expat2 -- Parser crash with specially formatted UTF-8 sequences

CVE reports: The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buff...

Debian: Security Advisory (DSA-1696-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Foundation Security Advisory 2008-67

Mozilla Foundation Security Advisory 2008-67 Title: Escaped null characters ignored by CSS parser Impact: Low Announced: December 16, 2008 Reporter: Kojima Hajime Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.5 Firefox 2.0.0.19 Thunderbird 2.0.0.19 SeaMonkey 1.1.14 Description...

Vivvo CMS 3.4 - Multiple Vulnerabilities

!/usr/bin/perl Vivvo CMS Destroyer [email protected] By Xianur0 -------------CREDITS------------- http://milw0rm.com/exploits/4192 http://milw0rm.com/exploits/3326 http://milw0rm.com/exploits/2339 http://milw0rm.com/exploits/2337 -------------/CREDITS------------- print "\n Vivvo CMS Destroyer B...

CVE-2008-4555

Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...

Stack overflow

Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...

CVE-2008-4555

Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...

CVE-2008-4555

Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...

CVE-2008-4555

Stack-based buffer overflow in the pushsubg function in parser.y lib/graph/parser.c in Graphviz 2.20.2, and possibly earlier versions, allows user-assisted remote attackers to cause a denial of service memory corruption or execute arbitrary code via a DOT file with a large number of Agrapht...

CVE-2008-4066

Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via HTML-escaped low surrogate characters that are ignored by the HTML parser, as demonstrated by a "jav&56325ascript" sequence, a...

IntelliTamper 2.0.7 - HTML Parser Remote Buffer Overflow

/ IntelliTamper 2.0.7 html parser Remote Buffer Overflow Just a C version of Guido Landi's discovery. Written by r0ut3r writ3r at gmail.com kit:/home/r0ut3r/publichtml gcc -o intell intell.c kit:/home/r0ut3r/publichtml ./intell + Building payload + Success writing to index.html...

clamav -- CHM Processing Denial of Service

Hanno Boeck reports: A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser...

Trillian 3.1.9.0 DTD File Buffer Overflow

Name: Trillian 3.1.9.0 DTD File Buffer Overflow Software: Trillian 3.1.9.0 Vendor: Cerulean Studios Description: Trillian 3.1.9.0. Basicand maybe minor versions and other as Pro is vulnerable to parser xml format in .dtd file type. The explotation requires that the user download a malformed file...

CVE-2008-0057

Multiple integer overflows in a "legacy serialization format" parser in AppKit in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via a crafted serialized property list...

Debian: Security Advisory (DSA-1497-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 582-1 (libxml, libxml2)

The remote host is missing an update to libxml, libxml2 announced via advisory DSA 582-1. OpenVAS Vulnerability Test $Id: deb5821.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 582-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Wireshark: Multiple vulnerabilities

Background Wireshark is a network protocol analyzer with a graphical front-end. Description Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP CVE-2007-6113, SSL and iSerie...

Fedora Core 6 : perl-5.8.8-12 (2007-748)

This update resolves CVE-2007-5116, fixing a security issue with perl's regex parser. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

Ubuntu 7.10 : link-grammar vulnerability (USN-545-1)

Alin Rad Pop discovered that AbiWord's Link Grammar parser did not correctly handle overly-long words. If a user were tricked into opening a specially crafted document, AbiWord, or other applications using Link Grammar, could be made to crash. Note that Tenable Network Security has extracted the...

Non Compliant MS-SQL TCP

MSSQL protections use a TDS protocol parser. A parsing error can be an indication of malicious traffic...