FreeBSD : drupal -- multiple XSS vulnerabilities (b2383758-5f15-11db-ae08-0008743bf21a)

The Drupal Team reports : A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. This...

drupal -- multiple XSS vulnerabilities

The Drupal Team reports: A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. This...

DRUPAL-SA-2006-024 - Drupal core - Multiple cross site scripting vulnerabilities

Multiple XSS cross site scripting vulnerabilities have been discovered. A bug in input validation and lack of output validation allows HTML and script insertion on several pages. Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS...

CVE-2006-4686

Buffer overflow in the Extensible Stylesheet Language Transformations XSLT processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page...

CVE-2006-4685

Summary (CVE-2006-4685) The XMLHTTP ActiveX control in MSXML/MSXML Core Services (versions 2.6, 3.0–6.0) incorrectly handles server-side redirects, enabling remote, user-assisted access to content from other domains. This information-disclosure vulnerability can let an attacker read cookies or da...

CVE-2006-4685

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains...

CVE-2006-4686

Buffer overflow in the Extensible Stylesheet Language Transformations XSLT processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page...

CVE-2006-4686

CVE-2006-4686 is a Web-exploitable vulnerability in the XSLT processing of Microsoft XML Core Services (MSXML) 2.6 and MSXML Core Services 3.0–6.0 . The issue is a buffer overflow in the XSLT component that could allow a remote attacker to execute arbitrary code by convincing a user to view a cra...

USN-313-1: OpenOffice.org vulnerabilities

It was possible to embed Basic macros in documents in a way that OpenOffice.org would not ask for confirmation about executing them. By tricking a user into opening a malicious document, this could be exploited to run arbitrary Basic code including local file access and modification with the user...

CVE-2006-0298

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read...

CVE-2006-0298

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read...

CVE-2006-0298

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read...

DEBIAN-CVE-2006-0298

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read...

Out-of-bounds

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read...

CVE-2006-0298

The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before 1.0 allows remote attackers to cause a denial of service crash and possibly read sensitive data via unknown attack vectors that trigger an out-of-bounds read...

CVE-2006-0298

CVE-2006-0298 affects Mozilla Firefox < 1.5.0.1 and SeaMonkey

PT-2026-26285

Name of the Vulnerable Software and Affected Versions XML::Parser versions through 2.47 Description The software may experience a buffer overflow due to the pre-allocated buffer size being exceeded. This can lead to heap corruption, potentially resulting in a double free or other forms of...

PT-2026-26286

Name of the Vulnerable Software and Affected Versions XML::Parser versions through 2.47 Description The software contains a heap buffer overflow in the st serial stack function. This occurs when parsing XML files with deeply nested elements. Specifically, when stackptr equals stacksize - 1, the...

CVE-2004-2244

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service CPU and memory consumption via a SOAP message containing a...

CVE-2004-2244

The CVE-2004-2244 entry affects Oracle XML parsing in Oracle Application Server Release 2 (9i) and Database Server Release 2, across multiple versions (9.0.3.0/9.0.3.1, 9.0.2.3 and earlier, Release 1 1.0.2.x, and 9.2.0.1 and later). It describes a denial-of-service condition triggered by processi...