Microsoft Windows GDI WMF Handling Heap Overflow Vulnerability

Description The Microsoft Windows GDI Graphics Rendering Engine is prone to a heap-overflow vulnerability. This issue is exposed when the component loads a specially crafted WMF Windows Metafile image. If this issue is exploited, a malicious WMF or EMF file could potentially corrupt heap-based...

Microsoft Security Bulletin MS06-026 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)

Microsoft Security Bulletin MS06-026 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution 918547 Published: June 13, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Critical Maximum Severity Rating: Remo...

Five Star Review Script - 'report.php?item_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18390/info Five Star Review Script is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to run arbitrary HTML and script code in the browser of a...

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities

TAL RateMyPic 1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/18230/info TAL RateMyPic is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can...

DSA-1076-1 lynx - programming error

Bulletin has no description...

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

Windows Metafile rendering buffer overflow

Added: 05/04/2006 CVE: CVE-2004-0209 BID: 11375 OSVDB: 10692 Background A Windows Metafile image is a 16-bit metafile format that can contain both vector information and bitmap information. Problem A buffer overflow in the Windows Graphics Rendering Engine allows command execution when a malforme...

security flaw

The WYSIWYG rendering engine "rich mail" editor in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which i...

zgv, xzgv -- heap overflow vulnerability

Gentoo reports: Andrea Barisani of Gentoo Linux discovered xzgv and zgv allocate insufficient memory when rendering images with more than 3 output components, such as images using the YCCK or CMYK colour space. When xzgv or zgv attempt to render the image, data from the image overruns a heap...

Mozilla products border-rendering code vulnerability using CSS

Overview A vulnerability in the way Mozilla products and derivative programs handle certain CSS methods could allow a remote attacker to crash the application or execute arbitrary code on a vulnerable system. Description The Mozilla browser and derived products include support for Content Style...

security flaw

The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via certain Cascading Style Sheets CSS that...

CVE-2006-1739

The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via certain Cascading Style Sheets CSS that...

Plone 2.x - MembershipTool Access Control Bypass

source: https://www.securityfocus.com/bid/17484/info Plone is susceptible to a remote access-control bypass vulnerability. This issue is due to the application's failure to properly enforce privileges to various MembershipTool methods. This issue allows remote, anonymous attackers to modify and...

Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities

Matt Wright Guestbook 2.3.1 - Guestbook.pl Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/17438/info Guestbook is prone to multiple HTML-injection vulnerabilities; the application fails to properly sanitize user-supplied input before using it in dynamically...

Chucky A. Ivey N.T. 1.1 - 'index.php' Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/17387/info N.T. is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the...

Mandrake Linux Security Advisory : cairo (MDKSA-2006:057)

GNOME Evolution allows remote attackers to cause a denial of service persistent client crash via an attached text file that contains 'Content-Disposition: inline' in the header, and a very long line in the body, which causes the client to repeatedly crash until the e-mail message is manually...

sBlog 0.7.2 - search.php?keyword POST Method Cross-Site Scripting

sBlog 0.7.2 - search.php?keyword POST Method Cross-Site Scripting source: https://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...

Easy File Sharing Web Server 3.2 - Full Path Request Arbitrary File Upload

Easy File Sharing Web Server 3.2 - Full Path Request Arbitrary File Upload source: https://www.securityfocus.com/bid/17046/info Easy File Sharing Web Server is prone to multiple input-validation vulnerabilities. The application fails to properly sanitize user-supplied input before using it in...

CVE-2006-1045

The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP...