CVE-2006-1335

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome...

Cross site scripting

The cross-site scripting XSS countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "AAA", possibly due to nested or empty tags...

CVE-2006-1029

The cross-site scripting XSS countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "AAA", possibly due to nested or empty tags...

Buffer overflow

Oreka before 0.5 allows remote attackers to cause a denial of service application crash via a "certain RTP sequence."...

CVE-2006-0912

Oreka before 0.5 allows remote attackers to cause a denial of service application crash via a "certain RTP sequence."...

CVE-2006-0912

Oreka before 0.5 allows remote attackers to cause a denial of service application crash via a "certain RTP sequence."...

CVE-2006-0453

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...

Design/Logic Flaw

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service crash via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite...

Apache Error Log Escape Sequence Injection

The target is running an Apache web server which allows for the injection of arbitrary escape sequences into its error logs. An attacker might use this vulnerability in an attempt to exploit similar vulnerabilities in terminal emulators. OpenVAS has determined the vulnerability exists only by...

CVE-2005-3399

Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a...

CVE-2005-3381

Multiple interpretation error in Ukrainian National Antivirus UNA 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe...

CVE-2005-3372

Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could...

CVE-2005-3380

Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be execut...

CVE-2005-3382

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be...

CVE-2005-3381

The CVE-2005-3381 entry concerns Ukrainian National Antivirus (UNA) 1.83.2.16 on kernel 265, where a multiple interpretation error in the file-type handling allows bypass of virus scanning. An attacker can supply a file (BAT, HTML, or EML) containing an MZ executable-like magic byte sequence that...

CVE-2005-3373

The CVE-2005-3373 entry describes a vulnerability in Dr.Web 4.32b where an interpretation error in the virus scanner allows a crafted file (e.g., BAT, HTML, or EML) containing an MZ magic byte sequence (normally for EXE) to be treated as a safe type, yet still be executable as a dangerous file by...

CVE-2005-3382

The CVE-2005-3382 entry describes a flaw in Sophos 3.91 with the 2.28.4 engine where an interpretation error allows a file (e.g., BAT, HTML, EML) containing an MZ magic byte sequence to be treated as a safe type, enabling bypass of virus scanning. This is a “magic byte bug” vulnerability that cou...

security flaw

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service memory consumption via unspecified vectors in the 1 ISAKMP, 2 FC-FCS, 3 RSVP, and 4 ISIS LSP dissector...

DEBIAN-CVE-2005-2874

The ispathabsolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service CPU consumption by tight loop via a "...." URL in an HTTP request...

HPSBTU01210 SSRT4743, SSRT4884 rev.0 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBTU01210 REVISION: 0 SSRT4743, SSRT4884 rev.0 - HP Tru64 UNIX TCP/IP remote Denial of Service DoS NOTICE: There are no restrictions for distribution of this Security Bulletin provided that it remains complete and intact. The...