163 matches found
CVE-2010-1986
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...
CVE-2010-1986
Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to cause a denial of service memory consumption and application crash via JavaScript code that creates multiple arrays containing elements with long string values, and then appends long strings to the content of a P element, related ...
CVE-2010-1176
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via vectors related to an array of long strings, an array of IMG elements with crafted strings in their SRC attributes, a TBODY element with no...
Ubuntu Update for libthai vulnerability USN-887-1
Ubuntu Update for Linux kernel vulnerabilities USN-887-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN8871.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for libthai vulnerability USN-887-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
DEBIAN-CVE-2009-4012
Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to 1 thbrk/thbrk.c and 2 thwbrk/thwbrk.c. NOTE: some of these details are obtained from third party information...
USN-887-1: LibThai vulnerability
Tim Starling discovered that LibThai did not correctly handle long strings. A remote attacker could use specially-formed strings to execute arbitrary code with the user's privileges...
PT-2009-4831 · Scmpx · Scmpx
Name of the Vulnerable Software and Affected Versions: SCMPX version 1.5.1 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, or execute arbitrary code via a long string in a .m3u playlist file. Recommendations: For SCMPX version 1.5.1,...
PT-2009-3742 · Mozilla +1 · Firefox +1
Name of the Vulnerable Software and Affected Versions: Pango versions prior to 1.24 Description: The issue is related to an integer overflow in the pango glyph string set size function, which can be triggered by a long glyph string. This can cause a denial of service, resulting in an application...
Ubuntu Update for pcre3 vulnerability USN-581-1
Ubuntu Update for Linux kernel vulnerabilities USN-581-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN5811.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for pcre3 vulnerability USN-581-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...
WordNet: Execution of arbitrary code
Background WordNet is a large lexical database of English. Description Jukka Ruohonen initially reported a boundary error within the searchwn function in src/wn.c. A thorough investigation by the oCERT team revealed several other vulnerabilities in WordNet: Jukka Ruohonen and Rob Holland oCERT...
USN-581-1: PCRE vulnerability
It was discovered that PCRE did not correctly handle very long strings containing UTF8 sequences. In certain situations, an attacker could exploit applications linked against PCRE by tricking a user or automated system in processing a malicious regular expression leading to a denial of service or...
FreeBSD : xfce -- multiple vulnerabilities (024edd06-c933-11dc-810c-0016179b2dd5)
Gentoo reports : A remote attacker could entice a user to install a specially crafted 'rc' file to execute arbitrary code via long strings in the 'Name' and 'Comment' fields or via unspecified vectors involving the second vulnerability. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
Buffer overflow
Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier allow remote attackers to execute arbitrary code via 1 a reply that begins with a long version string, which triggers an overflow in handlertsppkt in rtsphandlers.c; long headers that trigger overflows in 2 sendpauserequest, 3...
krb5 RPC library buffer overflow
Stack-based buffer overflow in the svcauthgssvalidate function in lib/rpc/svcauthgss.c in the RPCSECGSS RPC library librpcsecgss in MIT Kerberos 5 krb5 1.4 through 1.6.2, as used by the Kerberos administration daemon kadmind and some third-party applications that use krb5, allows remote attackers...
security flaw
Multiple integer overflows in the Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving 1 long strings in the toSource method of the Object, Array, and String objects...
CVE-2006-1147
The Comsprintf function in qshared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers possibly authenticated to cause a denial of service application crash via a long skin, weapon, or model name...
PT-2005-5346 · Mirc · Mirc
Name of the Vulnerable Software and Affected Versions: mIRC versions 5.91 through 6.16 Description: A buffer overflow issue allows local users to potentially execute arbitrary code by entering a long string after reaching the DCC Get Folder Dialog. The vendor has disputed this issue, suggesting i...
CVE-2004-2505
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service memory consumption and crash by sending repeated GET or POST requests that trigger error messages that use long strings of data...
GLSA-200502-05 : Newspost: Buffer overflow vulnerability
The remote host is affected by the vulnerability described in GLSA-200502-05 Newspost: Buffer overflow vulnerability Niels Heinen has discovered a buffer overflow in the socketgetline function of Newspost, which can be triggered by providing long strings that do not end with a newline character...
CVE-2004-0014
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings...