CVE-2007-2163

Apple Safari is affected by CVE-2007-2163: remote attackers can cause a denial of service by crafting JavaScript that matches a regular expression against an unusually long string, demonstrated with /(.)*/. The provided documents identify the vulnerable component as the Safari JavaScript engine a...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

CVE-2007-2026 concerns the file package (GNU regex in file 4.20). A context-dependent attacker can cause CPU denial of service by feeding a crafted document with many line feeds; OS/2 REXX regex handling is implicated. Public fixes are noted in Debian advisories (fixed in 4.17-5etch3 for etch and...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-1958

Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information...

Crlf injection

CRLF injection vulnerability in the FILTERVALIDATEEMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents tha...

Design/Logic Flaw

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

CVE-2007-0918

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

GLSA-200701-01 : DenyHosts: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200701-01 DenyHosts: Denial of Service Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact : A remote unauthenticated attacke...

CVE-2006-6629

The CVE-2006-6629 issue affects WeBWorK PG Language prior to version 2.3.1. It concerns lib/WeBWorK/PG/Translator.pm, where an insufficiently restrictive regular expression to validate macro filenames allows loading of arbitrary macro files whose names contain the strings dangerousMacros.pl, PG.p...

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...