CVE-2007-3034

Integer overflow in the AttemptWrite function in Graphics Rendering Engine GDI on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile image with a large record length value, which triggers a heap-based buffer overflow...

Microsoft Security Bulletin MS07-046 - Critical Vulnerability in GDI Could Allow Remote Code Execution (938829)

Microsoft Security Bulletin MS07-046 - Critical Vulnerability in GDI Could Allow Remote Code Execution 938829 Published: August 14, 2007 Version: 1.0 General Information Executive Summary This critical security update resolves a privately reported vulnerability. A remote code execution...

CVE-2007-3851

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager DRM to write to arbitrary memory locations and gain privileges via a crafted batchbuffer...

poppler security update

CentOS Errata and Security Advisory CESA-2007:0732 Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering...

RHEL 5 : poppler (RHSA-2007:0732)

Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Maury...

Important: Red Hat Security Advisory: poppler security update

Updated poppler packages that fix a security issue in PDF handling are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. Poppler is a PDF rendering library, used by applications such as evince. Maury...

[SECURITY] Fedora 7 Update: epiphany-2.18.3-2.fc7

epiphany is a simple GNOME web browser based on the Mozilla rendering engine...

Opera/Konqueror: data: URL scheme address bar spoofing

With a specially crafted web page, an attacker can redirect a www browser to the page, which URL in the url bar resembles an arbitrary domain choosen by the attacker. It's possible due to the fact, that some web browsers incorrectly display contents of the url bar while rendering pages based on t...

Apple WebKit frame rendering memory corruption vulnerability

Overview The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X...

[SECURITY] Fedora Core 6 Update: freetype-2.2.1-17.fc6

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

[SECURITY] Fedora 7 Update: freetype-2.3.4-3.fc7

The FreeType engine is a free and portable font rendering engine, developed to provide advanced font support for a variety of platforms and environments. FreeType is a library which can open and manages font files as well as efficiently load, hint and render individual glyphs. FreeType is not a...

[SECURITY] Fedora 7 Update: epiphany-2.18.1-3.fc7

epiphany is a simple GNOME web browser based on the Mozilla rendering engine...

[SECURITY] Fedora Core 5 Update: epiphany-2.14.3-6.fc5

epiphany is a simple GNOME web browser based on the Mozilla rendering engine...

[SECURITY] Fedora Core 6 Update: epiphany-2.16.3-5.fc6

epiphany is a simple GNOME web browser based on the Mozilla rendering engine...

UebiMiau 2.7.10 - demopop3error.php?selected_theme Cross-Site Scripting

UebiMiau 2.7.10 - demopop3error.php?selectedtheme Cross-Site Scripting source: https://www.securityfocus.com/bid/24210/info Uebimiau is prone to multiple input-validation vulnerabilities, including cross-site scripting issues and an information-disclosure issue, because the application fails to...

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting

SunShop Shopping Cart 4.0 - index.php?l Cross-Site Scripting source: https://www.securityfocus.com/bid/23856/info TurnkeyWebTools SunShop Shopping Cart is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may...

FreeType: User-assisted execution of arbitrary code

Background FreeType is a True Type Font rendering library. Description Greg MacManus of iDefense Labs has discovered an integer overflow in the function bdfReadCharacters when parsing BDF fonts. Impact A remote attacker could entice a user to use a specially crafted BDF font, possibly resulting i...

QuizShock 1.6.1 - 'auth.php' HTML Injection

source: https://www.securityfocus.com/bid/23368/info QuizShock is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowi...

DeskPro 2.0.1 - 'login.php' HTML Injection

source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing...

CVE-2006-5586

The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."...