Computer Security
[EN] securityvulns.ru no-pyccku


WinACE archiver buffer overflow
updated since 09.09.2005
Published:07.09.2006
Source:
SecurityVulns ID:5187
Type:local
Threat Level:
6/10
Description:Stack based buffer overflow on ACE archive with oversized filenames inside.
Affected:ALZIP : ALZip 6.1
 GHISLER : Total Commander 6.54
 SERVANT : Salamander 2.0
 WINHKI : WinHKI 1.67
 EXTRACTNOW : ExtractNow 3.60
 ASQUARED : Anti-Trojan 5.5
 WHEREISIT : Where Is It 3.73
 ULTIMATEZIP : UltimateZip 2.9
 ULTIMATEZIP : UltimateZip 3.0
 ULTIMATEZIP : UltimateZip 3.1
 FILZIP : Filzip 3.04
 EAZEL : Eazel 1.0
 IZARC : IZArc 3.5
 BITZIPPER : BitZipper 4.1
 RISINGANTIVIRUS : Rising Antivirus 2006
 AUTOMATE : Automate 6.1
 ZIPTV : ZipTV for Delphi 7 2006.1
 ZIPTV : ZipTV for C++ Builder 2006.1
Original documentdocumentSECUNIA, [SA20270] ZipTV ARJ Archive Handling and unacev2.dll Buffer Overflows (07.09.2006)
 documentSECUNIA, Secunia Research: BitZipper unacev2.dll Buffer Overflow Vulnerability (24.07.2006)
 documentSECUNIA, [SA19890] AutoMate unacev2.dll Buffer Overflow Vulnerability (07.06.2006)
 documentSECUNIA, [SA20285] Assetman Unspecified Script Insertion Vulnerabilities (30.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: IZArc unacev2.dll Buffer Overflow Vulnerability (17.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: Eazel unacev2.dll Buffer Overflow Vulnerability (17.05.2006)
 documentSECUNIA, [SA19834] FilZip unacev2.dll Buffer Overflow Vulnerability (15.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: UltimateZip unacev2.dll Buffer Overflow Vulnerability (11.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: Where Is It unacev2.dll Buffer Overflow Vulnerability (09.05.2006)
 documentSECUNIA, Secunia Research: Anti-Trojan unacev2.dll Buffer Overflow Vulnerability (09.05.2006)
 documentSECUNIA, [SA19581] ExtractNow unacev2.dll Buffer Overflow Vulnerability (02.05.2006)
 documentSECUNIA, Secunia Research: WinHKI unacev2.dll Buffer Overflow Vulnerability (01.05.2006)
 documentSECUNIA, Secunia Research: Servant Salamander unacev2.dll Buffer Overflow Vulnerability (28.04.2006)
 documentSECUNIA, [SA19454] Total Commander unacev2.dll Buffer Overflow Vulnerability (30.03.2006)
 documentSECUNIA, Secunia Research: ALZip ACE Archive Handling Buffer Overflow (09.09.2005)
Files:Total Commander unacev2.dll Buffer Overflow PoC Exploit

Cisco IOS access control lists bypass with GRE
Published:07.09.2006
Source:
SecurityVulns ID:6586
Type:remote
Threat Level:
5/10
Description:Under some conditions it's possible to create GRE with payload to be forwarded from router's IP.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
Original documentdocumentCISCO, [Full-disclosure] RE: Cisco IOS GRE issue (07.09.2006)
 documentFX, Cisco IOS GRE issue (07.09.2006)

Canon ImageRunner information leak
Published:07.09.2006
Source:
SecurityVulns ID:6587
Type:remote
Threat Level:
5/10
Description:During address book export with web inteface different password types are visible in cleartext.
Affected:CANON : imageRUNNER C3220
 CANON : ImageRunner 5020
 CANON : imageRUNNER 9070
 CANON : imageRUNNER C6800
 CANON : ImageRunner C6870
 CANON : ImageRunner 8500
Original documentdocumentgunrnr_(at)_earthlink.net, Canon ImageRunner reveals SMB, IPX, and FTP username/passwords (07.09.2006)

HP-UX usermod file ownership change
Published:07.09.2006
Source:
SecurityVulns ID:6588
Type:local
Threat Level:
5/10
Description:usermod -d <dir> -u <new uid> -m <username> command causes username to became owner for dir directory recursively.
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02102 SSRT051078 rev.4 - HP-UX usermod(1M) Local Unauthorized Access. (07.09.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:07.09.2006
Source:
SecurityVulns ID:6589
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPOPENCHAT : PhpOpenChat 3.0
 WORDPRESS : WordPress 2.0
 SLSITE : SL_Site 1.0
 PROFITCODE : ppalCart 2.5
 PHPLEAGUE : PhpLeague 0.82
 PHPBB : phpBB Attachment Mod 2.4
Original documentdocumentSECUNIA, [SA21787] Attachment Mod Attachment Script Insertion Vulnerability (07.09.2006)
 documentSECUNIA, [SA21789] PhpLeague "id_joueur" SQL Injection Vulnerability (07.09.2006)
 documentKw3rLn, SL_Site <= 1.0 [spaw_root] Remote File Include Vulnerability (07.09.2006)
 documentMILW0RM, PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities (07.09.2006)
 documentstormhacker_(at)_hotmail.com, WDT :-phpopenchat-3.0.* ($sourcedir) Remote File Inclusion Exploit (07.09.2006)
 documentvannovax_(at)_gmail.com, Sql Injection and Path Disclosoure Wordpress v2.0.5 (07.09.2006)

Ipswitch IMail SMTP Server code execution
updated since 07.09.2006
Published:08.09.2006
Source:
SecurityVulns ID:6590
Type:remote
Threat Level:
6/10
Description:Stack buffer overflow on oversized hostname string within characters '@' and ':'.
Affected:IPSWITCH : IMail 2006
 IPSWITCH : Ipswitch Collaboration 2006
Original documentdocumentZDI, ZDI-06-028: Ipswitch Collaboration Suite SMTP Server Stack Overflow (08.09.2006)
 documentSECUNIA, [SA21795] Ipswitch IMail Server SMTP Service Unspecified Vulnerability (07.09.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod