9260 matches found
Microsoft Internet Explorer 8 - CSS 'expression' Property Cross-Site Scripting Filter Bypass
source: https://www.securityfocus.com/bid/32780/info Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications...
CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...
CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...
freezegreetings-password.txt
\r\n\r\n", $argv0 and exit; $out = pregmatch'!^^ +$!sei', filegetcontents$argv1 . '/pwd.txt', $r && pregmatch'!^^||+||!sei', base64decode$r1, $pass ? sprintf"Password : %s", base64decode$pass1 : 'Exploitation failed'; printf" %s \r\n\r\n", $out; ?...
CVE-2008-4033
CVE-2008-4033 is a cross-domain information disclosure vulnerability in Microsoft XML Core Services (MSXML) versions 3.0 through 6.0, affecting multiple products that embed MSXML (including Expression Web, Office, and Internet Explorer). The issue involves improper handling of HTTP header fields ...
CentOS 4 / 5 : ruby (CESA-2008:0897)
Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2008:0897 Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting...
irb, ruby security update
CentOS Errata and Security Advisory CESA-2008:0895-02 Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting...
RHEL 2.1 : ruby (RHSA-2008:0895)
Updated ruby packages that fix various security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented programming....
RHEL 4 / 5 : ruby (RHSA-2008:0897)
Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...
Moderate: Red Hat Security Advisory: ruby security update
Updated ruby packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ruby is an interpreted scripting language for quick and easy object-oriented...
ruby: Memory allocation failure in Ruby regex engine (remotely exploitable DoS)
The regular expression engine regex.c in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service infinite loop and crash via multiple long requests to a Ruby socket, related to memory allocation failure...
CVE-2008-4557
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...
Code injection
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 aka Strawberry allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression...
DoS vulnerability in Internet Explorer
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Denial of Service уязвимости в Microsoft Internet Explorer. Эта уязвимость мне известна уже давно - это давно известная DoS в IE. Она работает в IE6 и я надеялся, что хотя бы в IE7 Microsoft исправила эту дыру. Но как я недавно проверил, IE7 также...
Gentoo Security Advisory GLSA 200711-28 (perl)
The remote host is missing updates announced in advisory GLSA 200711-28. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Server: temporary DoS via crafted pattern searches
Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 allow remote attackers to cause a denial of service CPU consumption and search outage via crafted LDAP search requests with patterns, related to a single-threaded regular-expression subsystem...
Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the...
Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
Description Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the...
Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
Description Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may...