Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
shared/util/StateUtils.java in this package uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack.
The OGNL extensive expression evaluation capability in this package as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive allowlist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the #context, #_memberAccess, #root, #this, #_typeResolver, #_classResolver, #_traceEvaluations, #_lastEvaluation, #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
The password hash generation algorithm in this package performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to crack passwords by generating hash collisions, related to password substitution.
This package contains a flaw that is triggered when handling an empty http_put body. This may allow a remote attacker to crash an application linked against the library.
Cross-site scripting (XSS) vulnerability in HTML Purifier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
This package allows remote attackers to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by a URL of a crafted .jar file.
Potential Security Issues in Bundled Dojo Library.
The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
Improper Neutralization in bcrypt.
This package suffered from a bug related to character encoding that substantially reduced the entropy of hashed passwords containing non US-ASCII characters. An incorrect encoding step transparently replaced such characters by '?' prior to hashing. In the worst case of a password consisting solely of non-US-ASCII characters, this would cause its hash to be equivalent to all other such passwords of the same length. This issue only affects the JRuby …
Potential Security Issues in Bundled Dojo Library.
Potential XSS vector in Zend_Service_ReCaptcha_MailHide.
Potential XSS vectors due to inconsistent encodings.
Potential XSS vector in Zend_Dojo_View_Helper_Editor.
Potential XSS vector in Zend_Filter_StripTags when comments allowed.
This package is vulnerable to Timing Attacks.
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.
XMLScanner.java allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input.
This package uses a parameter that defines an HMAC truncation length (HMACOutputLength) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.
Algorithmic complexity vulnerability in this package allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540.
ParametersInterceptor does not properly restrict # (pound sign) references to context objects, which allows remote attackers to execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a \u0023 representation for the # character.
Remote attackers could execute Object-Graph Navigation Language (OGNL) statements and modify server-side context objects, as demonstrated by use of a # representation for the # character.
XSS vector in Zend_Filter_StripTags.
File Inclusion vector in Zend_View::setScriptPath() and render().
pyrad is vulnerable to multiple XSS vulnerabilities.
The issue is due to the program not properly sanitizing user-supplied input related to the :limit and :offset functions. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Activeresource contains a format string flaw in the request function of lib/active_resource/connection.rb. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in user-supplied input when passed via the result.code and result.message variables. This may allow a remote attacker to cause a denial of service or potentially execute arbitrary code.
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2), and SVN, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
This package contains a flaw in the handling of tag names. The issue is triggered when the program reads tag names from XML data and then calls a method with that name. With a specially crafted file, a context-dependent attacker can call private methods and manipulate data.
This package contains an overflow condition that is triggered as user-supplied input is not properly validated when handling specially crafted data. This may allow a remote attacker to cause a stack-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.