Computer Security
[EN] securityvulns.ru no-pyccku


Different FTP servers multiple security vulnerabilities
updated since 02.05.2006
Published:09.05.2006
Source:
SecurityVulns ID:6079
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities were uncovered with FTP Fuzzer stress test suite. - ArgoSoft FTP Server (RNTO Unicode overflow) - Golden FTP Server (NLST overflow) - FileZilla FTP Server (MLSD) - FileZilla remote server interface (homemade protocol) - WarFTPD (various exceptions and WDM.exe overflow)
Original documentdocumentinfocus, INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities (09.05.2006)
 documentinfocus, infocus (02.05.2006)

Quake 3 engine buffer overflow
updated since 06.05.2006
Published:09.05.2006
Source:
SecurityVulns ID:6102
Type:client
Threat Level:
6/10
Description:Buffer overflow on remapShader command processing.
Affected:ID : Quake3Arena 1.32
 GRAYMATTER : Return to Castle Wolfenstein 1.41
 GRAYMATTER : Wolfenstein: Enemy Territory 2.60
Original documentdocumentThilo Schulz, [Full-disclosure] Two independent vulnerabilities (client and server side) in Quake3 engine and many derived games (09.05.2006)
 documentSECUNIA, [SA19984] Quake 3 Engine "remapShader" Command Buffer Overflow (06.05.2006)
Files:"R_RemapShader()" q3 engine 1.32b client remote bof exploit

ICQ client cross application scripting
Published:09.05.2006
Source:
SecurityVulns ID:6107
Type:m-i-t-m
Threat Level:
5/10
Description:It's possible to inject script code into banner window to execute code in My Computer security zone.
Affected:ICQ : ICQ 5.04
Original documentdocumentQQLan_(at)_yandex.ru, ICQ Client Cross-Application Scripting (XAS) (09.05.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.05.2006
Source:
SecurityVulns ID:6108
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SINGAPORE : singapore 0.9
 PHPFUSION : PHP-Fusion 6.0
 MYBB : MyBB 1.1
 CREATIVESOFTWARE : Creative Community Portal 1.1
 OPENENGINE : OpenEngine 1.8
 ANGELINECMS : AngelineCMS 0.6
 IDEALBB : IdealBB 1.5
 CLAROLINE : e-Learning 1.7
 PHPRAID : phpRaid 2.9
 PHPRAID : phpRaid 3.0
 PHPLISTPRO : PhpListPro 2.01
 ACTUALSCRIPTS : ActualAnalyzer Pro 6.88
 MULTICALENDARS : MultiCalendars 3.0
 PLANETC : plaNetStat 27.01.2005
CVE:CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, possibly 2.0 and earlier, allows remote attackers to upload and execute arbitrary ASP files by removing the client-side security checks.)
Original documentdocumentalp_eren_(at)_ayyildiz.org, plaNetStat Admin ByPass (09.05.2006)
 documentDj_ReMix_20_(at)_hotmail.com, # MHG Security Team --- OzzyWork Gallery SQL Injection (09.05.2006)
 documentSECUNIA, [SA20006] EPublisherPro "title" Cross-Site Scripting Vulnerability (09.05.2006)
 documentSECUNIA, [SA20043] EImagePro SQL Injection Vulnerabilities (09.05.2006)
 documentSECUNIA, [SA20017] EDirectoryPro "keyword" Parameter SQL Injection (09.05.2006)
 documentSECUNIA, [SA20030] MultiCalendars "calsids" Parameter SQL Injection Vulnerability (09.05.2006)
 documentBoNy-m_(at)_hotmail.com, tseekdir.cgi<--Local File Include (09.05.2006)
 documentSECUNIA, [SA19996] 2005-Comments-Script Multiple Vulnerabilities (09.05.2006)
 documentSiegfried, [Full-disclosure] Claroline file inclusion vulnerabilities (09.05.2006)
 documentScott Dewey, [Full-disclosure] [XPA] ActualAnalyzer Pro v6.88 - Remote Command Execution Vulnerability (09.05.2006)
 documentAesthetico, [MajorSecurity] phpListPro <= 2.01 - Multiple Remote File Include Vulnerability (09.05.2006)
 documentrgod_(at)_autistici.org, PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload & local inclusion vulnerabilities (09.05.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 5] phpRaid Remote File Include [SMF] (09.05.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 4] phpRaid Remote File Include Vulnerability (PHPBB) (09.05.2006)
 documentalp_eren_(at)_ayyildiz.org, singapore v0.9.7 XSS Vulnerabilities (09.05.2006)
 documentbeford, Claroline Open Source e-Learning 1.7.5 Remote File Include (09.05.2006)
 documentCodeScan Labs, Multiple Vulnerabilities In IdealBB ASP Bulletin Board (09.05.2006)
 documentadmin_(at)_subjectzero.net, AngelineCMS Multiple Vulnerabilities (09.05.2006)
 documentimei, [KAPDA] MyBB1.1.1~Email Verification in User Activation ~SQL Injection Attack (09.05.2006)
 documentck_(at)_caroli.info, OpenEngine (PHP CMS) (09.05.2006)
 documentalp_eren_(at)_ayyildiz.org, Phil's Bookmark script admin By-pass (09.05.2006)
 documentSnoBMSN_(at)_Hotmail.De, Limbo CMS (option=weblinks) SQL injection exploit (09.05.2006)
 documentalp_eren_(at)_ayyildiz.org, X-POLL admin By-Pass (09.05.2006)
 documentr0t, Creative Community Portal vuln. (09.05.2006)
Files:Exploits PHPFusion <= v6.00.306 avatar mod_mime arbitrary file upload
 ActualAnalyzer Remote File Inclusion Exploit

Sophos Anti-Virus memory corruption
Published:09.05.2006
Source:
SecurityVulns ID:6110
Type:client
Threat Level:
6/10
Description:Heap memory corruption on CAB archives parsing.
Affected:SOPHOS : Sophos Anti-Virus 4.5
 SOPHOS : Sophos Anti-Virus 5.2
 SOPHOS : Sophos Anti-Virus 4.7
 SOPHOS : Sophos Anti-Virus 4.04
 SOPHOS : PureMessage 5.2
 SOPHOS : PureMessage 4.04
 SOPHOS : MailMonitor 4.04
Original documentdocumentZDI, ZDI-06-012: Sophos Anti-Virus CAB Unpacking Code Execution Vulnerability (09.05.2006)

Cisco PIX / FWSM WebSense content filtering bypass
Published:09.05.2006
Source:
SecurityVulns ID:6111
Type:remote
Threat Level:
5/10
Description:Filter doesn't catch signature in segmented packet.
Affected:CISCO : PIX 7.0
 CISCO : FWSM 2.3
Original documentdocumentCISCO, VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices (09.05.2006)
 documentVSR Advisories, VSR Advisory: WebSense content filter bypass when deployed in conjunction with Cisco filtering devices (09.05.2006)

Cisco Secure ACS for Windows information leak
Published:09.05.2006
Source:
SecurityVulns ID:6112
Type:local
Threat Level:
5/10
Description:Administration password and encryption key are insecurely stored in HKEY_LOCAL_MACHINE registry key.
Affected:CISCO : Secure ACS for Windows 3.3
Original documentdocumentCISCO, Re: SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure (09.05.2006)
 documentSYMANTEC, SYMSA-2006-003: Cisco Secure ACS for Windows - Administrator Password Disclosure (09.05.2006)

Linux kernel SCTP DoS
Published:09.05.2006
Source:
SecurityVulns ID:6113
Type:remote
Threat Level:
5/10
Description:Few vulnerabilities on SCTP chunks parsing.
Affected:LKSCTP : Linux SCTP 2.6
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200605-01] Multiple vulnerabilities in Linux SCTP 2.6.16 (09.05.2006)

Avahi multiple security vulnerabilities
Published:09.05.2006
Source:
SecurityVulns ID:6114
Type:remote
Threat Level:
5/10
Description:Buffer overflow, DoS.
Affected:AVAHI : Avahi 0.6
Original documentdocumentSECUNIA, [SA20022] Avahi Denial of Service and Buffer Overflow Vulnerabilities (09.05.2006)

SunSolaris libike IKE library DoS
Published:09.05.2006
Source:
SecurityVulns ID:6115
Type:library
Threat Level:
5/10
Affected:ORACLE : Solaris 9
 ORACLE : Solaris 10
Original documentdocumentSECUNIA, [SA20050] Sun Solaris libike Denial of Service Vulnerability (09.05.2006)

Microsoft Exchange Calendar code execution
updated since 09.05.2006
Published:10.05.2006
Source:
SecurityVulns ID:6117
Type:remote
Threat Level:
10/10
Description:Server doesn't properly handles iCal and vCal properties of MIME message.
Affected:MICROSOFT : Exchange 2000
 MICROSOFT : Exchange 2003
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-129A -- Microsoft Windows and Exchange Server Vulnerabilities (10.05.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) (09.05.2006)
Files:Microsoft Security Bulletin MS06-019 Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)

TZipBuilder / Abakt / CAM UnZip / ZipCentral buffer overflow
updated since 09.05.2006
Published:30.05.2006
Source:
SecurityVulns ID:6109
Type:client
Threat Level:
5/10
Description:Buffer overflow on ZIP archives parsing.
Affected:DREHIEKSW : TZipBuilder 1.79
 ABAKT : Abakt 0.9
 CAMUNZIP : CAM UnZip 4.0
 CAMUNZIP : CAM UnZip 4.3
Original documentdocumentSECUNIA, [SA20179] ZipCentral ZIP File Handling Buffer Overflow Vulnerability (30.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability (19.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability (15.05.2006)
 documentSECUNIA, Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability (09.05.2006)
Files:ZipCentral 4.01 Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod