2171 matches found
DSA-838-1 mozilla-firefox - multiple vulnerabilities
Bulletin has no description...
security flaw
wget 1.8.x and 1.9.x does not filter or quote control characters when displaying HTTP responses to the terminal, which may allow remote malicious web servers to inject terminal escape sequences and execute arbitrary code...
CVE-2005-2702
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters...
CVE-2005-2702
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters...
CVE-2005-2702
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters...
CVE-2005-2702
CVE-2005-2702 affects Mozilla/Firefox: vulnerable when processing Unicode sequences, specifically zero-width non-joiner characters. Firefox prior to 1.0.7 and Mozilla Suite prior to 1.7.12 are at risk. Reported impact: remote attacker could cause a crash and, in some scenarios, may execute arbitr...
firefox security update
CentOS Errata and Security Advisory CESA-2005:785 An updated firefox package that fixes several security bugs is now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web...
security flaw
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters...
firefox & mozilla -- multiple vulnerabilities
A Mozilla Foundation Security Advisory reports of multiple issues: Heap overrun in XBM image processing jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to insta...
Mozilla Suite, Mozilla Firefox: Multiple vulnerabilities
Background The Mozilla Suite is a popular all-in-one web browser that includes a mail and news reader. Mozilla Firefox is the next-generation browser from the Mozilla project. Gecko is the layout engine used in both products. Description The Mozilla Suite and Firefox are both vulnerable to the...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
CVE-2005-2256
Summary: CVE-2005-2256 is a directory-traversal vulnerability in phppgadmin up to versions 3.5.3, exploitable via encoded \%2e\%2e\%2f in the formLanguage parameter to access arbitrary files. The flaw requires that magic_quotes_gpc is disabled. Affected products/versions are documented in Debian ...
CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
DEBIAN-CVE-2005-2256
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" encoded dot dot sequences in the formLanguage parameter...
CVE-2004-2184
Technical details about CVE-2004-2184 are not publicly provided in the supplied documents. No explicit affected products, vulnerable components, exploit specifics, or fixes are described here. Monitor for updates from official advisories.
CVE-2005-2060
Multiple HTTP Response Splitting vulnerabilities in 1 toggleshow.php, 2 togglecats.php, and 3 showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF "%0d%0a" sequences in the Cat parameter...
Finjan SurfinGate content filtering protection bypass
It's possible to bypass URL filtering by using escape sequences...
osCommere HTTP Response Splitting
GulfTech Security Research June 10th, 2005 Vendor : osCommerce URL : http://www.oscommerce.com/ Version : osCommerce 2.2 Milestone 2 && Earlier Risk : HTTP Response Splitting Description: osCommerce is a very popular eCommerce application that allows for individuals to host their own online shop...
CVE-2005-1791
Microsoft Internet Explorer 6 SP2 6.0.2900.2180 crashes when the user attempts to add a URI to the restricted zone, in which the full domain name of the URI begins with numeric sequences similar to an IP address. NOTE: if there is not an exploit scenario in which an attacker can trigger this...
CVE-2005-1342
CVE-2005-1342 affects Apple Terminal on Mac OS X 10.3.9 where the x-man-page URI handler fails to sanitize terminal escape sequences, enabling remote command execution. The underlying issue is lack of input sanitization for x-man-page URIs, which could lead to arbitrary commands executed in the T...