4397 matches found
CVE-2008-2326
CVE-2008-2326 affects Apple Bonjour for Windows (mDNSResponder) prior to 1.0.5. The vulnerability is a NULL pointer dereference when resolving a crafted .local domain name with a long label, leading to denial of service (application crash). Public docs from multiple sources confirm the issue and ...
openSUSE 10 Security Update : apache2-mod_jk (apache2-mod_jk-4997)
Fixed various issues in tomcat : - CVE-2007-3382: Handling of cookies containing a ' character - CVE-2007-3385: Handling of ' in cookies - CVE-2007-5641: tomcat path traversal / information leak - CVE-2007-1860: directory traversal - CVE-2007-3386: tomcat XSS - CVE-2007-5342: insufficient access...
Mutt BROWSE_GET_NAMESPACE IMAP名称空间处理远程溢出漏洞
BUGTRAQ ID: 18642 CVECAN ID: CVE-2006-3242 Mutt是一个小型但功能强大的基于文本的MIME邮件客户端。 Mutt处理畸形邮件时存在漏洞,远程攻击者可能利用此漏洞在客户端上执行任意指令。 Mutt的browse.c文件的browsegetnamespace函数中存在缓冲区溢出漏洞。如果恶意的IMAP服务器向Mutt发送了超长的名称空间的话,就会触发这个漏洞,导致客户端崩溃或执行任意指令。 Mutt Mutt 1.4.2 Gentoo Linux 厂商补丁: Mutt ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Ubuntu 5.04 / 5.10 / 6.06 LTS : mutt vulnerability (USN-307-1)
TAKAHASHI Tamotsu discovered that mutt's IMAP backend did not sufficiently check the validity of namespace strings. If an user connects to a malicious IMAP server, that server could exploit this to crash mutt or even execute arbitrary code with the privileges of the mutt user. Note that Tenable...
openSUSE 10 Security Update : mutt (mutt-1701)
Mutt had a buffer overflow in IMAP namespace parsing code which may open a possible remote vulnerability CVE-2006-3242. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update mutt-1701. The text...
Fedora Core 5 : libXfont-1.2.8-1.fc5 (2007-422)
Fri Apr 6 2007 Adam Jackson 1.2.8-1 - libXfont 1.2.8. - Wed Jan 17 2007 Kristian Hagsberg 1.2.6-2 - Add built-in-scalable.patch to prevent crash when trying to scale built-in bitmap fonts. - Fri Jan 5 2007 Adam Jackson 1.2.6-1 - Update to 1.2.6 - Fri Dec 1 2006 Adam Jackson 1.2.5-1 - Update to...
Fedora Core 4 : mutt-1.4.2.1-5.fc4 (2006-761)
Thu Jun 29 2006 Miroslav Lichvar 5:1.4.2.1-5.fc4 - fix a buffer overflow when processing IMAP namespace 197152, CVE-2006-3242 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...
CVE-2006-3798
DeluxeBB 1.07 and earlier exposes a vulnerability where a remote attacker can set the COOKIE data to overwrite the internal variables _GET, _POST, _ENV, and _SERVER during an extract function call, resulting in pollution of the global namespace and potentially multiple security vulnerabilities. A...
CVE-2005-4455
cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...
CVE-2005-4455
cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...
[SA16319] Karrigell Python Namespace Exposure Vulnerability
---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...
USN-155-1: Mozilla vulnerabilities
Secunia.com reported that one of the recent security patches in Firefox reintroduced the frame injection patch that was originally known as CAN-2004-0718. This allowed a malicious web site to spoof the contents of other web sites. CAN-2005-1937 It was discovered that a malicious website could...
security flaw
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...
security flaw
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...
CVE-2005-2269
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...
Remote Exploit in Business::OnlinePayment::WorldPay::Junior
Business::OnlinePayment::WorldPay::Junior is a perl module providing a backend for perl scripts to manage credit/debit card payments through the WorldPay Select Junior service. I am the author of the module. There is a bug in all version of Business::OnlinePayment::WorldPay::Junior prior to 1.05...
Microsoft Windows NT 4.0 SP4 - Known DLL Cache
Microsoft Windows NT 4.0 SP4 - Known DLL Cache source: https://www.securityfocus.com/bid/234/info The names and mappings of kernel objects in NT are cached in the "object namespace". In this area, DLL mappings are kept in a section called KnownDlls. By manipulating the namespace, it is possible t...