Computer Security
[EN] securityvulns.ru no-pyccku


CA eTrust Antivirus WebScan ActiveX element buffer overflow
updated since 07.08.2006
Published:08.08.2006
Source:
SecurityVulns ID:6450
Type:client
Threat Level:
6/10
Description:Buffer overflow in "WScanCtl Class" ActiveX object installed during free online antiviral check.
Affected:CA : eTrust Antivirus WebScan 1.1
Original documentdocumentTSRT_(at)_3com.com, TSRT-06-05: Computer Associates eTrust AntiVirus WebScan Automatic Update Code Execution Vulnerability (08.08.2006)
 documentTSRT_(at)_3com.com, TSRT-06-06: Computer Associates eTrust AntiVirus WebScan Manifest Processing Buffer Overflow Vulnerability (08.08.2006)
 documentCA, CAID 34509 - CA eTrust Antivirus WebScan vulnerabilities (07.08.2006)

PHP memory corruption
Published:08.08.2006
Source:
SecurityVulns ID:6459
Type:local
Threat Level:
6/10
Description:sscanf() function past the end of aray writing.
Affected:PHP : PHP 4.4
 PHP : PHP 5.1
Original documentdocumentheintz_(at)_hotmail.com, php local buffer underflow could lead to arbitary code execution (08.08.2006)
Files:Exploits php local buffer underflow

McAfee Subscription Manager ActiveX buffer overflow
Published:08.08.2006
Source:
SecurityVulns ID:6460
Type:client
Threat Level:
7/10
Description:Buffer overflow in McSubMgr.dll marked safe for scripting.
Affected:MCAFEE : McAfee SecurityCenter 6.0
Original documentdocumentEEYE, [EEYEB-20060719] McAfee Subscription Manager Stack Buffer Overflow (08.08.2006)

liblesstif symbolic links vulnerability
Published:08.08.2006
Source:
SecurityVulns ID:6461
Type:library
Threat Level:
6/10
Description:Insecure debug files handling in libXm.
Affected:LIBLESSTIF : liblesstif 0.93
Original documentdocumentSECURITEAM, [UNIX] Liblesstif Local Root (Exploit) (08.08.2006)
Files:mtink libXm local root exploit

Imendio Planner format string vulnerability
Published:08.08.2006
Source:
SecurityVulns ID:6463
Type:client
Threat Level:
5/10
Description:Format string vulnerability in filename.
Affected:IMENDIOPLANNER : Imendio Planner 0.13
Original documentdocumentking_purba_(at)_yahoo.co.uk, IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY (08.08.2006)

RealVNC remote administration unauthroized access
updated since 15.05.2006
Published:08.08.2006
Source:
SecurityVulns ID:6142
Type:remote
Threat Level:
7/10
Description:Server doesn't check authentication type choosen by client is allowed.
Affected:REALVNC : RealVNC 4.1
 LIBVNCSERVER : LibVNCServer 0.7
 X11VNC : x11vnc 0.8
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200608-12 ] x11vnc: Authentication bypass in included LibVNCServer code (08.08.2006)
 documentSECUNIA, [SA20940] LibVNCServer Authentication Bypass Vulnerability (14.07.2006)
 documentJames Evans, [Full-disclosure] RealVNC 4.1.1 Remote Compromise (15.05.2006)
Files:vnc scanner multithreaded windows
 vnc scanner multithreaded linux
 scan for OpenVNC 4.11 authentication bypass

Microsoft Windows DNS client buffer overflows
updated since 08.08.2006
Published:09.08.2006
Source:
SecurityVulns ID:6464
Type:library
Threat Level:
9/10
Description:Buffer overflows in Winsock API and DNS client code.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) (08.08.2006)
Files:POC for MS06-041
 Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)

Microsoft Windows crossite MMC access
updated since 08.08.2006
Published:09.08.2006
Source:
SecurityVulns ID:6466
Type:client
Threat Level:
7/10
Description:Script from Internet/Intranet zone site can access any Microsoft Management Console's object.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008) (08.08.2006)
Files:Microsoft Security Bulletin MS06-044 Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)

Microsoft Visual Basic for Applications buffer overflow
updated since 08.08.2006
Published:09.08.2006
Source:
SecurityVulns ID:6468
Type:library
Threat Level:
6/10
Description:Buffer oveflow on VBA script parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-047 Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645) (08.08.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 08.08.2006
Published:10.08.2006
Source:
SecurityVulns ID:6462
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VWAR : VWar 1.5
 BLUR6EX : blur6ex 0.3
 SIMPLOG : simplog 0.9
 PHPSIMPLESHOP : PHP Simple Shop 2.0
 SAPID : SAPID CMS 123
 PHPCC : phpCC 4.2
 USOLVED : NEWSolved Lite 1.9
 DELUXEBB : DeluxeBB 1.08
 VISUALEVENTSCALE : isual Events Calendar 1.1
 PHPPRINTANALYZER : phpPrintAnalyzer 1.1
 TAGGER : Tagger 3
Original documentdocumentMORGAN, Tagger v3 <= BBCodeFile Remote file inclusion (10.08.2006)
 documentsh3ll_(at)_sh3ll.ir, phpPrintAnalyzer <= 1.1 (rep_par_rapport_racine) Remote File Inclusion Vulnerability (08.08.2006)
 documentx0r0n_(at)_hotmail.com, Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability (08.08.2006)
 documentdarkz.gsa_(at)_gmail.com, DeluxeBB Multiple Vulnerabilities (08.08.2006)
 documentpiiiiiii pppiiiiiiii, simplog 0.9.3 and prior XSS (08.08.2006)
 documentAG Spider, Virtual War v1.5.0 Remote File Include (vwar_root) (08.08.2006)
 documentpiiiiiii pppiiiiiiii, blur6ex 0.3 Comment title HTML inyection vuln. (08.08.2006)
 documentphilipp.niedziela_(at)_gmx.de, NEWSolved Lite v1.9.2 (abs_path) Remote File Inclusion (08.08.2006)
 documentsimo64_(at)_morx.org, SAPID CMS remote File Inclusion vulnerabilities (08.08.2006)
 documentchris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion (08.08.2006)
 documenterdc_(at)_echo.or.id, SolpotCrew Advisory #6 - phpCC - Beta 4.2 (base_dir) Remote File Inclusion (08.08.2006)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_44$2006] PHP Simple Shop <= 2.0 (abs_path) Remote File Inclusion (08.08.2006)
 documentc.boulton_(at)_mybboard.com, XennoBB <= 2.1.0 "birthday" SQL injection (08.08.2006)
Files:Exploits SAPID CMS remote File Inclusion Vulnerabilities

Multiple Microsoft Internet Explorer security vulnerabilities
updated since 08.08.2006
Published:13.09.2006
Source:
SecurityVulns ID:6465
Type:client
Threat Level:
9/10
Description:Crossite scripting, crossite information access, FTP commands injection. Vulnerabilities can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentEEYE, [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2 (13.09.2006)
 documentNSFOCUS, NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability (28.08.2006)
 documentEEYE, [Full-disclosure] EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability (25.08.2006)
 documentMICROSOFT, Microsoft Security Advisory (923762) Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit (23.08.2006)
 documentEEYE, EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable (23.08.2006)
 documentTSRT_(at)_3com.com, [Full-disclosure] TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability (09.08.2006)
 documentTSRT_(at)_3com.com, [Full-disclosure] TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability (09.08.2006)
 documentZDI, ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability (09.08.2006)
 documentZDI, ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability (09.08.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) (08.08.2006)
Files:Internet Explorer COM CreateObject Code Execution exploit (metasploit)
 Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899)
 Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod