CVE-2008-0508

Cross-site request forgery CSRF vulnerability in deanspermalinksmigration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure aka deanpmconfigoldstructure configuration setting as administrators via the oldstruct parameter in a...

CVE-2008-0508

CVE-2008-0508 corresponds to a CSRF vulnerability in the WordPress plugin Dean’s Permalinks Migration 1.0. The flaw affects deans_permalinks_migration.php, enabling remote attackers to modify the oldstructure configuration (dean_pm_config[oldstructure]) via the old_struct parameter when pressing ...

CVE-2008-0508

Cross-site request forgery CSRF vulnerability in deanspermalinksmigration.php in the Dean's Permalinks Migration 1.0 plugin for WordPress allows remote attackers to modify the oldstructure aka deanpmconfigoldstructure configuration setting as administrators via the oldstruct parameter in a...

CVE-2007-6284

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service infinite loop via XML containing invalid UTF-8 sequences...

Debian DSA-1447-1 : tomcat5.5 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Tomcat servlet and JSP engine. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3382 It was discovered that single quotes ' in cookies were treated as a delimiter, which could lead to an...

Directory traversal

Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter...

SuSE 10 Security Update : evolution-data-server (ZYPP Patch Number 3826)

A malicious IMAP server could execute code within evolution by sending a malformed response to a SEQUENCE command. CVE-2007-3257 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...

DEBIAN-CVE-2006-7225

Perl-Compatible Regular Expression PCRE library before 6.7 allows context-dependent attackers to cause a denial of service error or crash via a regular expression that involves a "malformed POSIX character class", as demonstrated via an invalid character after a sequence...

FreeBSD pseudo-random numbers generator weakness

SAme PRNG sequence may be reproduced twice under some conditions...

Ubuntu 6.06 LTS / 6.10 : libnet-dns-perl vulnerabilities (USN-483-1)

Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. CVE-2007-3377 Steffen Ullrich discovered that the Net::DNS Perl module did not correctly...

Ubuntu 6.06 LTS / 6.10 / 7.04 : bind9 vulnerability (USN-491-1)

A flaw was discovered in Bind's sequence number generator. A remote attacker could calculate future sequence numbers and send forged DNS query responses. This could lead to client connections being directed to attacker-controlled hosts, resulting in credential theft and other attacks. Note that...

Heap overflow

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

DEBIAN-CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

CVE-2007-4767

Perl-Compatible Regular Expression PCRE library before 7.3 does not properly compute the length of 1 a \p sequence, 2 a \P sequence, or 3 a \Px sequence, which allows context-dependent attackers to cause a denial of service infinite loop or crash or execute arbitrary code...

CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

CVE-2007-4767

Perl-Compatible Regular Expression PCRE library before 7.3 does not properly compute the length of 1 a \p sequence, 2 a \P sequence, or 3 a \Px sequence, which allows context-dependent attackers to cause a denial of service infinite loop or crash or execute arbitrary code...

CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

CVE-2007-4768

Heap-based buffer overflow in Perl-Compatible Regular Expression PCRE library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized...

Sql injection

GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069...