944 matches found
Design/Logic Flaw
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow...
CVE-2010-1224
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow...
CVE-2010-1224
main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x before 1.6.1.17, and 1.6.2.x before 1.6.2.5 does not properly enforce remote host access controls when CIDR notation "/0" is used in permit= and deny= configuration rules, which causes an improper arithmetic shift and might allow...
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability (AST-2010-003)
Asterisk is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk";...
AST-2010-003: Invalid parsing of ACL rules can compromise security
Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security |...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted HTTP headers, which are not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...
OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to cause a denial of service memory consumption via crafted DER encoded data, which is not...
libxml2栈溢出和释放后使用拒绝漏洞
BUGTRAQ ID: 36010 CVECAN ID: CVE-2009-2414,CVE-2009-2416 libxml2软件包提供允许用户操控XML文件的函数库,包含有读、修改和写XML和HTML文件支持。 libxml库处理DTD中根XML文档元素定义的方式存在栈溢出漏洞,解析Notation和Enumeration属性类型的方式存在多个释放后使用漏洞。远程攻击者可以提供特制的XML文件,如果本地用户受骗打开了该文件,就会导致拒绝服务(应用程序崩溃)。 XMLSoft Libxml2 = 2.6.26 厂商补丁: RedHat ------...
CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
DEBIAN-CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file, as demonstrated by the...
PT-2009-1016 · Xmlsoft +2 · Libxml +3
Name of the Vulnerable Software and Affected Versions: libxml2 versions 2.5.10 through 2.6.32 libxml version 1.8.17 Description: The issue allows context-dependent attackers to cause a denial of service, resulting in an application crash, via crafted Notation or Enumeration attribute types in an...
libxml -- Multiple use-after-free vulnerabilities
Multiple use-after-free vulnerabilities in libxml 1.8.17 that allow context-dependent attackers to cause a denial of service application crash via crafted 1 Notation or 2 Enumeration attribute types in an XML file...
Stack overflow
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted Portable Game Notation .pgn file...
CVE-2009-1071
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service application crash or execute arbitrary code via a crafted Portable Game Notation .pgn file...
CVE-2009-1071
CVE-2009-1071 affects Icarus 2.0, with a stack-based buffer overflow in processing Portable Game Notation (.pgn) files. The vulnerability allows remote attackers to crash the application or execute arbitrary code by supplying a crafted .pgn file. Impact is described as denial of service and poten...
Moodle < 1.9.4 'filter/tex/texed.php' 'pathname' Parameter RCE
Binary data 4788.prm...
Moodle 'filter/tex/texed.php' 'pathname' Parameter Remote Command Execution
The version of Moodle installed on the remote host fails to sanitize user-supplied input to the 'pathname' parameter before using it in the 'filter/tex/texed.php' script in a commandline that is passed to the shell. Provided that PHP's 'registerglobals' setting and the TeX Notation filter has bot...
DEBIAN-CVE-2008-1318
Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows remote attackers to obtain sensitive "cross-site" information via the callback parameter in an API call for JavaScript Object Notation JSON formatted results...