3212 matches found
CVE-2008-2383
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
CVE-2008-2383
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF aka \n characters surrounding a command name within a Device Control Request Status String DECRQSS escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071...
CVE-2008-5078
Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...
Buffer overflow
Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...
CVE-2008-5078
Multiple buffer overflows in the 1 recognizeepsfile function src/psgen.c and 2 tildesubst function src/util.c in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename...
enscript: "font" special escape buffer overflows
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...
enscript: "font" special escape buffer overflows
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...
Cross site scripting
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has...
Cross site scripting
The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has...
FreeBSD arc4random (9)伪随机数生成器不充分漏洞
BUGTRAQ ID: 32447 CVECAN ID: CVE-2008-5162 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD内核中广泛使用arc4random9随机数生成器,一些应用依赖于该随机数生成器的加密强度。arc4random9定期用来自FreeBSD内核的Yarrow随机数生成器的熵重新提供种子,Yarrow随机数生成器从包括硬件中断等各种来源收集熵。在引导阶段,从用户域向Yarrow随机数生成器提供了额外的,以确保加密中有足够的熵。...
FreeBSD-SA-08:11.arc4random
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random9 predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24...
FreeBSD -- arc4random(9) predictable sequence vulnerability
Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...
Design/Logic Flaw
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service infinite loop via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using ""...
CVE-2008-5185
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service infinite loop via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using ""...
CVE-2008-5185
The highlighting functionality in geshi.php in GeSHi before 1.0.8 allows remote attackers to cause a denial of service infinite loop via an XML sequence containing an opening delimiter without a closing delimiter, as demonstrated using ""...
DEBIAN-CVE-2008-4306
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...
CVE-2008-4306
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...
CVE-2008-4306
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...
Buffer overflow
Buffer overflow in enscript before 1.6.4 has unknown impact and attack vectors, possibly related to the font escape sequence...
DEBIAN-CVE-2008-4326
The PMAescapeJsString function in libraries/jsescape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting XSS protection mechanisms and conduct XSS attacks via a NUL byte inside a "/script" sequence...