Computer Security
[EN] securityvulns.ru no-pyccku


Songbird Media Player format string
Published:01.12.2006
Source:
SecurityVulns ID:6875
Type:remote
Threat Level:
5/10
Description:Format string vulnerability on M3U files parsing.
Affected:SONGIBIRD : Songbird Media Player 0.2
Files:0-day Songbird Media Player <= 0.2 Format String Denial Of Service PoC

NetBSD and Mac OS X ftpd / tnftpd buffer overflow
Published:01.12.2006
Source:
SecurityVulns ID:6877
Type:remote
Threat Level:
7/10
Description:Buffer overflow in NLST FTP command file globbing.
Affected:APPLE : MacOS X 10.3
 TNFTPD : tnftpd 20040810
 LUKEMFTPD : lukemftpd 20040810
Original documentdocumentKevin Finisterre, Re: [Full-disclosure] NetBSD FTPD and ports ***REMOTE ROOOOOT HOLE*** (01.12.2006)
 documentkingcope_(at)_gmx.net, [Full-disclosure] NetBSD FTPD and ports ***REMOTE ROOOOOT HOLE*** (01.12.2006)
Files:NetBSD ftpd and ports *Remote ROOOOOT $HOLE$*

Novell Netware Client multiple security vulnerabilities
updated since 29.11.2006
Published:01.12.2006
Source:
SecurityVulns ID:6868
Type:remote
Threat Level:
6/10
Description:Buffer overflow in EnumPrinters() and OpenPrinter() functions. Format string vulnerability in Novell Modular Authentication Services.
Affected:NOVELL : NetWare Client 4.91
CVE:CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.)
Original documentdocumentDeral Heiland, [Full-disclosure] Layered Defense Advisory: Novell Client 4.91 Format String Vulnerability (01.12.2006)
 documentZDI, ZDI-06-043: Novell Netware Client Print Provider Buffer Overflow Vulnerability (29.11.2006)
Files:Citrix Metaframe Presentation Server / Javvin DiskAccess printer provider buffer overflow

libgsf buffer overflow
updated since 30.11.2006
Published:01.12.2006
Source:
SecurityVulns ID:6874
Type:library
Threat Level:
5/10
Description:ole_init_info() heap overflow.
Affected:GNOME : libgsf 1.11
 GNOME : libgsf 1.14
Original documentdocumentIDEFENSE, iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability (01.12.2006)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution (30.11.2006)

Quintessential Player buffer overflow
Published:01.12.2006
Source:
SecurityVulns ID:6876
Type:client
Threat Level:
5/10
Description:.PLS, .M3U, M3u-8 playlists buffer overflow.
Affected:QUINTESSENTIAL : Quintessential Player 4.50
Files:0-day Quintessential Player <= 4.50.1.82 Playlist Denial Of Service PoC

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:01.12.2006
Source:
SecurityVulns ID:6879
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WOLTLAB : Woltlab Burning Board 2.3
 INVISION : Invision Gallery 2.0
 SEDITIO : Seditio 1.10
 ALEXGUESTBOOK : @lex Guestbook 4.0
 INVISION : Invision Community Blog Mod 1.2
 LIFETYPE : Lifetype 1.1
 CLANPORTAL : Clanportal 1.3
Original documentdocumentTim Weber, [Full-disclosure] deV!L`z Clanportal - Arbitrary File Upload [061124b] (01.12.2006)
 documentTonu Samuel, [Full-disclosure] phpmyfaq exploit using PHP bug, CVE-2006-1490 (01.12.2006)
 documentinfection_(at)_mail.kz, Invision Gallery 2.0.7 SQL Injection Vulnerability (01.12.2006)
 documentJesper Jurcenoks, LifeType version 1.1.2 Multiple Path Disclosure Vulnerabilities (01.12.2006)
 documentblueshisha_(at)_safe-mail.net, Woltlab Burning Board 2.3.X XSS Vulnerability (0-Day) FIXED VERSION (01.12.2006)
 documentajannhwt_(at)_hotmail.com, LDU <= 8.x (polls.php) Remote SQL Injection Vulnerability (01.12.2006)
 documentcapt.nem0_(at)_gmx.de, contentserv 4.x (01.12.2006)
 documentinfection_(at)_mail.kz, Invision Community Blog Mod 1.2.4 .PHP SQL Injection Vulnerability (01.12.2006)
 documentajannhwt_(at)_hotmail.com, Seditio <= 1.10 (pollid) Remote SQL Injection Vulnerability (01.12.2006)
 documentMr_KaLiMaN, @lex Guestbook 4.0.1 : Full Path Disclosure & XSS (01.12.2006)
 documentMr_KaLiMaN, @lex Guestbook 4.0.1 : Full Path Disclosure & XSS (01.12.2006)

MailEnable IMAP Server multiple security vulnerabilities
updated since 01.12.2006
Published:09.12.2006
Source:
SecurityVulns ID:6878
Type:remote
Threat Level:
6/10
Description:Buffer overflow in EXAMINE, SELECT, DELETE commands.
Affected:MAILENABLE : MailEnable Professional 2.32
Original documentdocumentSECUNIA, [SA23267] MailEnable IMAP Service Denial Of Service Vulnerability (09.12.2006)
 documentSECUNIA, [SA23201] MailEnable IMAP Service Buffer Overflow Vulnerability (09.12.2006)
 documentSECUNIA, Secunia Research: MailEnable IMAP Service Two Vulnerabilities (01.12.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod