Double free

The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection....

CVE-2008-5551

Microsoft Internet Explorer 8.0 Beta 2 contains an anti-XSS filter bypass vulnerability (the XSS Filter) that allows XSS by injecting data at two positions in HTML documents (STYLE elements and the CSS expression property), described as a "double injection." The connected OpenVAS entry and relate...

Microsoft Internet Explorer 8 - CSS expression Property Cross-Site Scripting Filter Bypass

Microsoft Internet Explorer 8 - CSS expression Property Cross-Site Scripting Filter Bypass source: https://www.securityfocus.com/bid/32780/info Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that ...

Microsoft Internet Explorer 8 - CSS 'expression' Property Cross-Site Scripting Filter Bypass

source: https://www.securityfocus.com/bid/32780/info Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications...

CVE-2008-5402

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...

CVE-2008-5402

Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...

freezegreetings-password.txt

\r\n\r\n", $argv0 and exit; $out = pregmatch'!^^ +$!sei', filegetcontents$argv1 . '/pwd.txt', $r && pregmatch'!^^||+||!sei', base64decode$r1, $pass ? sprintf"Password : %s", base64decode$pass1 : 'Exploitation failed'; printf" %s \r\n\r\n", $out; ?...

CVE-2008-4033

CVE-2008-4033 is a cross-domain information disclosure vulnerability in Microsoft XML Core Services (MSXML) versions 3.0 through 6.0, affecting multiple products that embed MSXML (including Expression Web, Office, and Internet Explorer). The issue involves improper handling of HTTP header fields ...

CentOS 4 / 5 : ruby (CESA-2008:0897)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2008:0897 Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting...

irb, ruby security update

CentOS Errata and Security Advisory CESA-2008:0895-02 Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting...

RHEL 2.1 : ruby (RHSA-2008:0895)

Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming....

RHEL 4 / 5 : ruby (RHSA-2008:0897)

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...

Moderate: Red Hat Security Advisory: ruby security update

Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...

ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)

The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...

CVE-2008-4557

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

Code injection

plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...

DoS vulnerability in Internet Explorer

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Denial of Service уязвимости в Microsoft Internet Explorer. Эта уязвимость мне известна уже давно - это давно известная DoS в IE. Она работает в IE6 и я надеялся, что хотя бы в IE7 Microsoft исправила эту дыру. Но как я недавно проверил, IE7 также...

Gentoo Security Advisory GLSA 200711-28 (perl)

The remote host is missing updates announced in advisory GLSA 200711-28. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Server: temporary DoS via crafted pattern searches

Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service CPU consumption and search outage via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem...