123 matches found
CVE-2009-1725
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit aka Qt toolkit; and possibly other products do not properly handle numeric character references, which allows remote attackers to...
CVE-2009-1725
Removed by vendor...
kdelibs: KHTML CSS parser - incorrect handling CSS "style" attribute content (DoS, ACE)
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...
kdelibs: KHTML CSS parser - incorrect handling CSS "style" attribute content (DoS, ACE)
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...
kdelibs security update
kdelibs 6:3.1.3-6.13.0.1 - Remove Version branding in specfile - Maximum rpm trademark logos removed pics/crystalsvg/mime-rpm.png in tarball 6:3.1.3-6.13 - Resolves: 505618, CVE-2009-1698, KHTML CSS parser - incorrect handling CSS style attribute...
CVE-2009-1694
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site...
CVE-2009-1681
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a craft...
CVE-2009-1693
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue."...
CVE-2009-1712
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element...
CVE-2009-1690
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service memory...
CVE-2009-1698
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets CSS attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code ...
KDE Konqueror 4.1.3 link href Memory Leak Exploit
!/usr/bin/perl konqlhrefml.pl KDE Konqueror 4.1.3 'link href' Memory Leak Exploit Jeremy Brown [email protected]/jbrownsec.blogspot.com Software should be able to handle any kind of input and still perform correct operations. Webkit KHTML -- stability-wise, anyways $filename = $ARGV0;...
openSUSE 10 Security Update : kdelibs4 (kdelibs4-5220)
A heap overflow in the PNG loader of KHTML has been fixed. CVE-2008-1670 has been assigned to this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update kdelibs4-5220. The text description of...
KDE KHTML PNGLoader堆溢出漏洞
BUGTRAQ ID: 28937 CVECAN ID: CVE-2008-1670 KDE是一个为UNIX工作站设计的强大的开源图形桌面环境。 KDE的KHTML中的PNG图形加载器存在堆溢出漏洞,如果用户访问了恶意网页并加载了特制的编码图形的话,就可能触发这个溢出,导致执行任意指令。 KDE 4.0 KDE --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: ftp://ftp.kde.org/pub/kde/securitypatches...
Heap overflow
Heap-based buffer overflow in the progressive PNG Image loader decoders/pngloader.cpp in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted image...
CVE-2008-1670
Heap-based buffer overflow in the progressive PNG Image loader decoders/pngloader.cpp in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted image...
CVE-2008-1670
Heap-based buffer overflow in the progressive PNG Image loader decoders/pngloader.cpp in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted image...
CVE-2008-1670
Heap-based buffer overflow in the progressive PNG Image loader decoders/pngloader.cpp in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted image...
CVE-2008-1670
The CVE-2008-1670 entry describes a heap-based buffer overflow in KDE’s KHTML PNG image loader (decoders/pngloader.cpp) affecting KDE 4.0.x up to 4.0.3. An attacker could trigger a denial of service (crash) and potentially execute arbitrary code via a crafted PNG image. The description does not s...
CVE-2008-1670
Removed by vendor...