CVE-2007-3555

Cross-site scripting XSS vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424...

Directory traversal

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

mod_perl PerlRun denial of service

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CentOS 3 : gdb (CESA-2007:0469)

An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a...

CVE-2007-2765

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

Design/Logic Flaw

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

CVE-2007-2765

CVE-2007-2765 concerns BlockHosts prior to 2.0.3, where improper parsing of daemon logs lets remote attackers add arbitrary entries to /etc/hosts.allow, enabling a denial of service by injecting IPs into a log file. Related entries (e.g., CVE-2007-4322/4323) describe a similar issue affecting Blo...

Cross site scripting

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

gdb security update

CentOS Errata and Security Advisory CESA-2007:0229 An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C...

Low: Red Hat Security Advisory: gdb security and bug fix update

An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a...

CVE-2007-2162

1 Mozilla Firefox 2.0.0.3 and 2 GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service browser crash or system hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2161

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service browser hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

Design/Logic Flaw

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

Design/Logic Flaw

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service browser hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2162

1 Mozilla Firefox 2.0.0.3 and 2 GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service browser crash or system hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2163

Apple Safari allows remote attackers to cause a denial of service browser crash via JavaScript that matches a regular expression against a long string, as demonstrated using /./...