CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

security flaw

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

security flaw

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

CVE-2007-0995

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

Design/Logic Flaw

Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions...

Authentication flaw

The Intrusion Prevention System IPS feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets...

Design/Logic Flaw

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

CVE-2007-0917

The Intrusion Prevention System IPS feature for Cisco IOS 12.4XE to 12.3T allows remote attackers to bypass IPS signatures that use regular expressions via fragmented packets...

CVE-2007-0918

The ATOMIC.TCP signature engine in the Intrusion Prevention System IPS feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service IPS crash and traffic loss via unspecified manipulations that are not properly handled by the regular expressio...

Multiple Cisco IOS IPS security vulnerabilities

Protection bypass with fragmented IP packets. DoS if regular expressions are used...

GLSA-200701-01 : DenyHosts: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200701-01 DenyHosts: Denial of Service Tavis Ormandy of the Gentoo Linux Security Audit Team discovered that DenyHosts used an incomplete regular expression to parse failed login attempts. Impact : A remote unauthenticated attacke...

Again break ray client figure ASP webmaster Safety assistant-vulnerability warning-the black bar safety net

Original connection: www.hacker.com.cn hacker Defense 2 0 0 6 in 1 0 period Looks like the book is not yet out,the article would appear online,today suddenly see,just go look The author of the article is: TTFCT Again break ray client figure ASP webmaster Safety assistant www.hacker.com.cn hacker...

CVE-2006-6629

The CVE-2006-6629 issue affects WeBWorK PG Language prior to version 2.3.1. It concerns lib/WeBWorK/PG/Translator.pm, where an insufficiently restrictive regular expression to validate macro filenames allows loading of arbitrary macro files whose names contain the strings dangerousMacros.pl, PG.p...

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

Debian DSA-1210-1 : mozilla-firefox - several vulnerabilities

Several security related problems have been discovered in Mozilla and derived products such as Mozilla Firefox. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2006-2788 Fernando Ribeiro discovered that a vulnerability in the getRawDER function...

Apple Safari JavaScript超长正则表达式匹配串远程代码执行漏洞

Apple Safari是苹果家族操作系统所使用的WEB浏览器。 Apple Safari在处理超长的正则表达式匹配串时存在漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。 如果Safari用户受骗访问了包含有恶意JavaScript的站点的话，就可能触发正则表达式处理过程中的漏洞，导致浏览器崩溃或执行任意指令。 Apple Safari 2.0.4 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.apple.com script var reg = /./; var z = 'Z'; while z.leng...

CentOS 4 : firefox (CESA-2006:0675)

Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Two flaws were found in the way Firefox...

Mozilla products fail to properly handle JavaScript regular expressions

Overview Mozilla products fail to properly handle certain JavaScript regular expressions. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Mozilla Foundation Security Advisory 2006-57: ...a...

CVE-2006-4859

Unrestricted file upload vulnerability in contact.html.php in the Contact comcontact component in Limbo aka Lite Mambo CMS 1.0.4.2L and earlier allows remote attackers to upload PHP code to the images/contact folder via a filename with a double extension in the contactattach parameter in a contac...