Mozilla Firefox 3.6 - XML Parser Memory Corruption (PoC) Denial of Service

Mozilla Firefox 3.6 - XML Parser Memory Corruption PoC Denial of Service Firefox 3.6XML parsermemory corruption PoC/Dos by d3b4g From tiny islands of maldivies Tested: version 3.6 Tested on windows XP SP3 20-01-2010 This same bug was in early version of firfox,found by Wojciech Pawlikowski This i...

expat: buffer over-read and crash on XML with malformed UTF-8 sequences

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Microsoft Windows Media Player Arbitrary File Download (MS03-017; CVE-2003-0228)

Microsoft Windows Media Player is an application that is used to play various media files, such as those compressed with AVI, MP3, MPG formats and so on. Windows Media Player runs on the Microsoft Windows operating system. Windows Media Player has the ability to change its user interface and...

Buffer overflow

The big2toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service application crash via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlo...

CVE-2009-3720

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Buffer overflow

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

CVE-2009-3720

The updatePosition function in lib/xmltokimpl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service application crash via an XML document with crafted UTF-8 sequences that trigger a buffer over-read,...

Mandriva Linux Security Advisory : libneon0.27 (MDVSA-2009:221)

Multiple vulnerabilities has been found and corrected in libneon0.27 : neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document...

CVE-2009-2473

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

CVE-2009-2473

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

CVE-2009-2473

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service memory and CPU consumption via a crafted XML document containing a large number of nested entity references, a similar issue to...

Apache Httpd < 2.0.64 : expat DoS

A buffer over-read flaw was found in the bundled expat library. An attacker who is able to get Apache to parse an untrused XML document for example through moddav may be able to cause a crash. This crash would only be a denial of service if using the worker MPM...

Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09

This host has Internet Explorer installed and is prone to Denial of Service vulnerability. OpenVAS Vulnerability Test $Id: gbmsiexmldocdosvulnaug09.nasl 6530 2017-07-05 06:23:50Z cfischer $ Microsoft Internet Explorer XML Document DoS Vulnerability - Aug09 Authors: Sharath S Copyright: Copyright ...

Microsoft Internet Explorer XML Document DoS Vulnerability (Aug 2009)

Internet Explorer is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-2668

Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through 7.0.6000.16473 allows remote attackers to cause a denial of service CPU consumption via an XML document composed of a long series of start-tags with no corresponding end-tags, a related issue to CVE-2009-1232...

CVE-2009-2668

Summary: CVE-2009-2668 affects Microsoft Internet Explorer versions 6 up to 6.0.2900.2180 and 7 up to 7.0.6000.16473. The issue is a denial-of-service vulnerability caused by processing XML documents composed of a long sequence of start-tags with no corresponding end-tags, leading to CPU exhausti...

CVE-2009-1955

The expat XML parser in the aprxml interface in xml/aprxml.c in Apache APR-util before 1.3.7, as used in the moddav and moddavsvn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service memory consumption via a crafted XML document containing a large number of nest...

CVE-2009-1469

CRLF injection vulnerability in the Forgot Password implementation in server/webmail.php in IceWarp eMail Server and WebMail Server before 9.4.2 makes it easier for remote attackers to trick a user into disclosing credentials via CRLF sequences preceding a Reply-To header in the subject element o...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : libxml2 vulnerabilities (USN-644-1)

It was discovered that libxml2 did not correctly handle long entity names. If a user were tricked into processing a specially crafted XML document, a remote attacker could execute arbitrary code with user privileges or cause the application linked against libxml2 to crash, leading to a denial of...

Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libxml2 vulnerabilities (USN-673-1)

Drew Yao discovered that libxml2 did not correctly handle certain corrupt XML documents. If a user or automated system were tricked into processing a malicious XML document, a remote attacker could cause applications linked against libxml2 to enter an infinite loop, leading to a denial of service...