

CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service stack consumption and application crash by matching a crafted regular expression against a long string...

CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

Cross site scripting

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

CVE-2010-0132

Removed by vendor...

Secunia Research: ViewVC Regular Expression Search Cross-Site Scripting

====================================================================== Secunia Research 30/03/2010 - ViewVC Regular Expression Search Cross-Site Scripting - ====================================================================== Table of Contents Affected...

OpenCart 1.3.2 SQL Injection

Andrés Gómez Exploit Title : OpenCart 1.3.2 SQL Injection Date : 07/03/2010 Author : Andrés Gómez Software Link : http://www.coompras.com/opencart/opencart.htm Contact : gomezandres4tadinetdotcom.uy Dork : No DoRk An attacker may execute arbitrary SQL statements on the vulnerable system. This may...

Debian DSA-1874-1 : nss - several vulnerabilities

Several vulnerabilities have been discovered in the Network Security Service libraries. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-2404 Moxie Marlinspike discovered that a buffer overflow in the regular expression parser could lead to the...

MyFaces: XSS via state view

JBoss Enterprise Web Server 1.0.0 ships with Apache MyFaces 1.1.0. Apache MyFaces 1.1.0 does not support encrypted view state. When the application's view state is not encrypted, it is possible for an attacker to supply a new or modified view object as part of a request. This allows remote...

CentOS 5 : pcre (CESA-2007:0967)

Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way...

Microsoft Internet Explorer 8 - CSS 'expression' Remote Denial of Service

source: https://www.securityfocus.com/bid/40487/info Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Successfully exploiting this issue will cause the applicati...

Code injection

Perl 5.10.1 allows context-dependent attackers to cause a denial of service application crash via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match...