5409 matches found
[Full-disclosure] [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:183 http://www.mandriva.com/security/ Package : qt Date : September 13, 2007 Affected: 2007.0, 2007.1, Corporate 3.0, Corporate 4.0 Problem Description: A buffer overflow was found in how Qt expanded malform...
Mandrake Linux Security Advisory : qt (MDKSA-2007:183)
A buffer overflow was found in how Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or potentially allow for the execution of arbitrary code. Updated packages have been patched to prevent this issue...
RHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883)
Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications for t...
qt security update
CentOS Errata and Security Advisory CESA-2007:0883 Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and...
Important: Red Hat Security Advisory: qt security update
Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications for t...
QT off by one buffer overflow
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service crash via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but...
Buffer overflow
Multiple buffer overflows in phpiisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iisgetservicestate function, related to the...
CVE-2007-4586
Multiple buffer overflows in phpiisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iisgetservicestate function, related to the...
CVE-2007-4586
Multiple buffer overflows in phpiisfunc.dll in the iisfunc extension for PHP 5.2.0 and earlier allow context-dependent attackers to execute arbitrary code, probably during Unicode conversion, as demonstrated by a long string in the first argument to the iisgetservicestate function, related to the...
IPS-1 Protection Update for WWW2 (Version 27)
Microsoft IIS decodes Unicode character sets in a variety of ways. There is an uncommon way of creating Unicode characters in HTTP, which IIS but no other known web servers decode. It is in the form of percent-u-hexchar-hexchar-hexchar-hexchar. The IPS-1 WWW2 protocol subsystem has been updated t...
PHP <= 5.2.0 (php_iisfunc.dll) Local Buffer Overflow PoC (win32)
Exploit for unknown platform in category dos / poc ================================================================ PHP // Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C"...
PHP 5.2.0 (Windows x86) - PHP_iisfunc.dll Local Buffer Overflow
PHP 5.2.0 Windows x86 - PHPiisfunc.dll Local Buffer Overflow // Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C"...
php520-local.txt
// Risk: Local Buffer Overflow Medium - High Risk // Notes: Various other functions are exploitable, all of which convert the // string arguments to unicode. // // extern "C" IISFUNCAPI int fnStartServiceLPCTSTR ServiceId; // extern "C" IISFUNCAPI int fnGetServiceStateLPCTSTR ServiceId; // extern...
Stack overflow
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...
CVE-2007-4442
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...
CVE-2007-4442
Stack-based buffer overflow in the logging function in the Unreal engine, possibly 2003 and 2004, as used in the internal web server, allows remote attackers to cause a denial of service application crash via a request for a long .gif filename in the images/ directory, related to conversion from...
CVE-2007-4442
CVE-2007-4442 concerns the Unreal Engine: a stack-based buffer overflow in the engine’s logging function (used by its internal web server) may be triggered by a request for a long .gif filename in the images/ directory. The root cause is described as a Unicode-to-ASCII conversion issue, potential...
Code injection
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name IDN support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" homographs and possibly perform...
CVE-2007-3742
WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name IDN support and Unicode fonts, which allows remote attackers to create a URL containing "look-alike characters" homographs and possibly perform...
CVE-2007-3742
This CVE-2007-3742 entry describes a URL spoofing flaw in WebKit used by Apple Safari 3 Beta (before Update 3.0.3) and iPhone (before 1.0.1). The root cause is the interaction between International Domain Name (IDN) support and Unicode fonts, which can allow remote attackers to craft a URL contai...