CVE-2008-4513

Cross-site scripting XSS vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags...

libxml2: billion laughs DoS attack

libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, aka the "billion laughs...

Safari < 3.1.1 PCRE Nested Repetition Count Overflow

Binary data 4472.prm...

Multiple file input focus stealing vulnerabilities — Mozilla

Security researchers hong and Gregory Fleischer each reported a variant on earlier reported bugs regarding focus shifting in file input controls. Their variants used file input controls nested inside tags to take advantage of automatic focus shifting into the file input field noted on the Hacker...

CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...

PT-2007-6975 · Oracle · Javamail

Name of the Vulnerable Software and Affected Versions: Javamail affected versions not specified Description: The issue arises when Javamail fails to properly handle a series of invalid login attempts where the same e-mail address is used as both the username and password. Specifically, if the...

CVE-2007-4036

Guidance Software EnCase allows user-assisted remote attackers to cause a denial of service via 1 a corrupted Microsoft Exchange database, which triggers an application crash when many options are selected; 2 a corrupted NTFS filesystem, which causes the application to report "memory allocation...

CVE-2007-4036

The CVE-2007-4036 entry concerns Guidance Software EnCase. Affected component: EnCase (Desktop/forensics software). The vulnerability involves three user-assisted remote vectors: (1) corrupted Microsoft Exchange database causing an application crash when many options are selected; (2) corrupted N...

PT-2007-5244 · Microsoft +1 · Ntfs +2

Name of the Vulnerable Software and Affected Versions: Guidance Software EnCase affected versions not specified Description: The issue allows user-assisted remote attackers to cause a denial of service via three main vectors: 1 a corrupted Microsoft Exchange database, which triggers an applicatio...

GLSA-200706-04 : MadWifi: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200706-04 MadWifi: Multiple vulnerabilities Md Sohail Ahmad from AirTight Networks has discovered a divison by zero in the athbeaconconfig function CVE-2007-2830. The vendor has corrected an input validation error in the...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

security flaw

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service stack exhaustion and PHP crash via deeply nested arrays, which trigger deep recursion in the variable destruction routines...

DEBIAN-CVE-2007-1325

The PMAArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service web server crash via an array with many dimensions. NOTE: it could be argued tha...

PT-2007-2700 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 4.x before 4.4.7 PHP versions 5.x before 5.2.2 Description: The issue allows remote attackers to cause a denial of service, resulting in stack exhaustion and a PHP crash. This is achieved by using deeply nested arrays, which...

PHP ZendEngine变量释放远程拒绝服务漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP没有对嵌套数组的深度强制任何过滤检查。由于变量注册是以迭代的方式执行的，因此PHP会接受任何深度，直到达到memorylimit。PHP数组的释放是以递归的方式执行的，因此在耗尽了栈极限的时候就会崩溃。 攻击者可以利用上述问题以可控的方式导致PHP崩溃。假设以下PHP代码： if !checkUserPWD$user, $pass $errmsg = "There is problem ..."; displayError$errmsg; notifyAdminOfCrackAttempt; else ...

CVE-2006-6954

Flock beta 1 0.7 allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

CVE-2006-6954

Flock beta 1 0.7 allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...