RHSA-2014:1865 Red Hat Security Advisory: bash Shift_JIS security update

Bulletin has no description...

RHSA-2014:1295 Red Hat Security Advisory: bash Shift_JIS security update

Bulletin has no description...

Debian DLA-383-1 : claws-mail security update

'DrWhax' of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account of a user that receives a message from them using Claws Mail. CVE-2015-8614 There were no checks on the...

[SECURITY] [DLA 383-1] claws-mail security update

Package : claws-mail Version : 3.7.6-4+squeeze2 CVE ID : CVE-2015-8614 CVE-2015-8708 "DrWhax" of the Tails project reported that Claws Mail is missing range checks in some text conversion functions. A remote attacker could exploit this to run arbitrary code under the account...

Important: Red Hat Security Advisory: bash Shift_JIS security update

Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5.9 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Critical: Red Hat Security Advisory: bash Shift_JIS security update

Updated bash ShiftJIS packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PHP <= 5.2.11 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Microsoft Internet Explorer Multiple Vulnerabilities (2846071)

This host is missing a critical security update according to Microsoft Bulletin MS13-055. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Mandriva Update for php MDVSA-2010:009 (php)

Check for the Version of php OpenVAS Vulnerability Test Mandriva Update for php MDVSA-2010:009 php Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms ...

Mandriva Linux Security Advisory : php (MDVSA-2010:008)

Multiple vulnerabilities has been found and corrected in php : The zendrestoreinientrycb function in zendini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information memory contents and cause a PHP crash by using the iniset function to declare...

CVE-2009-4142

The htmlspecialchars function in PHP before 5.2.12 does not properly handle 1 overlong UTF-8 sequences, 2 invalid ShiftJIS sequences, and 3 invalid EUC-JP sequences, which allows remote attackers to conduct cross-site scripting XSS attacks by placing a crafted byte sequence before a special...

PHP 'htmlspecialcharacters()'畸形多字节字符跨站脚本漏洞

Bugraq ID: 37389 CVE ID：CVE-2009-4142 PHP是一款流行的网络编程语言。 htmlspecialchars函数不严格检查多字节序列，远程攻击者可以利用漏洞进行跨站脚本攻击。 PHP PHP 5.2.11 PHP PHP 5.2.10 PHP PHP 5.2.9 PHP PHP 5.2.8 PHP PHP 5.2.7 PHP PHP 5.2.6 PHP PHP 5.2.5 PHP PHP 5.2.4 PHP PHP 5.2.3 PHP PHP 5.2.2 PHP PHP 5.2.1 PHP PHP 5.2 PHP...

Firefox&#39;s Charset Remembering strikes back

Здравствуйте 3APA3A! Сообщаю вам об изобретении мною новой атаки с использованием Charset Remembering уязвимости в Mozilla Firefox. Ранее я сообщал о Charset Remembering уязвимости в Mozilla Firefox http://websecurity.com.ua/2848/. Как я писал у себя на сайте, Mozilla отчасти исправила уязвимость...

Mozilla Firefox字符编码跨站脚本漏洞

BUGTRAQ ID: 29303 CVECAN ID: CVE-2008-0416 Firefox是一款流行的开源WEB浏览器。 Firefox及其衍生产品中的HTML解析器没有遵循HTML规范，将退格字符处理为空格，这可能在遵循了上述规范过滤输入的网站上导致跨站脚本攻击。此外Firefox没有正确的解析ShiftJIS编码的0x80控制字符，这可能允许攻击者绕过站点输入过滤执行跨站脚本攻击。 Mozilla Firefox 2.0.0.12 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1489-1）以及相应补丁: DSA-1489-1：Ne...

JVN#21563357 Mozilla Firefox cross-site scripting vulnerability

Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazard. Impact An arbitrary script may be executed on the user's web browser. Solution...

Mozilla Foundation Security Advisory 2008-13

Mozilla Foundation Security Advisory 2008-13 Title: Multiple XSS vulnerabilities from character encoding Impact: Moderate Announced: March 25, 2008 Reporter: Alexey Proskuryakov, Yosuke Hasegawa, Simon Montagu Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 Thunderbird 2.0.0....

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including 1 a backspace character that is treated as...

CVE-2008-0416

Multiple cross-site scripting XSS vulnerabilities in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allow remote attackers to inject arbitrary web script or HTML via certain character encodings, including 1 a backspace character that is treated as...