1237 matches found
nginx ngx_http_process_request_headers()函数空指针引用拒绝服务漏洞
BUGTRAQ ID: 36839 CVECAN ID: CVE-2009-3896 nginx是多平台的HTTP服务器和邮件代理服务器。 nginx服务器的src/http/ngxhttpparse.c文件的ngxhttpprocessrequestheaders函数中存在空指针引用错误,远程攻击者可以通过超长的URI来触发这个漏洞,导致worker进程崩溃。 Igor Sysoev nginx 0.8.x Igor Sysoev nginx 0.7.x Igor Sysoev nginx 0.6.x Igor Sysoev nginx 0.5.x Igor Sysoev nginx...
SuSE9 Security Update : permissions and filesystem (YOU Patch Number 10539)
It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...
SuSE9 Security Update : permissions (YOU Patch Number 10815)
It is technically impossible to change permissions files in of world writeable directories that don't have the sticky bit set in a secure way. This update therefore removes /var/lib/xmcd/discog from /etc/permissions. Furthermore permissions handling of files below /var/games is removed. To be abl...
MySQL COM_TABLE_DUMP Information Leakage and Arbitrary Command Execution
No description provided by source. / April 21.st 2006 myexploit.c MySql COMTABLEDUMP Memory Leak & MySql remote B0f MySql = 5.0.20 MySql COMTABLEDUMP Memory Leak MySql = 4.x.x copyright 2006 Stefano Di Paola stefano.dipaolaatwisec.it GPL 2.0 Disclaimer: In no event shall the author be liable for...
Mozilla Seamonkey Multiple Vulnerability Jun-09 (Linux)
The host is installed with Seamonkey, which is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbseamonkeymultvulnjun09lin.nasl 4869 2016-12-29 11:01:45Z teissa $ Mozilla Seamonkey Multiple Vulnerabilities Jun-09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone...
CVE-2009-1434
Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...
CVE-2009-1339
Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...
CVE-2009-1434
Cross-site request forgery CSRF vulnerability in Foswiki before 1.0.5 allows remote attackers to hijack the authentication of arbitrary users for requests that modify pages, change permissions, or change group memberships, as demonstrated by a URL for a 1 save or 2 view script in the SRC attribut...
CVE-2007-6726
Multiple cross-site scripting XSS vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving 1 xipclient.html and 2 xipserver.html in src/io/...
KDE Konqueror DoS
Memory exhaustion on oversized SRC and HREF parameters...
CVE-2008-5761
Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS aka Flatnuke3 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter to the default URI; 2 the foto parameter to photo.php in the 05Foto module; or 3 the name parameter in an insertrecord...
CVE-2008-5761
CVE-2008-5761 affects FlatnuX CMS (aka Flatnuke3). The provided documents describe multiple cross-site scripting (XSS) vulnerabilities: (1) via the mod parameter in the default URI, (2) via the foto parameter to photo.php in the 05_Foto module, and (3) via the name parameter in an insertrecord ac...
CVE-2008-5706
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/trigger.tmp temporary file...
Internet Explorer embed tag src extension buffer overflow
Added: 12/11/2008 CVE: CVE-2008-4261 BID: 32595 OSVDB: 50610 Background The HTML embed tag allows developers to embed plug-ins in web pages. Problem A vulnerability in Internet Explorer allows command execution when a user loads a page containing an embed tag with a src attribute containing a...
CVE-2008-5402
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...
Double free
Double free vulnerability in the XML parser in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a crafted XML expression, related to the "IMG SRC ID."...
CVE-2008-5402
Trillian has a CVE-2008-5402 vulnerability: a double-free in the XML parser before version 3.1.12.0 can enable remote code execution via crafted XML (notably the IMG SRC ID payload). Public sources (ZDI-08-078, OpenVAS entries, and NVD record) corroborate a remote memory corruption/ARiC condition...
Buffer overflow
Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine aka lcms before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input file," a different vulnerability than...