Search:Vulnerability:01.02.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple PDF parsing library security vulnerabilities
updated since 22.10.2004
Published: 01.02.2006
Source: BUGTRAQ
SecurityVulns ID: 4109
Type: library
Level: 7/10
Description: Multiple vulnerabilities including heap corruption, buffer overflows.

Affected: CUPS : cups 1.1
KDE : KDE 3.2
CLEARSWIFT : MIMEsweeper 5.0
KDE : KDE 3.3
XPDF : xpdf 3.0
GNOME : gpdf 0.112
TETEX : tetex 2.0
TETEX : pTeX 3.1
TETEX : CSTeX 2.0
ADOBE : Acrobat Reader 7.0
LIBEXTRACTOR : libextractor 0.4
POPPLER : poppler 0.4
XPDF : xpdf 3.01
GPDF : GPdf 2.10
PDFTOHTML : pdftohtml 0.36
GNUSTEP : PDFKit Framework 0.8
APPLE : Preview.app 3.0

Original document MOAB, MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability (21.01.2007)

KDE, [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow (10.03.2006)

DEBIAN, [Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution (01.02.2006)

GENTOO, [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows (01.02.2006)

document SECUNIA, [SA18677] Xpdf PDF Splash Image Handling Vulnerability (01.02.2006)

MANDRIVA, MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities (07.01.2006)

IDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability (06.12.2005)

document IDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow (06.12.2005)

IDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability (06.12.2005)

IDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability (06.12.2005)

document UBUNTU, [USN-163-1] xpdf vulnerability (10.08.2005)

GENTOO, [ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities (10.06.2005)

GENTOO, [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities (26.01.2005)

IDEFENSE, iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow (19.01.2005)

document KDE, KDE Security Advisory: kpdf Buffer Overflow Vulnerability (30.12.2004)

IDEFENSE, iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability (22.12.2004)

SECUNIA, [SA13411] MIMEsweeper for SMTP PDF File Processing Denial of Service (11.12.2004)

document MANDRAKE, MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities (22.10.2004)

MANDRAKE, MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability (22.10.2004)

KDE, [KDE security advisory] Multiple integer overflows in kpdf (22.10.2004)

Discuss: Read or add your comments to this news (0 comments)

fcron convert-fcrontab buffer overflow
Published: 01.02.2006
Source: BUGTRAQ
SecurityVulns ID: 5722
Type: local
Level: 5/10
Description: Heap based buffer overflow on oversized command line.

Affected: FCRON : fcron 3.0

Original document Adam Zabrocki, [Full-disclosure] Fcrontab - memory corruption on heap. (01.02.2006)

Discuss: Read or add your comments to this news (0 comments)

Blue Coat ProxySG proxy server protection bypass
Published: 01.02.2006
Source: SECUNIA
SecurityVulns ID: 5724
Type: remote
Level: 5/10
Description: It's possible to bypass target port limitations with HTTP CONNECT method.

Affected: BLUECOAT : SGOS 4.1

Original document SECUNIA, [SA18622] Blue Coat ProxySG SGOS Two Security Issues (01.02.2006)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 01.02.2006
Source: BUGTRAQ
SecurityVulns ID: 5720
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: SPIP : SPIP 1.8
FARSINEWS : FarsiNews 2.1
PUNCTWEB : MyCO guestbook 1.0
PHPBB : Rlink 1.0
CALENDARIX : Calendarix 0.6
SUBZANE : SZUserMgnt 1.4
IPB : Dragoran Portal 1.3

Original document SECUNIA, [SA18664] IPB Dragoran Portal Module "site" SQL Injection Vulnerability (01.02.2006)

jdo24_(at)_cornell.edu, Blackboard Authentication Error (01.02.2006)

Aliaksandr Hartsuyeu, [eVuln] SZUserMgnt Authentication Bypass (01.02.2006)

Aliaksandr Hartsuyeu, [eVuln] Calendarix SQL Injection & Authorization Bypass Vulnerabilities (01.02.2006)

document SECUNIA, [SA18666] SZUserMgnt "username" SQL Injection Vulnerability (01.02.2006)

SECUNIA, [SA18620] phpBB Rlink Module "url" Cross-Site Scripting Vulnerability (01.02.2006)

Sieg Fried, [Full-disclosure] ZRCSA-200601: SPIP - Multiple Vulnerabilities (01.02.2006)

revnic_(at)_gmail.com, MyCO multiple vulnerabilities (01.02.2006)

document h e, FarsiNews 2.1 PHP Remote File Inclusion (01.02.2006)

Discuss: Read or add your comments to this news (0 comments)

libpng PNG processing library buffer overflow
Published: 01.02.2006
Source: SECUNIA
SecurityVulns ID: 5723
Type: library
Level: 6/10
Description: Alpha-channels processing buffer overflow in png_set_strip_alpha().

Affected: libpng : libpng 1.2
libpng : libpng 1.0

Original document SECUNIA, [SA18654] libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability (01.02.2006)

Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows system services privilege escalation
updated since 01.02.2006
Published: 11.04.2006
Source: BUGTRAQ
SecurityVulns ID: 5721
Type: local
Level: 8/10
Description: There are several local services SSDP Discovery service, Universal Plug and Play Host service) allow any authenticated user to configure service. It makes it possible to specify executable file and elevate privilege to Local System. Also vulnerable: HP Software: "Pml Driver HPZ12" (HP Printer Laserjet 4200L PCL 6) Audodesk: "Autodesk Licensing Service" Dell Power Managment Software for network cards: "NICCONFIGSVC" Macromedia: "Macromedia Licensing Service" Zonelabs.com TrueVector Device Driver: "vsdatant" C-Dilla Software: "C-DillaCdaC11BA" Macrovision SECURITY Driver (Security Windows NT): "CdaC15BA" Macrovision SECURITY Driver (Security Windows NT): "SecDrv"

Affected: MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server

Original document MICROSOFT, Microsoft Security Bulletin MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798) (11.04.2006)

yourname_(at)_yourdomain.com, Copy protection scheme SafeDisc allows privilege escalation (12.03.2006)

Andres Tarasco , [Full-disclosure] Privilege Scalation for Windows Networks using weak Service restrictions v2.0 exploit (13.02.2006)

document sudhakar+bugtraq_(at)_cs.princeton.edu, Windows Access Control Demystified (01.02.2006)

Files: Windows Access Control Demystified
Exploits Privilege Escalation for Windows Networks using weak Service restrictions v2.0
Privilege Checker for Windows Services exploits weak service permissions
Microsoft Security Bulletin MS06-011 Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Discuss: Read or add your comments to this news (0 comments)