Lucene search
K

5409 matches found

securityvulns
securityvulns
added 2007/09/14 12:0 a.m.70 views

[Full-disclosure] [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:183 http://www.mandriva.com/security/ Package : qt Date : September 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: A buffer overflow was found in how Qt expanded malform...

7.5CVSS6.8AI score0.0234EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/09/14 12:0 a.m.54 views

Mandrake Linux Security Advisory : qt (MDKSA-2007:183)

A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code. Updated packages have been patched to prevent this issue...

7.5CVSS5.9AI score0.0234EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2007/09/14 12:0 a.m.34 views

RHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883)

Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications for t...

7.5CVSS6AI score0.0234EPSS
Exploits0References5
Cent OS
Cent OS
added 2007/09/13 6:50 p.m.71 views

qt security update

CentOS Errata and Security Advisory CESA-2007:0883 Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...

7.5CVSS5.9AI score0.0234EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2007/09/13 4:15 p.m.33 views

Important: Red Hat Security Advisory: qt security update

Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications for t...

7.5CVSS5.9AI score0.0234EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2007/09/13 4:15 p.m.5 views

QT off by one buffer overflow

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service crash via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but...

7.5CVSS6.1AI score0.0234EPSS
Exploits0References4
Prion
Prion
added 2007/08/29 1:17 a.m.19 views

Buffer overflow

Multiple buffer overflows in phpiisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iisgetservicestate function, related to the...

7.5CVSS7.8AI score0.09446EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/08/29 1:17 a.m.27 views

CVE-2007-4586

Multiple buffer overflows in phpiisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iisgetservicestate function, related to the...

7.5CVSS7.5AI score0.09446EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/08/29 1:0 a.m.23 views

CVE-2007-4586

Multiple buffer overflows in phpiisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iisgetservicestate function, related to the...

7.4AI score0.09446EPSS
Exploits0References3
Check Point Advisories
Check Point Advisories
added 2007/08/29 12:0 a.m.5 views

IPS-1 Protection Update for WWW2 (Version 27)

Microsoft IIS decodes Unicode character sets in a variety of ways. There is an uncommon way of creating Unicode characters in HTTP, which IIS but no other known web servers decode. It is in the form of percent-u-hexchar-hexchar-hexchar-hexchar. The IPS-1 WWW2 protocol subsystem has been updated t...

7.8CVSS6.3AI score0.08482EPSS
Exploits1
0day.today
0day.today
added 2007/08/27 12:0 a.m.17 views

PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)

Exploit for unknown platform in category dos / poc ================================================================ PHP // Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C"...

7AI score
Exploits0
exploitpack
exploitpack
added 2007/08/27 12:0 a.m.14 views

PHP 5.2.0 (Windows x86) - PHP_iisfunc.dll Local Buffer Overflow

PHP 5.2.0 Windows x86 - PHPiisfunc.dll Local Buffer Overflow // Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C"...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2007/08/27 12:0 a.m.27 views

php520-local.txt

// Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C" IISFUNCAPI int fnGetServiceStateLPCTSTR ServiceId; // extern...

Exploits0
Prion
Prion
added 2007/08/21 12:17 a.m.19 views

Stack overflow

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...

5CVSS7.5AI score0.0384EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2007/08/21 12:17 a.m.28 views

CVE-2007-4442

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...

5CVSS7.1AI score0.0384EPSS
Exploits0References7
Cvelist
Cvelist
added 2007/08/21 12:0 a.m.34 views

CVE-2007-4442

Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...

7.1AI score0.0384EPSS
Exploits0References7
CVE
CVE
added 2007/08/21 12:0 a.m.50 views

CVE-2007-4442

CVE-2007-4442 concerns the Unreal Engine: a stack-based buffer overflow in the engine’s logging function (used by its internal web server) may be triggered by a request for a long .gif filename in the images/ directory. The root cause is described as a Unicode-to-ASCII conversion issue, potential...

5CVSS7.1AI score0.0384EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2007/08/03 8:17 p.m.22 views

Code injection

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name IDN support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" homographs and possibly perform...

4.3CVSS6.4AI score0.02444EPSS
Exploits3References9Affected Software1
Cvelist
Cvelist
added 2007/08/03 8:0 p.m.34 views

CVE-2007-3742

WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name IDN support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" homographs and possibly perform...

6.2AI score0.02444EPSS
Exploits3References9
CVE
CVE
added 2007/08/03 8:0 p.m.56 views

CVE-2007-3742

This CVE-2007-3742 entry describes a URL spoofing flaw in WebKit used by Apple Safari 3 Beta (before Update 3.0.3) and iPhone (before 1.0.1). The root cause is the interaction between International Domain Name (IDN) support and Unicode fonts, which can allow remote attackers to craft a URL contai...

4.3CVSS6.1AI score0.02444EPSS
Exploits3References9Affected Software1
Rows per page
Query Builder