9263 matches found
Out-of-bounds
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service backend crash via an out-of-bounds backref number...
Design/Logic Flaw
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...
CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...
CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...
CVE-2007-4772
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service infinite loop via a crafted regular expression...
CVE-2007-6067
Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...
CVE-2007-4769
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service backend crash via an out-of-bounds backref number...
CVE-2007-4772
CVE-2007-4772 concerns the Tcl (Tool Command Language) regular expression parser. The affected code path is TCL before 8.4.17, which, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of servic...
CVE-2007-6067
CVE-2007-6067 is an algorithmic complexity vulnerability in the TCL regular expression parser up to version 8.4.17, used by PostgreSQL 8.2/8.1/8.0/7.4 series. A crafted complex regex with doubly-nested states can be used by remote authenticated users to cause a denial of service via memory consum...
Vulnerability in core server (CVE-2007-4769)
Three vulnearbilities in the regular expression handling libraries can be exploited to cause a backend crash, infinite loops or memory exhaustion. This vulnearbility can be exploited through frontend applications that allow unfiltered regular expressions to be passed in queries...
Vulnerability in core server (CVE-2007-6600)
Two vulnerabilities in how ANALYZE executes user defined functions that are part of expression indexes allows users to gain superuser privileges. A valid login that has permissions to create functions and tables is required to exploit this vulnearbility...
CVE-2007-4772
The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service infinite loop via a crafted regular expression...
PostgreSQL 2007-01-07 Cumulative Security Release
Today the PostgreSQL Global Development Group is releasing updated versions which patch five security vulnerabilities. These releases update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins should install the...
Microsoft Expression Media Plaintext Password Storage Weakness
CVE-2007-5470 Microsoft Expression Media is prone to a weakness because passwords are stored in plain-text format. This issue stems from a design error in the catalog password-protection feature. Attackers could use this issue in conjunction with other vulnerabilities in a host to gain access to...
postgresql -- multiple vulnerabilities
The PostgreSQL developers report: PostgreSQL allows users to create indexes on the results of user-defined functions, known as "expression indexes". This provided two vulnerabilities to privilege escalation: 1 index functions were executed as the superuser and not the table owner during VACUUM an...
1 6 3 mailbox expression of vulnerability-vulnerability warning-the black bar safety net
- source: http://www. leapar. com/web/Article/ShowArticle. asp? ArticleID=4 7 5 html style body width: expressionevalString. fromCharCode0x69,0x66,0x28,0x21,0x77,0x69,0x6e, 0x64,0x6f,0x77,0x2e,0x78,0x78,0x78,0x29,0x7b,0x77, 0x69,0x6e,0x64,0x6f,0x77,0x2e,0x78,0x78,0x78,0x3d,0x31,0x3b,...
Cross site scripting
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
DEBIAN-CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...
CVE-2007-6321
Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...