CVE-2009-1885

Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...

apr-util billion laughs attack

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

apr-util billion laughs attack

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

apr-util billion laughs attack

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

Mizilla Firefox / Opera DoS

Large number of netsted embedded elements leads to crash or resources exhaustion...

DEBIAN-CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

Trend Micro OfficeScan 8.0 Client - Denial of Service

source: https://www.securityfocus.com/bid/34642/info The Trend Micro OfficeScan Client is prone to a denial-of-service vulnerability because it fails to handle nested directories with excessively long names. Successfully exploits will crash the affected application, resulting in a denial-of-servi...

Mandriva Update for php MDKSA-2007:090 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDKSA-2007:090 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Apple Safari XML解析器嵌套XML标记远程拒绝服务漏洞

BUGTRAQ ID: 34318 CNCAN ID：CNCAN-2009040101 Apple Safari是一款流行的WEB浏览器。 Apple Safari处理XML标签存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建包含嵌套的XML标签的WEB页，诱使Apple Safari解析，可导致应用程序崩溃。 Apple Safari 3.2.2 for Windows Apple Safari 4 Beta Apple Safari 3.2 目前没有解决方案提供： http://www.apple.com/ Author : Ahmed Obied...

Code injection

Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service application crash via an XML document containing many nested A elements...

CVE-2009-0821

Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service application crash via nested calls to the window.print function, as demonstrated by a window.printwindow.print in the onclick attribute of an INPUT element...

Mozilla Firefox 2.0.x - Nested window.print() Denial of Service

Mozilla Firefox 2.0.x - Nested window.print Denial of Service source: https://www.securityfocus.com/bid/33969/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions...

Internet Explorer XML data binding memory corruption

Added: 12/12/2008 CVE: CVE-2008-4844 BID: 32721 OSVDB: 50622 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem A data binding error allows command execution when a user loads specially crafted XML code containing nested SPAN tags,...

Microsoft XML Core Services Nested Tag (MS08-069; CVE-2007-0099)

MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. A remote code execution vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to...

Debian DSA-1651-1 : ruby1.8 - several vulnerabilities

Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may lead to denial of service and other security problems. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2008-3655 Keita Yamaguchi discovered that several safe...

CVE-2008-4513

Cross-site scripting XSS vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags...

libxml2: billion laughs DoS attack

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

Safari < 3.1.1 PCRE Nested Repetition Count Overflow

Binary data 4472.prm...

Multiple file input focus stealing vulnerabilities — Mozilla

Security researchers hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside tags to take advantage of automatic focus shifting into the file input field noted on the Hacker...