Mandrake Linux Security Advisory : perl (MDKSA-2007:207)

Tavis Ormandy and Will Drewry discovered a flaw in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, resulting in the possible execution of arbitrary code with the permissions of the user running Perl. Updated packages...

RHEL 4 : pcre (RHSA-2007:0968)

The remote Redhat Enterprise Linux 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2007:0968 advisory. PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way pcre handles certain malformed regular expressions. If an...

pcre security update

CentOS Errata and Security Advisory CESA-2007:0968 Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular...

perl security update

CentOS Errata and Security Advisory CESA-2007:0966 Updated Perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Perl is a high-level programming...

Important: Red Hat Security Advisory: perl security update

Updated Perl packages that fix security issues for Red Hat Application Stack v1.2 are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities an...

perl regular expression UTF parsing errors

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...

Important: Red Hat Security Advisory: perl security update

Updated Perl packages that fix a security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration...

Critical: Red Hat Security Advisory: pcre security update

Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way...

pcre regular expression flaws

Perl-Compatible Regular Expression PCRE library before 7.0 does not properly calculate sizes for unspecified "multiple forms of character class", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code...

Critical: Red Hat Security Advisory: pcre security update

Updated pcre packages that correct two security flaws are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. PCRE is a Perl-compatible regular expression library. Multiple flaws were found in the way...

Important: perl security update

5.8.5-36.el45.2.0.1 - Added patch perl-5.8.5-OEL-mock-build.patch to disable test lib/Net/t/hostname.t, so that mock build succeeds 5.8.5-36.el4.2 - Resolves: bug323791 - fix previous patch 5.8.5-36.el4.1 - Resolves: bug323791 - fix regular expression UTF parsing errors...

perl -- regular expressions unicode data buffer overflow

Red Hat reports: A flaw was found in Perl's regular expression engine. Specially crafted input to a regular expression can cause Perl to improperly allocate memory, possibly resulting in arbitrary code running with the permissions of the user running Perl...

CVE-2007-5715

DenyHosts 2.6 processes OpenSSH sshd "not listed in AllowUsers" log messages with an incorrect regular expression that does not match an IP address, which might allow remote attackers to avoid detection and blocking when making invalid login attempts with a username not present in AllowUsers, as...

Information disclosure

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file...

CVE-2007-5470

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file...

CVE-2007-5470

Microsoft Expression Media stores the catalog password in cleartext in the catalog IVC file, which allows local users to obtain sensitive information and gain access to the catalog by reading the IVC file...

CVE-2007-5470

Microsoft Expression Media stores the catalog password in cleartext inside the catalog IVC file, enabling local users to read sensitive credentials and access the catalog. The weakness stems from a design flaw in the catalog password-protection feature; exploitation details are not provided in th...

Microsoft Expression Media明文口令存储漏洞

BUGTRAQ ID: 25996 Expression Media是一款专业资源管理工具，用于对数字化资源直观地进行编目和组织，从而轻松进行检索和显示。 Expression Media对访问口令的存储访问存在漏洞，本地攻击者可能利用此漏洞非授权访问资源。 Microsoft用户可以向Expression Media的目录中添加口令，然后将目录保存为CatalogName.ivc文件。但任何用户都可以在基于Windows的计算机上使用记事本或在基于苹果的机器上使用文本编辑器打开CatalogName.ivc文件，检索到口令。 Microsoft Expression Media 1 S...

Microsoft XML Core Services SubstringData Integer Overflow Vulnerability

Description Microsoft XML Core Services is prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...