httpd: mod_status heap-based buffer overflow

A race condition flaw, leading to heap-based buffer overflows, was found in the modstatus httpd module. A remote attacker able to access a status page served by modstatus on a server using a threaded Multi-Processing Module MPM could send a specially crafted request that would cause the httpd chi...

OpenJDK: Incorrect mlib/raster image validation (2D, 8027841)

Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

CVE-2013-2365

HP Database and Middleware Automation DMA 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2012-5657

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

php: Integer Signedness issues in _php_stream_scandir

Unspecified vulnerability in the phpstreamscandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow."...

PHP '_php_stream_scandir()'缓冲区溢出漏洞

BUGTRAQ ID: 54638 CVE ID: CVE-2012-2688 PHP 是一种 HTML 内嵌式的语言，PHP与微软的ASP颇有几分相似，都是一种在服务器端执行的嵌入HTML文档的脚本语言，语言的风格有类似于C语言，现在被很多的网站编程人员广泛的运用。 PHP 5.3.15和5.4.5之前版本的phpstreamscandir函数在流的实现中存在缓冲区溢出漏洞，成功利用此漏洞可允许远程攻击者在受影响的Web服务器中执行任意代码。 0 PHP 5.4.5 PHP 5.3.15 厂商补丁： PHP --- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2012-1719

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.237 and earlier allows remote attackers to affect integrity, related to CORBA...

CVE-2010-4727

Smarty before 3.0.0 beta 7 does not properly handle the tags, which has unspecified impact and remote attack vectors...

Monkey HTTP Daemon Invalid HTTP 'Connection' Header Denial Of Service Vulnerability

Monkey HTTP Daemon is prone to a denial-of-service vulnerability. Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users. Versions prior to Monkey HTTP Daemon 0.9.3 are vulnerable. OpenVAS Vulnerability Test $Id: monkeyhttp37307.nasl 5390...

CVE-2009-3024

The verifyhostnameofcert function in the certificate checking feature in IO-Socket-SSL IO::Socket::SSL 1.14 through 1.25 only matches the prefix of a hostname when no wildcard is used, which allows remote attackers to bypass the hostname check for a certificate...

CVE-2009-0514

Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the 1 currentmod and 2 LANG parameters to mod/index.php...

CVE-2008-0550

Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service daemon crash or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header...

CVE-2007-2778

Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 allow remote attackers to read arbitrary files via a .. dot dot in the lang parameter to index.php and other unspecified PHP scripts...

CVE-2007-2011

Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...

poppassd USER overflow

The remote poppassd daemon crashes when a too long name is sent after the USER command. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2001-0237

CVE-2001-0237 affects Microsoft Windows 2000 domain controllers, where the Kerberos service can leak memory when it receives certain invalid Kerberos requests, potentially exhausting memory and causing a denial of service. Affected component is the Kerberos service (KDC) on Windows 2000 domain co...

CVE-1999-0154

The vulnerability affects IIS versions 2.0–3.0, where a request ending with a period (dot) can cause the server to reveal ASP page source to an attacker. This is a remote read of source code resulting from the URL handling behavior in IIS 2.0/3.0. Practical impact: exposure of ASP source. The PT-...