3970 matches found
Mandriva Security Advisory MDVSA-2009:223-1 (xerces-c)
The remote host is missing an update to xerces-c announced via advisory MDVSA-2009:223-1. OpenVAS Vulnerability Test $Id: mdksa20092231.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:223-1 xerces-c Authors: Thomas Reinke Copyright: Copyright c 2009...
neon: billion laughs DoS attack
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...
CVE-2009-2473
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...
CVE-2009-2473
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...
CVE-2009-1885
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...
DEBIAN-CVE-2009-1885
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...
Out-of-Bounds
Overview Affected versions of this package are vulnerable to Out-of-Bounds. Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested...
CVE-2009-1885
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service application crash via vectors involving nested parentheses and invalid byte values in "simply nested DTD structures," as demonstrat...
apr-util billion laughs attack
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
apr-util billion laughs attack
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
apr-util billion laughs attack
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
Mizilla Firefox / Opera DoS
Large number of netsted embedded elements leads to crash or resources exhaustion...
DEBIAN-CVE-2009-1955
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
CVE-2009-1955
The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...
Trend Micro OfficeScan 8.0 Client - Denial of Service
source: https://www.securityfocus.com/bid/34642/info The Trend Micro OfficeScan Client is prone to a denial-of-service vulnerability because it fails to handle nested directories with excessively long names. Successfully exploits will crash the affected application, resulting in a denial-of-servi...
Mandriva Update for php MDKSA-2007:090 (php)
Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDKSA-2007:090 php Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...
Apple Safari XML解析器嵌套XML标记远程拒绝服务漏洞
BUGTRAQ ID: 34318 CNCAN ID:CNCAN-2009040101 Apple Safari是一款流行的WEB浏览器。 Apple Safari处理XML标签存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建包含嵌套的XML标签的WEB页,诱使Apple Safari解析,可导致应用程序崩溃。 Apple Safari 3.2.2 for Windows Apple Safari 4 Beta Apple Safari 3.2 目前没有解决方案提供: http://www.apple.com/ Author : Ahmed Obied...
Code injection
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service application crash via an XML document containing many nested A elements...
CVE-2009-0821
Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause a denial of service application crash via nested calls to the window.print function, as demonstrated by a window.printwindow.print in the onclick attribute of an INPUT element...
Mozilla Firefox 2.0.x - Nested window.print() Denial of Service
Mozilla Firefox 2.0.x - Nested window.print Denial of Service source: https://www.securityfocus.com/bid/33969/info Mozilla Firefox is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions...