Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Mozilla / Firefox / Thinderbird vulnerabilities
updated since 03.02.2006
Published:08.02.2006
Source:
SecurityVulns ID:5730
Type:client
Threat Level:
8/10
Description:Javascript code execution, heap memory corruption with styles, memory corruption with QueryInterface, code execution with XULDocument.persist(), multiple integer overflows, information leak from nsExpatDriver::ParseBuffer(). Silen trojan code installation is potentially possible.
Affected:MOZILLA : Mozilla 1.7
 MOZILLA : Firefox 1.5
 MOZILLA : Thunderbird 1.7
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-038A -- Multiple Vulnerabilities in Mozilla Products (08.02.2006)
 documentSECUNIA, [SA18700] Firefox Multiple Vulnerabilities (03.02.2006)
Files: Mozilla Firefox "location.QueryInterface()" Remote Command Execution Exploit

crypt_blowfish cryptographic problem
Published:08.02.2006
Source:
SecurityVulns ID:5746
Type:local
Threat Level:
4/10
Description:Salt generation algorithm has high probability of salt duplication.
Affected:OPENWALL : crypt_blowfish 0.4
Original documentdocumentSolar Designer, crypt_blowfish 1.0 (08.02.2006)

Counter Strike (Half Life) game servers DoS
Published:08.02.2006
Source:
SecurityVulns ID:5747
Type:remote
Threat Level:
6/10
Description:Incomplete client request leads to endless loop.
Affected:CSTRIKE : cstrike 1.6
Original documentdocumentFirestorm, Half-Life/cstrike server remote DoS (08.02.2006)
Files:Exploits Counter Strike server endless loop

Multiple Lexmark printers software security vulnerabilities
Published:08.02.2006
Source:
SecurityVulns ID:5748
Type:remote
Threat Level:
6/10
Description:Remote unauthorized access and local privilege escalation with different printer software components.
Original documentdocumentKevin Finisterre, Re: High Risk Vulnerability in Lexmark Printer Sharing Service (08.02.2006)
 documentNGSSoftware Insight Security Research Advisory (NISR), High Risk Vulnerability in Lexmark Printer Sharing Service (08.02.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:08.02.2006
Source:
SecurityVulns ID:5749
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MYBB : MyBB 1.0
 EYEOS : eyeOS 0.8
 MYQUIZ : MyQuiz 1.01
 UNKNOWNDOMAIN : Unknown Domain Shoutbox 1.0
Original documentdocumentSECUNIA, [SA18759] Unknown Domain Shoutbox Two Vulnerabilities (08.02.2006)
 documentSECUNIA, [SA18761] GuestBookHost SQL Injection Vulnerabilities (08.02.2006)
 documentSumit Siddharth, [Full-disclosure] Re: cPanel Multiple Cross Site Scripting Vulnerability (08.02.2006)
 documentSumit Siddharth, [Full-disclosure] Cpanel Admin login (username) Disclosure (08.02.2006)
 documentimei, [myimei]MyBB1.0.3~moderation.php~SqlInject while merging posts (08.02.2006)
 documentimei, [myimei]MyBB 1.0.2 XSS attack in search.php (08.02.2006)
 documentJeiAr, eyeOS <= 0.8.9 Remote Code Execution (08.02.2006)
 documentirc0d3r_(at)_yahoo.com, MyQuiz Arbitrary Command Execution Exploit (perl) (08.02.2006)
Files:MyQuiz Remote Command Execution Exploit

Multiple QNX Neutrino real-time OS vulnerabilities
Published:08.02.2006
Source:
SecurityVulns ID:5750
Type:local
Threat Level:
6/10
Description:libph buffer overflow. phfont race conditions. phgrafx buffer overflow. su buffer overflow. Local DoS. rc.local is world writable. passwd buffer overflow. crttrap relative libraries path. fontsleuth format string bug. libAp buffer overflow.
Affected:QNX : QNX 6.3
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libAp ABLPATH Buffer Overflow Vulnerability (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS fontsleuth Command Format String Vulnerability (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS crttrap Arbitrary Library Loading Vulnerability (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS passwd Command Buffer Overflow (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 rc.local Insecure File Permissions Vulnerability (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX RTOS 6.3.0 Local Denial of Service Vulnerability (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS su Command Buffer Overflow (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phgrafx Command Buffer Overflow (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS phfont Race Condition Vulnerability (08.02.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 02.07.06: QNX Neutrino RTOS libph PHOTON_PATH Buffer Overflow Vulnerability (08.02.2006)

Linux kernel ICMP DoS
Published:08.02.2006
Source:
SecurityVulns ID:5751
Type:remote
Threat Level:
6/10
Description:record-route or timestamp IP options handling vulnerability.
Affected:LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA18766] Linux Kernel ICMP Error Handling Denial of Service (08.02.2006)

Sun Java sandbox protection bypass
Published:08.02.2006
Source:
SecurityVulns ID:5752
Type:client
Threat Level:
7/10
Description:It's possible to bypass sandbox with "reflection" API. This vulnerability can be used for silent trojan installation.
Affected:SUN : JRE 1.3
 SUN : JDK 1.3
 SUN : JDK 1.4
 ORACLE : JRE 1.4
 SUN : JRE 1.5
 SUN : JDK 1.5
 SUN : JRE 5.0
Original documentdocumentSECUNIA, [SA18762] Java Web Start Sandbox Security Bypass Vulnerability (08.02.2006)
 documentSECUNIA, [SA18760] Sun Java JRE "reflection" APIs Sandbox Security Bypass Vulnerabilities (08.02.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod