CVE-2007-2836

Directory traversal vulnerability in session.rb in Hiki 0.8.0 through 0.8.6 allows remote attackers to delete arbitrary files via directory traversal sequences in the session ID, which is matched against an insufficiently restrictive regular expression before it is used to construct a filename th...

mod_perl PerlRun denial of service

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CentOS 3 : gdb (CESA-2007:0469)

An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a...

Design/Logic Flaw

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

CVE-2007-2765

blockhosts.py in BlockHosts before 2.0.3 does not properly parse daemon log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by logging in through ss...

CVE-2007-2765

CVE-2007-2765 concerns BlockHosts prior to 2.0.3, where improper parsing of daemon logs lets remote attackers add arbitrary entries to /etc/hosts.allow, enabling a denial of service by injecting IPs into a log file. Related entries (e.g., CVE-2007-4322/4323) describe a similar issue affecting Blo...

Cross site scripting

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

gdb security update

CentOS Errata and Security Advisory CESA-2007:0229 An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C...

Low: Red Hat Security Advisory: gdb security and bug fix update

An updated gdb package that fixes a security issue and various bugs is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a...

Design/Logic Flaw

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2162

1 Mozilla Firefox 2.0.0.3 and 2 GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service browser crash or system hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2161

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service browser hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

Design/Logic Flaw

Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service browser hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2162

1 Mozilla Firefox 2.0.0.3 and 2 GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service browser crash or system hang via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2163

Apple Safari allows remote attackers to cause a denial of service browser crash via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

CVE-2007-2163

Apple Safari is affected by CVE-2007-2163: remote attackers can cause a denial of service by crafting JavaScript that matches a regular expression against an unusually long string, demonstrated with /(.)*/. The provided documents identify the vulnerable component as the Safari JavaScript engine a...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...

CVE-2007-2109

Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have unknown impact and remote authenticated attack vectors related to 1 Rules Manager and Expression Filter components DB02 and 2 Oracle Streams DB06. Note: as of 20070424, Oracle has not disputed reliable claims that DB02 is for a...