Apple Safari JavaScript超长正则表达式匹配串远程代码执行漏洞

Apple Safari是苹果家族操作系统所使用的WEB浏览器。 Apple Safari在处理超长的正则表达式匹配串时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果Safari用户受骗访问了包含有恶意JavaScript的站点的话，就可能触发正则表达式处理过程中的漏洞，导致浏览器崩溃或执行任意指令。 Apple Safari 2.0.4 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com script var reg = /./; var z = 'Z'; while z.leng...

[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint"

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in Web Mail platform by "Mirapoint" Discovered Date: 19/09/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.mirapoint.com/ Details: Mirapoint Web Mail platform is prone to a Cross Site...

Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun"

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" Discovered Date: 25/09/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.sun.com/ Details: iPlanet Messaging Server Messenger Expres...

Mozilla products fail to properly handle JavaScript regular expressions

Overview Mozilla products fail to properly handle certain JavaScript regular expressions. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Mozilla Foundation Security Advisory 2006-57: ...a...

CVE-2006-4859

Unrestricted file upload vulnerability in contact.html.php in the Contact comcontact component in Limbo aka Lite Mambo CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contactattach parameter in a contac...

CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set "\", which leads to a buffer over-read...

CVE-2006-4565

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."...

CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set "\", which leads to a buffer over-read...

CVE-2006-4565

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."...

security flaw

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set "\", which leads to a buffer over-read...

FreeBSD : mozilla -- multiple vulnerabilities (e6296105-449b-11db-ba89-000c6ec775d9)

The Mozilla Foundation reports of multiple security issues in Firefox, SeaMonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. - MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 - MFSA...

mozilla -- multiple vulnerabilities

The Mozilla Foundation reports of multiple security issues in Firefox, Seamonkey, and Thunderbird. Several of these issues can probably be used to run arbitrary code with the privilege of the user running the program. MFSA 2006-64 Crashes with evidence of memory corruption rv:1.8.0.7 MFSA 2006-63...

CVE-2006-3676

admin/galleryadmin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types...

Advisory: Remote command execution in planetGallery

Advisory: Remote command execution in planetGallery An admin of planetGallery is allowed to create new galleries and upload images. Because of a vulnerable regular expression, he may also upload PHP scripts and thereby execute arbitrary commands with the privileges of PHP. Details ======= Product...

CVE-2006-3676

PlanetGallery’s admin/gallery_admin.php contains a vulnerability that allows remote code execution via file uploads with a double extension, bypassing a safe-types regex and placing the file in the images directory. The flaw arises because the regex matches names like example.png.php, which PHP t...

CentOS 3 : mozilla (CESA-2005:384)

Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...

Current Versions Release History

Current Versions Release History 5.1c2 30-Jun-06 Valid Core License Keys: issued between 01-Jun-2004 and 31-Oct-2004, or on or after 01-Jun-2005. Admin: Lawful Intercept for Signals is implemented. WSSP: now all string prefixes HTML, JAVASCRIPT, etc. support numeric data. XIMSS: the Signal...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...

CVE-2006-2878

The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...