155 matches found
USN-1348-1: ICU vulnerability
It was discovered that ICU did not properly handle invalid locale data during Unicode conversion. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program...
Ubuntu 8.04 LTS / 8.10 / 9.04 : icu vulnerability (USN-846-1)
It was discovered that ICU did not properly handle invalid byte sequences during Unicode conversion. If an application using ICU processed crafted data, content security mechanisms could be bypassed, potentially leading to cross-site scripting XSS attacks. Note that Tenable Network Security has...
USN-846-1: ICU vulnerability
It was discovered that ICU did not properly handle invalid byte sequences during Unicode conversion. If an application using ICU processed crafted data, content security mechanisms could be bypassed, potentially leading to cross-site scripting XSS attacks...
openSUSE 10 Security Update : icu (icu-6322)
icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks CVE-2009-0153. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
SuSE 10 Security Update : icu (ZYPP Patch Number 6422)
icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks. CVE-2009-0153 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell,...
openSUSE Security Update : icu (icu-1028)
icu does not properly handle invalid byte sequences during Unicode conversion. Remote attackers could potentially exploit that to conduct conduct cross-site scripting XSS attacks CVE-2009-0153. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...
RedHat Security Advisory RHSA-2009:1122
The remote host is missing updates announced in advisory RHSA-2009:1122. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possible to bypass certain conte...
RedHat Security Advisory RHSA-2009:1122
The remote host is missing updates announced in advisory RHSA-2009:1122. A flaw was found in the way ICU processed certain, invalid byte sequences during Unicode conversion. If an application used ICU to decode malformed, multibyte character data, it may have been possible to bypass certain conte...
Moderate: Red Hat Security Advisory: icu security update
Updated icu packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The International Components for Unicode ICU library provides robust and full-featured Unicode...
Ubuntu: Security Advisory (USN-720-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site scripting
International Components for Unicode ICU 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences...
CVE-2009-0153
International Components for Unicode ICU 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences...
CVE-2009-0153
International Components for Unicode ICU 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : php5 vulnerabilities (USN-720-1)
It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....
php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
USN-720-1: PHP vulnerabilities
It was discovered that PHP did not properly enforce phpadminvalue and phpadminflag restrictions in the Apache configuration file. A local attacker could create a specially crafted PHP script that would bypass intended security restrictions. This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8....
Heap overflow
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
CVE-2008-5557
CVE-2008-5557 is a heap-based buffer overflow in PHP’s mbstring extension (mbfilter_htmlent.c) present in PHP 4.3.0–5.2.6. The issue arises during Unicode conversion and can allow a context-dependent attacker to execute arbitrary code via a crafted string containing an HTML entity, related to the...
CVE-2008-5557
Heap-based buffer overflow in ext/mbstring/libmbfl/filters/mbfilterhtmlent.c in the mbstring extension in PHP 4.3.0 through 5.2.6 allows context-dependent attackers to execute arbitrary code via a crafted string containing an HTML entity, which is not properly handled during Unicode conversion,...
Orbit Downloader URL Unicode conversion buffer overflow
Added: 07/07/2008 CVE: CVE-2008-1602 BID: 28541 OSVDB: 44036 Background Orbit Downloader is a download manager supporting various protocols. Problem A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloade...