p5-HTML-Parser -- denial of service

CVE reports: The decodeentities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service infinite loop via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 character...

RedHat Security Advisory RHSA-2009:1127

The remote host is missing updates announced in advisory RHSA-2009:1127. The kdelibs packages provide libraries for the K Desktop Environment KDE. A flaw was found in the way the KDE CSS parser handled content for the CSS style attribute. A remote attacker could create a specially-crafted CSS...

kdelibs security update

CentOS Errata and Security Advisory CESA-2009:1127 Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide...

RHEL 4 / 5 : kdelibs (RHSA-2009:1127)

Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment KDE. A flaw...

Amaya 11.1 XHTML Parser Buffer Overflow

=cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =Amaya 11.1 XHTML Parser Buffer Overflow==/= == =Advisory & Vulnerability Information=== Title: Amaya 11.1 XHTML Parser Buffer Overflow Advisory ID: VUDO-2009-0104 Advisory URL:...

Ubuntu: Security Advisory (USN-645-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amaya Web Editor XML and HTML parser Vulnerabilities

Exploit for unknown platform in category dos / poc ==================================================== Amaya Web Editor XML and HTML parser Vulnerabilities ==================================================== -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs...

Konqueror in KDE Denial of Service Vulnerability

Konqueror is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:kde:konqueror";...

CVE-2008-5712

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...

Hardcoded credentials

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...

CVE-2008-5712

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...

CVE-2008-5712

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via 1 a long COLOR attribute in an HR element; or a long a BGCOLOR or b BORDERCOLOR attribute in a 2 TABLE, 3 TD, or 4 TR element. NOTE: the FONT vector is already covered by CVE-2008-451...

CVE-2008-5712

The CVE-2008-5712 issue affects KDE Konqueror 3.5.9 where the HTML parser can trigger a denial of service (application crash) by parsing overly long attributes: (1) COLOR in HR, and (2) BGCOLOR or BORDERCOLOR in TABLE, TD, or TR elements. The FONT vector is noted as covered by CVE-2008-4514. Root...

CVE-2008-4514

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via a font tag with a long color value, which triggers an assertion error...

CVE-2008-4514

The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service application crash via a font tag with a long color value, which triggers an assertion error...

CVE-2008-4514

The CVE-2008-4514 entry covers a Denial of Service in KDE Konqueror 3.5.9’s HTML parser, triggered by a font tag with an excessively long color value that leads to an assertion error and application crash. Related disclosures (CVE-2008-5712) describe the same DoS condition via long COLOR attribut...

Mozilla Foundation Security Advisory 2008-43

Mozilla Foundation Security Advisory 2008-43 Title: BOM characters, low surrogates stripped from JavaScript before execution Impact: Moderate Announced: September 23, 2008 Reporter: Dave Reed, Chris Weber, Gareth Heyes Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox...

CVE-2008-4066

CVE-2008-4066 affects Mozilla Firefox 2.0.0.x (e.g., 2.0.0.14 and earlier than 2.0.0.17). Description in connected advisories corroborates that HTML-escaped low surrogate characters could bypass XSS protections, enabling XSS. Affected component: Firefox HTML parser/rendering; root cause: HTML esc...

CVE-2008-4066

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&56325ascript" sequence, a...

USN-645-1: Firefox and xulrunner vulnerabilities

Justin Schuh, Tom Cross and Peter Williams discovered errors in the Firefox URL parsing routines. If a user were tricked into opening a crafted hyperlink, an attacker could overflow a stack buffer and execute arbitrary code. CVE-2008-0016 It was discovered that the same-origin check in Firefox...