Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support

Overview Multiple web browsers are vulnerable to spoofing attacks through the use of Internationalized Domain Names. Other applications such as email programs may also be vulnerable. Description The Domain Name System The Domain Name System DNS provides name, address, and other information about...

GLSA-200503-23 : rxvt-unicode: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200503-23 rxvt-unicode: Buffer overflow Rob Holland of the Gentoo Linux Security Audit Team discovered that rxvt-unicode fails to properly check input length. Impact : Successful exploitation would allow an attacker to execute...

CVE-2005-0509

Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

CVE-2005-0509

Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

rxvt-unicode -- buffer overflow vulnerability

A rxvt-unicode changelog reports: Fix a bug that allowed to overflow a buffer via a long escape sequence, which is probably exploitable fix by Rob Holland / Yoann Vandoorselaere / Gentoo Audit Team...

security flaw

Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service crash or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value...

Internationalized domain names (IDN) can be used for spoofing. – Opera Security Advisories

Internationalized domain names IDN can be used for spoofing. – Opera Security Advisories OPCOM Team | February 25, 2005 Summary Opera supports internationalized domain names IDN, which allowsfor example Russian or Chinese domain names to be written in theirown native scripts. However, this also...

Heap overflow possible in UTF8 to Unicode conversion — Mozilla

It is possible for a UTF8 string with invalid sequences to trigger a heap overflow of converted Unicode data. Exploitability would depend on the attackers ability to get the string into the buggy converter. General web content is converted elsewhere but we can't rule out the possibility of a...

CVE-2005-0509

Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

CVE-2005-0509

Multiple cross-site scripting XSS vulnerabilities in the Mono 1.0.5 implementation of ASP.NET .Net allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

Mono 1.0.5 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

Mono 1.0.5 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12626/info It is reported that Mono is prone to various cross-site scripting attacks. These issues result from insufficient sanitization of user-supplied data and aris...

Mono 1.0.5 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12626/info It is reported that Mono is prone to various cross-site scripting attacks. These issues result from insufficient sanitization of user-supplied data and arise when Mono converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. Mono 1.0.5 ...

Microsoft .Net Framework ASP.NET crossite scripting

By using Unicode characters 0xff-0xff60 it's possible to bypass special charactesr filtering in ASP.NET application...

CVE-2005-0452

Multiple cross-site scripting XSS vulnerabilities in Microsoft ASP.NET .Net 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

CVE-2005-0452

Multiple cross-site scripting XSS vulnerabilities in Microsoft ASP.NET .Net 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including "" and ""...

Microsoft ASP.NET 1.01.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

Microsoft ASP.NET 1.01.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12574/info It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging fr...

Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12574/info It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. Apparently, the application fails to properly validate Unicode characters...

#11 by unl0ck team

-= Unl0ck Team Security Advisory =- | | | | | | / | | / | | / / / | |/ / | |/ / | | / | | / | | | / / | Y Y |/|| // / | || /|| / / / / / / / / ... the best way of protection is attack http://unl0ck.void.ru Advisory : 11 by unl0ck team Product : Win Ftp Server latest version Vendor :...

CVE-2005-0086

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale...

DEBIAN-CVE-2004-2215

RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges...