Microsoft ASP.NET 1.0/1.1 - Unicode Character Conversion Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12574/info It is reported that ASP.NET is prone to various cross-site scripting attacks. These issues when ASP.NET converts Unicode characters ranging from U+ff00-U+ff60 to ASCII. Apparently, the application fails to properly validate Unicode characters...

#11 by unl0ck team

-= Unl0ck Team Security Advisory =- | | | | | | / | | / | | / / / | |/ / | |/ / | | / | | / | | | / / | Y Y |/|| // / | || /|| / / / / / / / / ... the best way of protection is attack http://unl0ck.void.ru Advisory : 11 by unl0ck team Product : Win Ftp Server latest version Vendor :...

CVE-2005-0086

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale...

CVE-2004-2215

RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges...

DEBIAN-CVE-2004-2215

RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges...

USN-29-1: samba vulnerability

During an audit of the Samba 3.x code base Stefan Esser discovered a Unicode file name buffer overflow within the handling of TRANSACT2QFILEPATHINFO replies. A malicious samba user with write access to a share could exploit this by creating specially crafted path names files with very long names...

[Full-Disclosure] Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 e-matters GmbH www.e-matters.de -= Security Advisory =- Advisory: Samba 3.x QFILEPATHINFO unicode filename buffer overflow Release Date: 2004/11/15 Last Modified: 2004/11/15 Author: Stefan Esser [email protected] Application: Samba 3 = 3.0.7...

Possible Buffer Overrun in smbd

Summary: A possible buffer overrun in smbd could lead to code execution by a remote user Patch Availability A patch for Samba 3.0.7 samba-3.0.7-CAN-2004-0882.patch is available from http://www.samba.org/samba/ftp/patches/security/. The patch has been signed with the "Samba Distribution Verificati...

smbd -- buffer-overrun vulnerability

Caused by improper bounds checking of certain trans2 requests, there is a possible buffer overrun in smbd. The attacker needs to be able to create files with very specific Unicode filenames on the share to take advantage of this issue...

Flash Messaging DoS

Problem with handling some Unicode characters...

CVE-2002-0627

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests...

GLSA-200403-06 : Multiple remote buffer overflow vulnerabilities in Courier

The remote host is affected by the vulnerability described in GLSA-200403-06 Multiple remote buffer overflow vulnerabilities in Courier The vulnerabilities have been found in the 'SHIFTJIS' converter in 'shiftjis.c' and 'ISO2022JP' converter in 'so2022jp.c'. An attacker may supply Unicode...

Samba < 2.2.7 Unicode Encrypted Password Decryption Overflow

Binary data 1343.prm...

[security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBMA01045 REVISION: 0 SSRT4719 rev.0 hp OpenView Select Access remote unauthorized access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin...

CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

DEBIAN-CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

CVE-2004-0224

Multiple buffer overflows in 1 iso2022jp.c or 2 shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."...

Courier mail services: remotely exploitable buffer overflows

The Courier set of mail services use a common Unicode library. This library contains buffer overflows in the converters for two popular Japanese character encodings. These overflows may be remotely exploitable, triggered by a maliciously formatted email message that is later processed by one of t...