Computer Security

Search:Vulnerability:11.10.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



ASP.NET crossite scripting
Published:11.10.2006
Source:MICROSOFT
SecurityVulns ID:6696
Type:remote
Level:5/10
Description:Crossite scripting with AutoPostBack forms.
Affected:MICROSOFT : ASP.NET 2.0
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-056 Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770) (11.10.2006)
Files:Microsoft Security Bulletin MS06-056 Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
Discuss:Read or add your comments to this news (0 comments)

Multiple Microsoft XML service security vulnerabilities
Published:11.10.2006
Source:BUGTRAQ
SecurityVulns ID:6698
Type:client
Level:7/10
Description:Crossdomain data access, buffer overflow.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-061 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191) (11.10.2006)
Files:Microsoft Security Bulletin MS06-061 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows drmstor.dll buffer overflow
Published:11.10.2006
Source:BUGTRAQ
SecurityVulns ID:6702
Type:remote
Level:7/10
Description:Buffer overflow in ActiveX element.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentJose Antonio, MS Windows DRM software Memory Corruption (11.10.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft PowerPoinr memory corruption
updated since 28.09.2006
Published:11.10.2006
Source:MICROSOFT
SecurityVulns ID:6661
Type:client
Level:6/10
Description:0-day vulberability in SlideShowWindows.View.GotoNamedShow() function is used for malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
Original documentdocumentZDI, ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability (11.10.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) (11.10.2006)
 documentJuha-Matti Laurio, Vulnerable function in newest PowerPoint case (MS Advisory #925984) (07.10.2006)
 documentMICROSOFT, Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution (28.09.2006)
Files:PPT 0day poc
 Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution
 Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution
Discuss:Read or add your comments to this news (0 comments)

FreeBSD ptrace() DoS
Published:11.10.2006
Source:BUGTRAQ
SecurityVulns ID:6703
Type:local
Level:5/10
Description:Integer overflow in PT_LWPINFO.
Affected:FREEBSD : FreeBSD 6.0
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.10.06: FreeBSD ptrace PT_LWPINFO Denial of Service Vulnerability (11.10.2006)
Files:FreeBSD ptrace DoS
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows WebViewFolderIcon ActiveX (integer overflow)
updated since 28.09.2006
Published:11.10.2006
Source:CERT
SecurityVulns ID:6656
Type:client
Level:10/10
Description:Integer overflow can be used for hidden malware installation.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191) (11.10.2006)
 documentAlexander Sotirov, [Full-disclosure] Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow) (30.09.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability (28.09.2006)
Files:Exploits Microsoft IE WebViewFolderIcon setSlice Integer Overflow
 Microsoft Internet Explorer WebViewFolderIcon (setSlice) Exploit (0day) Works on all Windows XP versions including SP2
 Exploits Internet Explorer WebViewFolderIcon setSlice() Overflow (Metasploit)
 Microsoft Internet Explorer WebViewFolderIcon setSlice() D0wnLoad & Exec POC
 Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
Discuss:Read or add your comments to this news (0 comments)

Multiple Microsoft Windows IPv6 security vulnerabilities
Published:11.10.2006
Source:MICROSOFT
SecurityVulns ID:6700
Type:remote
Level:5/10
Description:TCP connection reset with ICMP or TCP packet, CPU exhaustion.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-064 Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819) (11.10.2006)
Files:Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows Server service multiple security vulnerabilities
Published:11.10.2006
Source:BUGTRAQ
SecurityVulns ID:6699
Type:remote
Level:7/10
Description:Denial of service and code execution vulnerabilities.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-063 Vulnerability in Server Service Could Allow Denial of Service (923414) (11.10.2006)
Files:Microsoft Security Bulletin MS06-063 Vulnerability in Server Service Could Allow Denial of Service (923414)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.10.2006
Source:
SecurityVulns ID:6704
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:VTIGER : Vtiger CRM 4.2
 GOOP : Goop Gallery 2.0
 MYSQLDUMPER : MysqlDumper 1.21
 PHPLIBRE : TribunaLibre 3.12
 PHPLIBRE : registroTL
 ZEBIGBOZER : compteur 2
 FOAFGEN : Foafgen 0.3
 APSN : Album Photo Sans Nom 1.6
 EXPBLOG : eXpBlog 0.3
 PHPLIBRARY : PHPLibrary 1.5
 CLAROLINE : Claroline 1.8
 BLUESHOES : blueshoes 4.6
Original documentdocumentsecurity_(at)_armorize.com, Directory Traversal Vulnerability in Goop Gallery 2.0.2 (11.10.2006)
 documenttamriel_(at)_gmx.net, [Full-disclosure] eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities (11.10.2006)
 documentMayhemic Labs Security, [Full-disclosure] MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues (11.10.2006)
 documentDragos Ruiu, [Full-disclosure] PacSec Hype Security Team: CGI.pm param injection (11.10.2006)
 documentk1tk4t_(at)_newhack.org, blueshoes <= 4.6_public Remote File Inclusion (11.10.2006)
 documentk1tk4t_(at)_newhack.org, claroline <= 180rc1 Remote File Inclusion (11.10.2006)
 documentk1tk4t_(at)_newhack.org, tagit2b -- Remote File Inclusion (11.10.2006)
 documentk1tk4t_(at)_newhack.org, PHPLibrary <= 1.5.3 Remote File Inclusion (11.10.2006)
 documentMayhemic Labs Security, MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues (11.10.2006)
 documenttamriel_(at)_gmx.net, eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities (11.10.2006)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_54$2006]vtiger CRM <=4.2 (calpath) Multiple Remote File Inclusion Vulnerability (11.10.2006)
 documentgmdarkfig_(at)_gmail.com, 7 php scripts File Inclusion / Source disclosure Vuln (11.10.2006)
 documentcrackers child, MysqlDumper Version 1.21 b6 Xss Vulnerability (11.10.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Office multiple security vulnerabilities
updated since 11.10.2006
Published:13.10.2006
Source:MICROSOFT
SecurityVulns ID:6697
Type:client
Level:8/10
Description:Multiple Excel vulnerabilities on different records type parsing and formats conversion. Multiple Microsoft Word code execution vulnerabilities. Memory corruptions in different Office products.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office v. X for Mac
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
Original documentdocumentMCAFEE, MS06-060 Microsoft Word Memmove Code Execution (13.10.2006)
 documentMCAFEE, [Full-disclosure] MS06-060 Microsoft Word Memmove Code Execution (12.10.2006)
 documentSowhat ., Microsoft Office Malformed Record Memory Corruption Vulnerability (11.10.2006)
 documentZDI, ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability (11.10.2006)
 documentZDI, ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability (11.10.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) (11.10.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) (11.10.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) (11.10.2006)
Files:Microsoft Security Bulletin MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
 Microsoft Security Bulletin MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
 Microsoft Security Bulletin MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows Object Packager dialog spoofing
updated since 11.10.2006
Published:15.10.2006
Source:MICROSOFT
SecurityVulns ID:6701
Type:client
Level:6/10
Description:Code execution with .RTF or .WRI file embedded object.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentseejay.11_(at)_gmail.com, Spoofing security dialog in object packager - 2 (15.10.2006)
 documentedubp2002_(at)_hotmail.com, Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing (15.10.2006)
 documentSECUNIA, Secunia Research: Microsoft Windows Object Packager Dialog Spoofing (12.10.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-065 Vulnerability in Windows Object Packager Could (11.10.2006)
Files:Vulnerability in Windows Object Packager Could
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server