5412 matches found
[SA20376] Firefox Multiple Vulnerabilities
---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...
Web site XSS using BOM on UTF-8 pages — Mozilla
Masatoshi Kimura reports that the Unicode Byte-order-Mark BOM is stripped from UTF-8 pages during the conversion to Unicode before the parser sees the web page. As a result the parser will see and process script tags that web input sanitizers may miss because they appear as "scrBOMipt" or similar...
ASP database plug horse small conference-vulnerability warning-the black bar safety net
lake2 ( http://lake2.0x54.org ) With the development of technology, ASP database plug horse also is not what fresh stuff, believe you played this. Oh, and that you have not met insert the asp code is spaces apart case? i.e. insertion of each of the characters between the There are spaces for? Now...
MS05-017 Microsoft Message Queueing Service Path Overflow
This module exploits a stack buffer overflow in the RPC interface to the Microsoft Message Queueing service. The offset to the return address changes based on the length of the system hostname, so this must be provided via the 'HNAME' option. Much thanks to snort.org and Jean-Baptiste Marchand's...
ASP database plug horse small conference-vulnerability warning-the black bar safety net
With the development of technology, ASP database plug horse also is not what fresh stuff, believe you played this. Oh, and that you have not met insert the asp code is spaces apart case? i.e. insertion of each of the characters between the There are spaces for? Now, let us to solve this problem...
FreeBSD : bogofilter -- heap corruption through malformed input (92140bc9-7bde-11da-8ec4-0002b3b60e4c)
Matthias Andree reports : When using Unicode databases default in more recent bogofilter installations, upon encountering invalid input sequences, bogofilter or bogolexer could overrun a malloc'd buffer, corrupting the heap, while converting character sets. Bogofilter would usually be processing...
FreeBSD : rxvt-unicode -- restore permissions on tty devices (c2fdb3bc-7d72-11da-b96e-000fb586ba73)
A rxvt-unicode changelog reports : SECURITY FIX: on systems using openpty, permissions were not correctly updated on the tty device and were left as world-readable and world-writable likely in original rxvt, too, and were not restored properly. Affected are only systems where non-unix ptys were...
FreeBSD : firefox & mozilla -- multiple vulnerabilities (8f5dd74b-2c61-11da-a263-0001020eed82)
A Mozilla Foundation Security Advisory reports of multiple issues : Heap overrun in XBM image processing jackerror reports that an improperly terminated XBM image ending with space characters instead of the expected end tag can lead to a heap buffer overrun. This appears to be exploitable to...
JVN#84775942 Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
Impact Actual impact could differ depending on the email clients though, an attacker coulld possibly forge a file name or a email client could handle a file inappropriately which may result in a file being overwritten or an arbitray file being created and saved in an arbitrary directory. Solution...
CVE-2006-2170
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer...
Buffer overflow
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer...
CVE-2006-2170
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer...
CVE-2006-2170
CVE-2006-2170 affects ArgoSoft FTP Server 1.4.3.6. A buffer overflow is triggered by Unicode in the RNTO command, allowing remote attackers to execute arbitrary code. Exploitation was demonstrated by the Infigo FTPStress Fuzzer. The CVSS base score is 6.4 (Medium) with network access, low attack ...
Buffer overflow
Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when...
CVE-2006-2027
Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when...
CVE-2006-2027
CVE-2006-2027 describes a buffer overflow in Unicode processing within the logging functionality of Pablo Software Solutions Quick 'n Easy FTP Server (Professional and Lite, probably v3.0). The flaw could allow remote authenticated users to execute arbitrary code by sending a command with a long ...
CVE-2006-2027
Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when...
Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow
IHS Iran Homeland Security Public advisory by : c0d3r "Kaveh Razavi" [email protected] Title : Quick 'n Easy FTP Server pro/lite Logging unicode stack overflow information : Quick 'n Easy FTP Server is a simple and handy FTP server which is developed by Pablo van der Meer . there is a unicode...
CVE-2006-0014
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...
Buffer overflow
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...