PHP ZendEngine变量释放远程拒绝服务漏洞

PHP是广泛使用的通用目的脚本语言，特别适合于Web开发，可嵌入到HTML中。 PHP没有对嵌套数组的深度强制任何过滤检查。由于变量注册是以迭代的方式执行的，因此PHP会接受任何深度，直到达到memorylimit。PHP数组的释放是以递归的方式执行的，因此在耗尽了栈极限的时候就会崩溃。 攻击者可以利用上述问题以可控的方式导致PHP崩溃。假设以下PHP代码： if !checkUserPWD$user, $pass $errmsg = "There is problem ..."; displayError$errmsg; notifyAdminOfCrackAttempt; else ...

CVE-2006-6954

Flock beta 1 0.7 allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

CVE-2006-6954

Flock beta 1 0.7 allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

CVE-2006-6954

Flock beta 1 0.7 allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

CVE-2006-6956

Microsoft Internet Explorer allows remote attackers to cause a denial of service crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

CVE-2006-6955

Opera allows remote attackers to cause a denial of service application crash via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723...

Stack overflow

Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow...

CVE-2007-0180

Stack-based buffer overflow in EF Commander 5.75 allows user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories, which produces a large filename that triggers the overflow...

Mozilla Firefox JavaScript处理程序竞争条件内存破坏漏洞

Mozilla Firefox是一款开放源代码的WEB浏览器。 Mozilla Firefox处理信号存在竞争条件问题，远程攻击者可以利用漏洞进行内存破坏攻击，可能以进程权限执行任意指令。 Firefox当处理深层嵌套的XML文档显示时被javascript处理程序中断，如果浏览器之后通过脚本重定向到新的位置，那么所有未完成的解析过程会中断，其所有结构也被释放，之间就可能存在两次释放而造成的内存破坏问题，可使应用程序崩溃，可能以进程权限执行任意指令。 Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox...

security flaw

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads...

security flaw

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads...

DEBIAN-CVE-2006-4253

Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads...

PT-2006-1093 · K Meleon +4 · K-Meleon +4

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 1.5.0.6 and earlier K-Meleon version 1.0.1 and earlier Netscape Navigator version 8.1 and earlier Description: The issue is related to insufficient access control and concurrency vulnerabilities, allowing a remote...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

security flaw

The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows remote user-assisted attackers to execute privileged code by tricking a user into installing missing plugins and selecting the "Manual Install" button, then using nested javascript: URLs. NOTE: the manual install button is use...

security flaw

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

security flaw

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and migh...

DEBIAN-CVE-2006-1173

Sendmail before 8.13.7 allows remote attackers to cause a denial of service via deeply nested, malformed multipart MIME messages that exhaust the stack during the recursive mime8to7 function for performing 8-bit to 7-bit conversion, which prevents Sendmail from delivering queued messages and migh...

DEBIAN-CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...