Computer Security
[EN] securityvulns.ru no-pyccku


IronWall webserver directory traversal
Published:11.01.2006
Source:
SecurityVulns ID:5617
Type:remote
Threat Level:
5/10
Description:Directory traversal with Обратный путь в каталогах через /.../.
Affected:IRONWALL : IronWall Webserver 7.41
Original documentdocumenthwclock, [Full-disclosure] IronWall webserver remote file access. (11.01.2006)

Microsoft Windows embedded web fonts memory corruption
updated since 10.01.2006
Published:11.01.2006
Source:
SecurityVulns ID:5614
Type:client
Threat Level:
8/10
Description:Memory corruption on parsing web fonts embedded to HTML page. May be used to install trojans, backdoors or another malware to client computer.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentPiotr Bania, Microsoft Embedded OpenType Font Engine "t2embed" Remote Heap Overflow (11.01.2006)
 documentEEYE, [VulnWatch] [EEYEB-2000801] - Windows Embedded Open Type (EOT) Font Heap Overflow Vulnerability (11.01.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-002 Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519) (10.01.2006)
Files:Microsoft Security Bulletin MS06-002 Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
Published:11.01.2006
Source:
SecurityVulns ID:5616
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CALOGIC : CaLogic 1.2
 PHPNUKE : PHP-Nuke 7.8
 XARAYA : Xaraya 1.0
 THEWEBFORUM : TheWebForum 1.2
 FOXRUM : foxrum 4.0
 PEAR : go-pear 0.2
 PLAINBLACK : WebGUI 6.8
 MUSICBOX : MusicBox 2.2
 PHPNUKEEV : PHP-Nuke EV 7.7
 VENOMBOARD : VenomBoard 1.22
 PHPGSTAT : Phgstats 0.5
 MYPHPIM : MyPhPim 1.05
 ASPTOPSITES : AspTopSites
Original documentdocumentSECUNIA, [SA18417] CaLogic "title" New Event Script Insertion Vulnerability (11.01.2006)
 documentSECUNIA, [SA18233] Xaraya ADOdb Insecure Test Scripts Security Issues (11.01.2006)
 documentSECUNIA, [SA18408] AspTopSites SQL Injection Vulnerabilities (11.01.2006)
 documentSECUNIA, [SA18399] MyPHPim Multiple Vulnerabilities (11.01.2006)
 documentSECUNIA, [SA18346] Phgstats "phgdir" File Inclusion Vulnerability (11.01.2006)
 documentSECUNIA, [SA18383] VenomBoard SQL Injection Vulnerabilities (11.01.2006)
 documentSECUNIA, [SA18374] PHP-Nuke News "Story Text" Script Insertion Vulnerability (11.01.2006)
 documentSECUNIA, [SA18394] PHPNuke EV "query" SQL Injection Vulnerability (11.01.2006)
 documentSECUNIA, [SA18386] foxrum "url" bbcode Script Insertion Vulnerability (11.01.2006)
 documentSECUNIA, [SA18392] TheWebForum Script Insertion and SQL Injection Vulnerabilities (11.01.2006)
 documentSECUNIA, [SA18369] MusicBox SQL Injection Vulnerabilities (11.01.2006)
 documentSECUNIA, [SA18372] WebGUI Form Module Script Insertion Vulnerability (11.01.2006)
 documentjd2k2000_(at)_hotmail.com, New PEAR / Apache2Triad Exploit (11.01.2006)

BlackBerry Enterprise Server PNG files DoS
Published:11.01.2006
Source:
SecurityVulns ID:5618
Type:remote
Threat Level:
5/10
Affected:BLACKBERRY : BlackBerry Enterprise Server 4.0
Original documentdocumentSECUNIA, [SA18393] BlackBerry Enterprise Server PNG File Handling Vulnerability (11.01.2006)

Xmame Multiple Arcade Machine Emulator buffer overflow
updated since 03.06.2003
Published:11.01.2006
Source:
SecurityVulns ID:2871
Type:local
Threat Level:
5/10
Description:Buffer overflow on different command line options parsing.
Affected:XMAME : Xmame 0.102
Original documentdocumentKaiJern Lau, Xmame buffer overflow, with a possibility of privilege escalation. (11.01.2006)
 documentGabriel A. Maggiotti, xmame gain root exploit (03.06.2003)
Files:xmame gain root exploit
 Xmame 0.102 local vulnerability proof-of-concept
 PoC code for xmame "-lang" options

FreeBSD ipfw /pf IP firewall packet filter DoS
updated since 11.01.2006
Published:26.01.2006
Source:
SecurityVulns ID:5619
Type:remote
Threat Level:
6/10
Description:Problem with fragmented packets handling.
Affected:FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 6.0
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:07.pf (26.01.2006)
 documentSECUNIA, [SA18609] FreeBSD "pf" IP Fragment Denial of Service Vulnerability (25.01.2006)
 documentSECUNIA, [SA18378] FreeBSD ipfw IP Fragment Denial of Service Vulnerability (11.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod