Computer Security

Search:Vulnerability:13.04.2005
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows TCP/IP stack multiple vulnerabilities
Published:13.04.2005
Source:MICROSOFT
SecurityVulns ID:4679
Type:remote
Level:9/10
Description:Memory corruption on IP packets handling, TCP connection reset with spoofed TCP and ICMP packets, a varinat of LAND attack.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentX-FORCE, ISS Protection Brief: Windows IP Options Remote Compromise (13.04.2005)
Files:Windows TCP/IP stack off-by-one overflow PoC
 Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
 Windows IP Options Remote Compromise
Discuss:Read or add your comments to this news (0 comments)

MSN Messenger GIF file buffer overflow
Published:13.04.2005
Source:BUGTRAQ
SecurityVulns ID:4681
Type:remote
Level:5/10
Description:Buffer overflow on GIF files parsing.
Affected:MICROSOFT : MSN Messenger 6.2
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597) (13.04.2005)
Files:Microsoft Security Bulletin MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)
Discuss:Read or add your comments to this news (0 comments)

JavaMail directory traversal
Published:13.04.2005
Source:BUGTRAQ
SecurityVulns ID:4683
Type:library
Level:5/10
Description:Content-Disposition header filename is not checked.
Affected:SUN : JavaMail 1.3
Original documentdocumentRafael San Miguel Carrasco, JavaMail allows directory traversal in attachments (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Oracle multiple vulnerabilities
Published:13.04.2005
Source:NTBUGTRAQ
SecurityVulns ID:4685
Type:remote
Level:5/10
Affected:ORACLE : Oracle 9i
 ORACLE : Oracle 8i
 ORACLE : Oracle 10g
Original documentdocumentNGSSoftware Insight Security Research, Multiple High Risk flaws fixed in Oracle (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows MSHTA code execution
Published:13.04.2005
Source:MICROSOFT
SecurityVulns ID:4676
Type:client
Level:6/10
Description:Content type of the file is determined based on CLSID in file content, not by it's extention.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentIDEFENSE, iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability (13.04.2005)
 documentMICROSOFT, Microsoft Security Bulletin MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) (13.04.2005)
Files:MS05-016 POC
 Microsoft Security Bulletin MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
Discuss:Read or add your comments to this news (0 comments)

Windows 2000/XP/2003 kernel multiple vulnerabilities
Published:13.04.2005
Source:MICROSOFT
SecurityVulns ID:4678
Type:local
Level:7/10
Description:Buffer overflow during font files parsing, buffer overflow in CSRSS (Win32 execution subsystem), privilege escalation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentIDEFENSE, iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability (13.04.2005)
 documentMICROSOFT, Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) (13.04.2005)
Files:MS05-018 windows CSRSS.EXE Stack Overflow exp v1.0
 Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
Discuss:Read or add your comments to this news (0 comments)

Veritas i3 multiple vulnerabilities
Published:13.04.2005
Source:NTBUGTRAQ
SecurityVulns ID:4686
Type:remote
Level:5/10
Affected:VERITAS : Veritas i3 Focalpoint 7.1
Original documentdocumentNGSSoftware Insight Security Research, Multiple High Risk flaws fixed in Veritas i3 (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Axel download accelerator buffer overflow
Published:13.04.2005
Source:BUGTRAQ
SecurityVulns ID:4688
Type:client
Level:5/10
Description:Buffer overflow on HTTP redirection handling.
Affected:Axel : Axel 1.0
Original documentdocumentGENTOO, [ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Oracle Forms SQL injection
Published:13.04.2005
Source:KORNBRUST
SecurityVulns ID:4690
Type:remote
Level:5/10
Description:Form request data is not validated.
Affected:ORACLE : Oracle 10g
Original documentdocumentAlexander Kornbrust, SQL Injection in Oracle Forms (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Word integer overflow
updated since 07.10.2004
Published:13.04.2005
Source:BUGTRAQ
SecurityVulns ID:4074
Type:remote
Level:5/10
Description:Integer overflow in signed/unsigned conversion during .doc file parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) (13.04.2005)
 documentvuln_(at)_hexview.com, [Full-Disclosure] [HV-HIGH] MS Word multiple exceptions, at least one exploitable (07.10.2004)
Files:Microsoft Security Bulletin MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
Discuss:Read or add your comments to this news (0 comments)

PHP multiple vulnerabilities
updated since 13.04.2005
Published:14.04.2005
Source:NTBUGTRAQ
SecurityVulns ID:4684
Type:remote
Level:5/10
Description:Integer overflows on EXIF tags parsing.
Affected:PHP : PHP 4.3
 PHP : PHP 5.0
Original documentdocumentUBUNTU, [Full-disclosure] [USN-112-1] PHP4 vulnerabilities (14.04.2005)
 documentNGSSoftware Insight Security Research, Multiple medium risk flaws fixed in new version of PHP (late advisory) (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple Microsoft Internet Explorer memory corruptions
updated since 13.04.2005
Published:14.04.2005
Source:MICROSOFT
SecurityVulns ID:4675
Type:client
Level:6/10
Description:Memory corruptions of different types, including buffer overflows.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocument3APA3A, Internet Explorer wininet.dll URL parsing memory corruption details (14.04.2005)
 documentIDEFENSE, iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability (13.04.2005)
 documentIDEFENSE, iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability (13.04.2005)
 documentMICROSOFT, Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) (13.04.2005)
Files:Internet Exploiter 2: a remote exploit for MSIE DHTML Object memory corruption vulnerability (MS05-20)
 Ms05-020 Content Advisor Memory Corruption Vulnerability POC
 Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923)
Discuss:Read or add your comments to this news (0 comments)

gld / postgrey antispam greylisting daemon for Postfix multiple vulnerabilities
updated since 13.04.2005
Published:17.04.2005
Source:BUGTRAQ
SecurityVulns ID:4682
Type:remote
Level:6/10
Description:Multiple buffer overflows, format string bugs.
Affected:GLD : gld 1.4
 POSTGREY : postgrey 1.18
Original documentdocumentSECUNIA, [SA14958] Postgrey Format String Denial of Service Vulnerability (17.04.2005)
 documentdong-h0un U, GLD (Greylisting daemon for Postfix) multiple vulnerabilities. (13.04.2005)
Files:gld 1.4 remote overflow format string exploit
Discuss:Read or add your comments to this news (0 comments)

Microsoft Exchange Server SMTP protocol buffer overflow
updated since 13.04.2005
Published:20.04.2005
Source:MICROSOFT
SecurityVulns ID:4680
Type:remote
Level:9/10
Description:Heap overflow on extended SMTP commands.
Affected:MICROSOFT : Exchange 2000
 MICROSOFT : Exchange 2003
Original documentdocumentEvgeny Pinchuk, MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC (20.04.2005)
 documentX-FORCE, ISS Protection Brief: Microsoft Exchange Remote Compromise (13.04.2005)
 documentMICROSOFT, Microsoft Security Bulletin MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) (13.04.2005)
Files:MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC
 Microsoft Security Bulletin MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
 Microsoft Exchange Remote Compromise
Discuss:Read or add your comments to this news (0 comments)

Lotus Domino multiple vulnerabilities
updated since 13.04.2005
Published:23.06.2005
Source:BUGTRAQ
SecurityVulns ID:4687
Type:remote
Level:5/10
Affected:IBM : Lotus Domino 6.5
 IBM : Lotus Domino 6.0
Original documentdocumentSECURITEAM, [NEWS] Lotus Domino Buffer Overflow (Time/Date Field) (23.06.2005)
 documentMark Litchfield, Remote Buffer Overflow in Lotus Domino (13.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Message Queuing buffer overflow
updated since 13.04.2005
Published:30.06.2005
Source:BUGTRAQ
SecurityVulns ID:4677
Type:remote
Level:7/10
Description:Buffer overflow in RPC-based protocol.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944) (13.04.2005)
Files:Vulnerability in Message Queuing Allows Code Execution (MS05-017, Exploit 2)
 Microsoft Security Bulletin MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944)
Discuss:Read or add your comments to this news (0 comments)

