Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows MDAC code execution
updated since 11.04.2006
Published:12.04.2006
Source:
SecurityVulns ID:5995
Type:client
Threat Level:
8/10
Description:RDS.Dataspace ActiveX object is marked as safe. Can be used for hidden malware installation with Internet Explorer.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentX-FORCE, ISS prtoection Brief: Microsoft MDAC Remote Code Execution (12.04.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562) (11.04.2006)
Files:Microsoft Security Bulletin MS06-014 Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

Microsoft Windows shell code execution
updated since 11.04.2006
Published:12.04.2006
Source:
SecurityVulns ID:5996
Type:client
Threat Level:
8/10
Description:COM object can execute code. Can be used for hidden malware installation with Internet Explorer.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531) (11.04.2006)
Files:Microsoft Security Bulletin MS06-015 Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Microsoft Outlook Express buffer overflow
updated since 11.04.2006
Published:12.04.2006
Source:
SecurityVulns ID:5997
Type:client
Threat Level:
6/10
Description:Buffer overflow on parsing WAB address book.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentZDI, ZDI-06-007: Microsoft Windows Address Book (WAB) File Format Parsing Vulnerability (12.04.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-016 Cumulative Security Update for Outlook Express (911567) (11.04.2006)
Files:Microsoft Security Bulletin MS06-016 Cumulative Security Update for Outlook Express (911567)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.04.2006
Source:
SecurityVulns ID:5999
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 TRITANIUM : Tritanium Bulletin Board 1.2
 INDEXU : INDEXU 5.0
 VNEWS : VNews 1.2
 SWSOFT : Confixx 3.1
 BLUR6EX : blur6ex 0.3
 SMARTISOFT : phpListPro 2.0
 VBOOK : [V]Book 2.0
 MANILA : Manila 9.5
 QLNEWS : QLnews 1.2
 SIMPLOG : simplog 0.9
 ZOPE : zope-cmfplone 2.0
 AZDGVOTE : AzDGVote 1.0
 MVBLOG : MvBlog 1.6
 CLANSYS : Clansys 1.1
Original documentdocumentSECUNIA, [SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities (12.04.2006)
 documentDEBIAN, [SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation (12.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] QLnews XSS and PHP Code Insertion Vulnerabilities (12.04.2006)
 documentsecuriteam_(at)_datasec.no, SAXoPRESS - directory traversal (12.04.2006)
 documentselfar2002_(at)_hotmail.com, AzDGVote File inclusion (12.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] VNews Multiple Vulnerabilities (12.04.2006)
 documentd4igoro_(at)_gmail.com, Tritanium Bulletin Board 1.2.3 - XSS (12.04.2006)
 documentsn4k3.23_(at)_gmail.com, Confixx 3.1.2 <= SQL Injection (12.04.2006)
 documentd4igoro_(at)_gmail.com, Manila <= 9.5 - XSS Vulnerabilities (12.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] [V]Book Multiple Vulnerabilities (12.04.2006)
 documentAesthetico, phpListPro <= 2.0 - Remote File Include Vulnerability (12.04.2006)
 documentcrasher_(at)_kecoak.or.id, Multiple vulnerabilities in Blur6ex (12.04.2006)
 documentselfar2002_(at)_hotmail.com, INDEXU <= 5.0.1 (theme_path)and (base_path) Remote File Inclusion Exploit (12.04.2006)
Files:Simplog <= 0.9.2 "s" remote cmmnds xctn
 r57phpbba2e2.pl - phpBB admin 2 exec exploit
 Exploits clansys 1.1 remote sql injection

Sun Solaris LDAP client information leak
Published:12.04.2006
Source:
SecurityVulns ID:6000
Type:local
Threat Level:
5/10
Description:Command parameters, including password are available from tasks list.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
Original documentdocumentSECUNIA, [SA19638] Sun Solaris LDAP2 Client Commands Security Issue (12.04.2006)

Linux kernel keyring DoS
Published:12.04.2006
Source:
SecurityVulns ID:6001
Type:local
Threat Level:
5/10
Description:System crash on invalid __keyring_search_one() argument.
Affected:LINUX : kernel 2.6
Original documentdocumentLINUX, ChangeLog-2.6.16.3 (12.04.2006)

HP System Management Homepage unauthorized access
updated since 01.03.2006
Published:12.04.2006
Source:
SecurityVulns ID:5841
Type:remote
Threat Level:
6/10
Affected:HP : System Management Homepage 2.0
 HP : System Management Homepage 2.1
Original documentdocumentSRC Telindus, [SRC-Telindus advisory] - HP System Management Homepage Remote Unauthorized Access (12.04.2006)
 documentHP, [security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access (01.03.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod