6608 matches found
Integer overflow
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...
CVE-2006-1737
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
CVE-2006-0860
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)
USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well. In gnumeric this bug could be exploited to execute arbitrary code with...
cijfer-vsczpl.pl.txt
!/usr/bin/perl cijfer-vscxpl - Valdersoft Shopping Cart All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-vscxpl.pl -h www.valdersoft.com -d /store [email protected] /$ id;uname -a uid=2526apache gid=2524apache groups=2524apache, 10004psaserv FreeBSD valdersoft.com...
DEBIAN-CVE-2005-4872
Perl-Compatible Regular Expression PCRE library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service crash via a regular expression with a large number of named subpatterns, which triggers a buffer...
[SA17386] SpamAssassin Long Message Header Denial of Service
TITLE: SpamAssassin Long Message Header Denial of Service SECUNIA ADVISORY ID: SA17386 VERIFY ADVISORY: http://secunia.com/advisories/17386/ CRITICAL: Less critical IMPACT: DoS WHERE: From remote SOFTWARE: SpamAssassin 3.x http://secunia.com/product/4506/ DESCRIPTION: A vulnerability has been...
p5-Mail-SpamAssassin -- long message header denial of service
A Secunia Advisory reports: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This ca...
Debian DSA-821-1 : python2.3 - integer overflow
An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular...
Debian DSA-817-1 : python2.2 - integer overflow
An integer overflow with a subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code, and is also present in Python. Exploiting this vulnerability requires an attacker to specify the used regular...
Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : PCRE library (SSA:2005-242-01)
New PCRE packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A buffer overflow could be triggered by a specially crafted regular expression. Any applications that use PCRE to process untrusted regular expressions may be exploited to run arbitrary...
DSA-821-1 python2.3 - integer overflow
Bulletin has no description...
DSA-819-1 python2.1 - integer overflow
Bulletin has no description...
pcre security update
CentOS Errata and Security Advisory CESA-2005:761-02 Updated pcre packages are now available to correct a security issue. This update has been rated as having moderate security impact by the Red Hat Security Response Team PCRE is a Perl-compatible regular expression library. An integer overflow...
DEBIAN-CVE-2005-1061
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."...
galeon, mozilla security update
CentOS Errata and Security Advisory CESA-2005:384-01 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2005-April/073786.html Affected packages: galeon mozilla mozilla-chat mozilla-devel mozilla-dom-inspector mozilla-js-debugger mozilla-mail mozilla-nspr...
RHEL 2.1 / 3 : Mozilla (RHSA-2005:384)
Updated Mozilla packages that fix various security bugs are now available. This update has been rated as having Important security impact by the Red Hat Security Response Team. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Several bu...
CVE-2005-1061
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."...
CVE-2005-1061
CVE-2005-1061 affects LogWatch, where the secure script before version 2.6-2 can be influenced by attacker-supplied strings in /var/log/secure that later form part of a regular expression, causing the parser to crash and enabling a DoS. The vulnerability is described in multiple sources (NVD/NVD-...