Computer Security
[EN] securityvulns.ru no-pyccku


Multiple PDF parsing library security vulnerabilities
updated since 22.10.2004
Published:01.02.2006
Source:
SecurityVulns ID:4109
Type:library
Threat Level:
7/10
Description:Multiple vulnerabilities including heap corruption, buffer overflows.
Affected:CUPS : cups 1.1
 KDE : KDE 3.2
 CLEARSWIFT : MIMEsweeper 5.0
 KDE : KDE 3.3
 XPDF : xpdf 3.0
 GNOME : gpdf 0.112
 TETEX : tetex 2.0
 TETEX : pTeX 3.1
 TETEX : CSTeX 2.0
 ADOBE : Acrobat Reader 7.0
 LIBEXTRACTOR : libextractor 0.4
 POPPLER : poppler 0.4
 XPDF : xpdf 3.01
 GPDF : GPdf 2.10
 PDFTOHTML : pdftohtml 0.36
 GNUSTEP : PDFKit Framework 0.8
 APPLE : Preview.app 3.0
Original documentdocumentMOAB, MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability (21.01.2007)
 documentKDE, [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow (10.03.2006)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution (01.02.2006)
 documentGENTOO, [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows (01.02.2006)
 documentSECUNIA, [SA18677] Xpdf PDF Splash Image Handling Vulnerability (01.02.2006)
 documentMANDRIVA, MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities (07.01.2006)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability (06.12.2005)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow (06.12.2005)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability (06.12.2005)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability (06.12.2005)
 documentUBUNTU, [USN-163-1] xpdf vulnerability (10.08.2005)
 documentGENTOO, [ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities (10.06.2005)
 documentGENTOO, [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities (26.01.2005)
 documentIDEFENSE, iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow (19.01.2005)
 documentKDE, KDE Security Advisory: kpdf Buffer Overflow Vulnerability (30.12.2004)
 documentIDEFENSE, iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability (22.12.2004)
 documentSECUNIA, [SA13411] MIMEsweeper for SMTP PDF File Processing Denial of Service (11.12.2004)
 documentMANDRAKE, MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities (22.10.2004)
 documentMANDRAKE, MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability (22.10.2004)
 documentKDE, [KDE security advisory] Multiple integer overflows in kpdf (22.10.2004)

fcron convert-fcrontab buffer overflow
Published:01.02.2006
Source:
SecurityVulns ID:5722
Type:local
Threat Level:
5/10
Description:Heap based buffer overflow on oversized command line.
Affected:FCRON : fcron 3.0
Original documentdocumentAdam Zabrocki, [Full-disclosure] Fcrontab - memory corruption on heap. (01.02.2006)

libpng PNG processing library buffer overflow
Published:01.02.2006
Source:
SecurityVulns ID:5723
Type:library
Threat Level:
6/10
Description:Alpha-channels processing buffer overflow in png_set_strip_alpha().
Affected:libpng : libpng 1.2
 libpng : libpng 1.0
Original documentdocumentSECUNIA, [SA18654] libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability (01.02.2006)

Blue Coat ProxySG proxy server protection bypass
Published:01.02.2006
Source:
SecurityVulns ID:5724
Type:remote
Threat Level:
5/10
Description:It's possible to bypass target port limitations with HTTP CONNECT method.
Affected:BLUECOAT : SGOS 4.1
Original documentdocumentSECUNIA, [SA18622] Blue Coat ProxySG SGOS Two Security Issues (01.02.2006)

Microsoft Windows system services privilege escalation
updated since 01.02.2006
Published:11.04.2006
Source:
SecurityVulns ID:5721
Type:local
Threat Level:
8/10
Description:There are several local services SSDP Discovery service, Universal Plug and Play Host service) allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" (HP Printer Laserjet 4200L PCL 6) Audodesk: "Autodesk Licensing Service" Dell Power Managment Software for network cards: "NICCONFIGSVC" Macromedia: "Macromedia Licensing Service" Zonelabs.com TrueVector Device Driver: "vsdatant" C-Dilla Software: "C-DillaCdaC11BA" Macrovision SECURITY Driver (Security Windows NT): "CdaC15BA" Macrovision SECURITY Driver (Security Windows NT): "SecDrv"
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) (11.04.2006)
 documentyourname_(at)_yourdomain.com, Copy protection scheme SafeDisc allows privilege escalation (12.03.2006)
 documentAndres Tarasco , [Full-disclosure] Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit (13.02.2006)
 documentsudhakar+bugtraq_(at)_cs.princeton.edu, Windows Access Control Demystified (01.02.2006)
Files:Privilege Checker for Windows Services exploits weak service permissions
 Exploits Privilege Escalation for Windows Networks using weak Service restrictions v2.0
 Windows Access Control Demystified
 Microsoft Security Bulletin MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod