8447 matches found
CVE-2006-2228
Cross-site scripting XSS vulnerability in w-Agora aka Web-Agora 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' equals character, which bypasses a restrictive regular...
security flaw
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...
Directory traversal
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ modified dot dot slash in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences...
CVE-2006-1909
Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ modified dot dot slash in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences...
Code injection
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...
CVE-2006-1895
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that 1 bypasses a loose "." regular expression to match BEGIN and END statements in overallheader.tpl, or...
Mozilla products vulnerable to memory corruption via large regular expression in JavaScript
Overview A vulnerability in the way the JavaScript engine of Mozilla products and derivative programs handles a large regular expression could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description A regular expression is a special text stri...
Integer overflow
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...
CVE-2006-1737
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...
CVE-2006-1737
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary bytecode via JavaScript with a large regular expression...
Sql injection
SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a / sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
CVE-2006-0860
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
CVE-2006-0046
squidredirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service CPU consumption via a URL with a large number of trailing / forward slashes, which might produce inefficient regular expressions...
CVE-2006-0046
squidredirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service CPU consumption via a URL with a large number of trailing / forward slashes, which might produce inefficient regular expressions...
Ubuntu 4.10 / 5.04 : python2.1, python2.2, python2.3, gnumeric vulnerabilities (USN-173-4)
USN-173-1 fixed a buffer overflow vulnerability in the PCRE library. However, it was found that the various python packages and gnumeric contain static copies of the library code, so these packages need to be updated as well. In gnumeric this bug could be exploited to execute arbitrary code with...
Ubuntu 4.10 / 5.04 : pcre3 vulnerability (USN-173-1)
A buffer overflow has been discovered in the PCRE, a widely used library that provides Perl compatible regular expressions. Specially crafted regular expressions triggered a buffer overflow. On systems that accept arbitrary regular expressions from untrusted users, this could be exploited to...
cijfer-vsczpl.pl.txt
!/usr/bin/perl cijfer-vscxpl - Valdersoft Shopping Cart All rights reserved. 1. example cijfer@kalma:/research$ ./cijfer-vscxpl.pl -h www.valdersoft.com -d /store [email protected] /$ id;uname -a uid=2526apache gid=2524apache groups=2524apache, 10004psaserv FreeBSD valdersoft.com...
DEBIAN-CVE-2005-4872
Perl-Compatible Regular Expression PCRE library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service crash via a regular expression with a large number of named subpatterns, which triggers a buffer...
CVE-2004-2590
CVE-2004-2590 affects meindlSOFT Cute PHP Library (cphplib) version 0.46. The vulnerability is described as related to regular expressions with unspecified impact and attack vectors. NVD lists a high-severity network-exposed issue (CVSSv2 base score 10.0) with complete impact on confidentiality, ...