CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

CVE-2007-2026 concerns the file package (GNU regex in file 4.20). A context-dependent attacker can cause CPU denial of service by feeding a crafted document with many line feeds; OS/2 REXX regex handling is implicated. Public fixes are noted in Debian advisories (fixed in 4.17-5etch3 for etch and...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-1958

Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information...

Crlf injection

CRLF injection vulnerability in the FILTERVALIDATEEMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

Mandrake Linux Security Advisory : postgresql (MDKSA-2007:037-1)

Jeff Trout discovered that the PostgreSQL server did not sufficiently check data types of SQL function arguments in some cases. A user could then exploit this to crash the database server or read out arbitrary locations of the server's memory, which could be used to retrieve database contents tha...

Design/Logic Flaw

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

CVE-2007-0918

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

GLSA-200701-01 : DenyHosts: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200701-01 DenyHosts: Denial of Service Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact : A remote unauthenticated attacke...

CVE-2006-6629

The CVE-2006-6629 issue affects WeBWorK PG Language prior to version 2.3.1. It concerns lib/WeBWorK/PG/Translator.pm, where an insufficiently restrictive regular expression to validate macro filenames allows loading of arbitrary macro files whose names contain the strings dangerousMacros.pl, PG.p...

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...

Apple Safari JavaScript超长正则表达式匹配串远程代码执行漏洞

Apple Safari是苹果家族操作系统所使用的WEB浏览器。 Apple Safari在处理超长的正则表达式匹配串时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果Safari用户受骗访问了包含有恶意JavaScript的站点的话，就可能触发正则表达式处理过程中的漏洞，导致浏览器崩溃或执行任意指令。 Apple Safari 2.0.4 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com script var reg = /./; var z = 'Z'; while z.leng...

[Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint"

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in Web Mail platform by "Mirapoint" Discovered Date: 19/09/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.mirapoint.com/ Details: Mirapoint Web Mail platform is prone to a Cross Site...

Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun"

·= Security Advisory =· Issue: Cross Site Scripting XSS Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" Discovered Date: 25/09/2006 Author: Tal Argoni, LegendaryZion. talargoni at gmail.com Product Vendor: http://www.sun.com/ Details: iPlanet Messaging Server Messenger Expres...