ICMP and TCP timestamp attacks to reset TCP connections
updated since 13.04.2005
Published:05.09.2005
Source:FGONT
SecurityVulns ID:4689
Type:remote
Level:6/10
Description:By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 HP : HP-UX 11.00
 CISCO : IOS 11.2
 ORACLE : Solaris 8
 WATCHGUARD : Firebox II
 SUN : Solaris 7
 CISCO : IOS 11.1
 CISCO : IOS 12.1
 CISCO : IOS 11.0
 CISCO : IOS 11.3
 SCO : UnixWare 7.1
 CISCO : IOS 12.2
 HP : HP-UX 11.11
 MICROSOFT : Windows XP
 HP : HP-UX 11.04
 ORACLE : Solaris 9
 WATCHGUARD : Firebox III
 HP : HP-UX 11.22
 MICROSOFT : Windows 2003 Server
 CISCO : Cisco CSS 11000
 CISCO : Aironet 1200
 CISCO : IOS 12.3
 ORACLE : Solaris 10
 HP : HP-UX 11.23
 OPENBSD : OpenBSD 3.5
 FREEBSD : FreeBSD 4.10
 IBM : AIX 5.3
 FREEBSD : FreeBSD 5.3
 OPENBSD : OpenBSD 3.6
 JUNIPER : JunOS 6.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 4.11
 NETWORKAPPLIANCE : ONTAP 6.5
 WATCHGUARD : Firebox 1000
 WATCHGUARD : Firebox 2500
 WATCHGUARD : Firebox 4500
 WATCHGUARD : Firebox 700
 WATCHGUARD : Firebox SOHO
 WATCHGUARD : Firebox 10
 WATCHGUARD : Firebox 100
 WATCHGUARD : Firebox 60
 WATCHGUARD : Firebox 80
 F5 : BIG-IP 4.5
 F5 : BIG-IP 4.6
 OPENBSD : OpenBSD 3.7
 CISCO : Cisco SN5400
 CISCO : Cisco MGX 8900
 CISCO : Cisco MGX 8800
 CISCO : Cisco MGX 8200
 CISCO : Aironet 350
 ALAXALA : AX7800S
 ALAXALA : AX7800R
 ALAXALA : AX5400S
 HITACHI : Hitachi GR2000
 HITACHI : Hitachi GR4000
 HITACHI : Hitachi GS3000
 HITACHI : Hitachi GS4000
 F5 : BIG-IP 9.1
 BLUECOAT : CacheOS 3.0
 BLUECOAT : CacheOS 4.0
 BLUECOAT : Blue Coat Security Gateway 3.2
 BLUECOAT : Blue Coat Security Gateway 4.1
 AVAYA : Avaya Intuity LX
 AVAYA : Avaya G700
 AVAYA : Avaya G350
 AVAYA : Avaya G250
 AVAYA : Avaya IP Phones 2.0
 AVAYA : Avaya MN100
 AVAYA : Avaya Modular Messaging 2.0
 NORTEL : Nortel Services Edge Router 5500
 NORTEL : Nortel Passport 1150
 NORTEL : Nortel Multiservice Switch 7400
 NORTEL : Nortel Multiservice Switch 6400
 NORTEL : Nortel Multiservice Switch 20000
 NORTEL : Nortel Multiservice Switch 15000
 NORTEL : Nortel Multiservice Access Switch 4400
 NORTEL : Nortel Multiprotocol Router 5430
 NORTEL : Nortel Multiprotocol Router 2430
 NORTEL : Nortel Ethernet Switch 470
 NORTEL : Nortel Ethernet Switch 425
 NORTEL : Nortel Ethernet Switch 420-24T
 NORTEL : Nortel Ethernet Routing Switch 8600
 NORTEL : Nortel Ethernet Routing Switch 5520
 NORTEL : Nortel Ethernet Routing Switch 5510
 NORTEL : Nortel Backbone Link Node
 NORTEL : Nortel Backbone Concentrator Node
 NORTEL : Nortel Application Switch
 NORTEL : Nortel Advanced Remote Node
 NORTEL : Nortel Access Stack Node
 NORTEL : Nortel VPN Router
 HP : Tru64 UNIX 5.1
 HP : Tru64 UNIX 4.0
 AVAYA : Avaya Predictive Dialing System
 BLUECOAT : CacheOS 4.1
 BLUECOAT : SGOS 3.2
 BLUECOAT : SGOS 4.1
