5410 matches found
Multiple email clients vulnerable to directory traversal due to inappropriate unicode handling
Overview Some email clients contain a vulnerability when handling an attached file with a file name using unicode. This may result in a directory traversal attack or displaying a file name diffrently from the actual file name. Impact Actual impact could differ depending on the email clients thoug...
Cross-site scripting vulnerability in the Unicode version of msearch
Overview The Unicode version of msearch, a full text search engine for websites, contains a cross-site scripting vulnerability. This problem is caused by a function added to the Unicode version of msearch. Impact A malicious script may be executed on the user's web browser. Solution None...
python repr unicode buffer overflow
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts...
GLSA-200805-03 : Multiple X11 terminals: Local privilege escalation
The remote host is affected by the vulnerability described in GLSA-200805-03 Multiple X11 terminals: Local privilege escalation Bernhard R. Link discovered that RXVT opens a terminal on :0 if the '-display' option is not specified and the DISPLAY environment variable is not set. Further research ...
[ GLSA 200805-03 ] Multiple X11 terminals: Local privilege escalation
Gentoo Linux Security Advisory GLSA 200805-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Fedora 7 : perl-5.8.8-29.fc7 (2008-3399)
Tue Apr 29 2008 Marcela Maslanova - 4:5.8.8-29 - CVE-2008-1927 buffer overflow, when unicode character is used. - Thu Jan 31 2008 Tom 'spot' Callaway - 4:5.8.8-28 - create /usr/lib/perl5/vendorperl/5.8.8/auto and own it in base perl resolves bugzilla 214580 - Mon Nov 26 2007 Tom 'spot' Callaway -...
Debian Security Advisory DSA 1556-2 (perl)
The remote host is missing an update to perl announced via advisory DSA 1556-2. OpenVAS Vulnerability Test $Id: deb15562.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1556-2 perl Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian Security Advisory DSA 1556-1 (perl)
The remote host is missing an update to perl announced via advisory DSA 1556-1. OpenVAS Vulnerability Test $Id: deb15561.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1556-1 perl Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian Security Advisory DSA 1556-1 (perl)
The remote host is missing an update to perl announced via advisory DSA 1556-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Debian DSA-1556-2 : perl - heap buffer overflow
It has been discovered that the Perl interpreter may encounter a buffer overflow condition when compiling certain regular expressions containing Unicode characters. This also happens if the offending characters are contained in a variable reference protected by the \Q...\E quoting construct. When...
[SECURITY] [DSA 1556-1] New perl packages fix denial of service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1556-1 [email protected] http://www.debian.org/security/ Florian Weimer April 24, 2008 http://www.debian.org/security/faq -...
DivX Player 6.7 SRT File Subtitle Parsing Buffer Overflow Exploit
No description provided by source. // Exploit.cpp : Defines the entry point for the console application. // include "stdafx.h" / DivX Player =6.7 srt subtitle parsing exploit Coded by [email protected] Tested on Windows XP SP2 + DivX Player 6.7.0...
DSA-1556-2 perl - denial of service
Bulletin has no description...
DivX Player 6.7 - '.srt' File Subtitle Parsing Buffer Overflow
// Exploit.cpp : Defines the entry point for the console application. // include "stdafx.h" / DivX Player =6.7 srt subtitle parsing exploit Coded by [email protected] Tested on Windows XP SP2 + DivX Player 6.7.0 Credit to securfrog for his PoC Actually this exploit is not relevant to DivX 6.6....
divx66.py.txt
!/usr/bin/python DivX 6.6 SRT SEH overwrite PoC Tested on XP SP2 Coded by Mati Aharoni, aka muts and Chris Hadnagy, aka loganWHD muts..at..offensive-security...dot..com chris..at..offensive-security...dot..com http://www.offensive-security.com/0day/divx66.py.txt Notes: Unicode buffer - real pita...
DivX Player 6.6.0 - .srt File Buffer Overflow (SEH)
DivX Player 6.6.0 - .srt File Buffer Overflow SEH !/usr/bin/python DivX 6.6 SRT SEH overwrite PoC Tested on XP SP2 Coded by Mati Aharoni, aka muts and Chris Hadnagy, aka loganWHD muts..at..offensive-security...dot..com chris..at..offensive-security...dot..com...
DivX Player 6.6.0 SRT File SEH Buffer Overflow Exploit
Exploit for unknown platform in category local exploits ====================================================== DivX Player 6.6.0 SRT File SEH Buffer Overflow Exploit ====================================================== !/usr/bin/python DivX 6.6 SRT SEH overwrite PoC Tested on XP SP2 Coded by Ma...
CVE-2008-1142
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...
Stack overflow
Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed...
CVE-2008-1602
Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed...