EUVD-2004-0398

Malware in sbrugna...

SUSE CVE-2004-0398

Heap-based buffer overflow in the nerfc1036parse date parsing function for the neon library libneon 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client...

Scientific Linux Security Update : neon on SL4.x, SL5.x i386/x86_64

CVE-2009-2473 neon, gnome-vfs2 embedded neon: billion laughs DoS attack CVE-2009-2474 neon: Improper verification of x509v3 certificate with NULL zero byte in certain fields It was discovered that neon is affected by the previously published 'null prefix attack', caused by incorrect handling of...

CentOS Update for neon CESA-2009:1452 centos4 i386

Check for the Version of neon OpenVAS Vulnerability Test CentOS Update for neon CESA-2009:1452 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

RedHat Security Advisory RHSA-2009:1452

The remote host is missing updates announced in advisory RHSA-2009:1452. neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level interface to HTTP and WebDAV methods along with a low-level interface for HTTP request handling. neon supports persistent connections,...

RHEL 4 / 5 : neon (RHSA-2009:1452)

Updated neon packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. neon is an HTTP and WebDAV client library, with a C interface. It provides a high-level...

neon: billion laughs DoS attack

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

Gentoo Security Advisory GLSA 200405-25 (tla)

The remote host is missing updates announced in advisory GLSA 200405-25. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200405-04 (openoffice)

The remote host is missing updates announced in advisory GLSA 200405-04. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200406-03 (sitecopy)

The remote host is missing updates announced in advisory GLSA 200406-03. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200404-14 (cadaver)

The remote host is missing updates announced in advisory GLSA 200404-14. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200405-04 (openoffice)

The remote host is missing updates announced in advisory GLSA 200405-04. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200405-15 (cadaver)

The remote host is missing updates announced in advisory GLSA 200405-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Gentoo Security Advisory GLSA 200406-03 (sitecopy)

The remote host is missing updates announced in advisory GLSA 200406-03. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-200405-13 : neon heap-based buffer overflow

The remote host is affected by the vulnerability described in GLSA-200405-13 neon heap-based buffer overflow Stefan Esser discovered a vulnerability in the code of the neon library : if a malicious date string is passed to the nerfc1036parse function, it can trigger a string overflow into static...

GLSA-200405-04 : OpenOffice.org vulnerability when using DAV servers

The remote host is affected by the vulnerability described in GLSA-200405-04 OpenOffice.org vulnerability when using DAV servers OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV servers. This library is vulnerable to several format string attacks...

GLSA-200404-14 : Multiple format string vulnerabilities in cadaver

The remote host is affected by the vulnerability described in GLSA-200404-14 Multiple format string vulnerabilities in cadaver Cadaver code includes the neon library, which in versions 0.24.4 and previous is vulnerable to multiple format string attacks. The latest version of cadaver uses version...

Fedora Core 2 : neon-0.24.5-2.2 (2004-130)

Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which us...

Fedora Core 1 : neon-0.24.5-2.1 (2004-129)

Stefan Esser discovered a flaw in the neon library which allows a heap buffer overflow in a date parsing routine. An attacker could create a malicious WebDAV server in such a way as to allow arbitrary code execution on the client should a user connect to it using a neon-based application which us...

CVE-2004-0398

Heap-based buffer overflow in the nerfc1036parse date parsing function for the neon library libneon 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client...