CVE:CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.)
Original documentdocumentSECUNIA, UnixWare ICMP Message Handling Denial of Service (05.09.2005)
 documentFernando Gont , [Full-disclosure] ICMP attacks against TCP: Conclusions (23.07.2005)
 documentFernando Gont , ICMP-based blind connection-reset attack (23.07.2005)
 documentFernando Gont , [Full-disclosure] ICMP-based blind performance-degrading attack (20.07.2005)
 documentFernando Gont , [Full-disclosure] Trivial BGP attacks (ICMP-based blind throughput-reduction attack) (20.07.2005)
 documentSECUNIA, [SA16126] Blue Coat Products ICMP Message Handling Denial of Service (20.07.2005)
 documentSECUNIA, [SA16106] Avaya Predictive Dialing System TCP/IP Denial of Service (19.07.2005)
 documentHP, HPSBTU01210 SSRT4743, SSRT4884 rev.0 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS) (19.07.2005)
 documentSECUNIA, [SA15761] Nortel Networks Products ICMP Handling Vulnerabilities (16.07.2005)
 documentVic Vandal, [Full-disclosure] ICMP Security Vulnerabilities - NEW (cough) (13.07.2005)
 documentKERNELTRAP, Feature: OpenBSD Hackathon 2005, Part III (07.07.2005)
 documentTheo de Raadt, ICMP vulnerabilities (07.07.2005)
 documentSECUNIA, [SA15876] Avaya Products TCP Timestamp Denial of Service (01.07.2005)
 documentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-05:15.tcp (30.06.2005)
 documentSECUNIA, [SA15851] Blue Coat Products TCP Timestamp Denial of Service (29.06.2005)
 documentSECUNIA, [SA15531] BIG-IP TCP Timestamp Denial of Service (27.05.2005)
 documentSECUNIA, [SA15409] Hitachi Various Products TCP Timestamp Denial of Service (20.05.2005)
 documentSECUNIA, [SA15434] ALAXALA Networks Products TCP Connection Denial of Service (20.05.2005)
 documentSECUNIA, [SA15393] Cisco Various Products TCP Timestamp Denial of Service (19.05.2005)
 documentSECUNIA, [SA15417] OpenBSD TCP Timestamp Denial of Service (19.05.2005)
 documentHP, [security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS) (26.04.2005)
 documentCISCO, [Full-disclosure] Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service (13.04.2005)
 documentFGONT, ICMP attacks against TCP (13.04.2005)
 documentMICROSOFT, Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) (13.04.2005)
Files:Proof of Concept for exploiting the TCP Keep Alive implementation
 ICMP attacks against TCP (Proof-of-Concept code) (MS05-019, CISCO:20050412)
 TCP Conneciton Denial of Service Tool (panic.pl)
 icmp-reset - Blindliy resetting arbitrary TCP connections
 icmp-quench - Blindliy reducing the throughput of an arbitrary TCP connections
 icmp-mtu - Blindliy reducing the perormance of an arbitrary TCP connections
 TCP does not adequately validate segments before updating timestamp value DoS PoC
 Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server