CVE-2007-2026

CVE-2007-2026 concerns the file package (GNU regex in file 4.20). A context-dependent attacker can cause CPU denial of service by feeding a crafted document with many line feeds; OS/2 REXX regex handling is implicated. Public fixes are noted in Debian advisories (fixed in 4.17-5etch3 for etch and...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-2026

The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service CPU consumption via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported fo...

CVE-2007-1958

Buffer overflow in TinyMUX before 2.4 allows attackers to cause a denial of service via unspecified vectors related to "too many substring matches in a regexp $-command." NOTE: some of these details are obtained from third party information...

Crlf injection

CRLF injection vulnerability in the FILTERVALIDATEEMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression to ignore the subsequent part of the address...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

Design/Logic Flaw

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

CVE-2007-0918

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

GLSA-200701-01 : DenyHosts: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200701-01 DenyHosts: Denial of Service Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact : A remote unauthenticated attacke...

CVE-2006-6629

The CVE-2006-6629 issue affects WeBWorK PG Language prior to version 2.3.1. It concerns lib/WeBWorK/PG/Translator.pm, where an insufficiently restrictive regular expression to validate macro filenames allows loading of arbitrary macro files whose names contain the strings dangerousMacros.pl, PG.p...

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...

Apple Safari JavaScript超长正则表达式匹配串远程代码执行漏洞

Apple Safari是苹果家族操作系统所使用的WEB浏览器。 Apple Safari在处理超长的正则表达式匹配串时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果Safari用户受骗访问了包含有恶意JavaScript的站点的话，就可能触发正则表达式处理过程中的漏洞，导致浏览器崩溃或执行任意指令。 Apple Safari 2.0.4 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com script var reg = /./; var z = 'Z'; while z.leng...

Mozilla products fail to properly handle JavaScript regular expressions

Overview Mozilla products fail to properly handle certain JavaScript regular expressions. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Mozilla Foundation Security Advisory 2006-57: ...a...

CVE-2006-4859

Unrestricted file upload vulnerability in contact.html.php in the Contact comcontact component in Limbo aka Lite Mambo CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contactattach parameter in a contac...

CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set "\", which leads to a buffer over-read...

CVE-2006-4565

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."...

CVE-2006-4566

Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set "\", which leads to a buffer over-read...

CVE-2006-4565

Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."...