Veritas i3 multiple vulnerabilities Published: 13.04.2005 Source: NTBUGTRAQ SecurityVulns ID: 4686 Type: remote Level: 5/10 Affected: VERITAS : Veritas i3 Focalpoint 7.1 Original document NGSSoftware Insight Security Research , Multiple High Risk flaws fixed in Veritas i3 (13.04.2005 )
Axel download accelerator buffer overflow Published: 13.04.2005 Source: BUGTRAQ SecurityVulns ID: 4688 Type: client Level: 5/10 Description: Buffer overflow on HTTP redirection handling. Affected: Axel : Axel 1.0 Original document GENTOO , [ GLSA 200504-09 ] Axel: Vulnerability in HTTP redirection handling (13.04.2005 )
Oracle Forms SQL injection Published: 13.04.2005 Source: KORNBRUST SecurityVulns ID: 4690 Type: remote Level: 5/10 Description: Form request data is not validated. Affected: ORACLE : Oracle 10g Original document Alexander Kornbrust , SQL Injection in Oracle Forms (13.04.2005 )
Microsoft Windows MSHTA code execution Published: 13.04.2005 Source: MICROSOFT SecurityVulns ID: 4676 Type: client Level: 6/10 Description: Content type of the file is determined based on CLSID in file content, not by it's extention. Affected: MICROSOFT : Windows 2000 Server MICROSOFT : Windows 2000 Professional MICROSOFT : Windows XP MICROSOFT : Windows 2003 Server Original document IDEFENSE , iDEFENSE Security Advisory 04.12.05: Microsoft MSHTA Script Execution Vulnerability (13.04.2005 ) MICROSOFT , Microsoft Security Bulletin MS05-016 Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086) (13.04.2005 )
Windows 2000/XP/2003 kernel multiple vulnerabilities Published: 13.04.2005 Source: MICROSOFT SecurityVulns ID: 4678 Type: local Level: 7/10 Description: Buffer overflow during font files parsing, buffer overflow in CSRSS (Win32 execution subsystem), privilege escalation. Affected: MICROSOFT : Windows 2000 Server MICROSOFT : Windows 2000 Professional MICROSOFT : Windows XP MICROSOFT : Windows 2003 Server Original document IDEFENSE , iDEFENSE Security Advisory 04.12.05: Microsoft Windows CSRSS.EXE Stack Overflow Vulnerability (13.04.2005 ) MICROSOFT , Microsoft Security Bulletin MS05-018 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859) (13.04.2005 )
MSN Messenger GIF file buffer overflow Published: 13.04.2005 Source: BUGTRAQ SecurityVulns ID: 4681 Type: remote Level: 5/10 Description: Buffer overflow on GIF files parsing. Affected: MICROSOFT : MSN Messenger 6.2 Original document MICROSOFT , Microsoft Security Bulletin MS05-022 Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597) (13.04.2005 )
JavaMail directory traversal Published: 13.04.2005 Source: BUGTRAQ SecurityVulns ID: 4683 Type: library Level: 5/10 Description: Content-Disposition header filename is not checked. Affected: SUN : JavaMail 1.3 Original document Rafael San Miguel Carrasco , JavaMail allows directory traversal in attachments (13.04.2005 )
Oracle multiple vulnerabilities Published: 13.04.2005 Source: NTBUGTRAQ SecurityVulns ID: 4685 Type: remote Level: 5/10 Affected: ORACLE : Oracle 9i ORACLE : Oracle 8i ORACLE : Oracle 10g Original document NGSSoftware Insight Security Research , Multiple High Risk flaws fixed in Oracle (13.04.2005 )
Microsoft Windows TCP/IP stack multiple vulnerabilities Published: 13.04.2005 Source: MICROSOFT SecurityVulns ID: 4679 Type: remote Level: 9/10 Description: Memory corruption on IP packets handling, TCP connection reset with spoofed TCP and ICMP packets, a varinat of LAND attack. Affected: MICROSOFT : Windows 2000 Server MICROSOFT : Windows 2000 Professional MICROSOFT : Windows XP MICROSOFT : Windows 2003 Server Original document X-FORCE , ISS Protection Brief: Windows IP Options Remote Compromise (13.04.2005 )
Microsoft Word integer overflow Published: 13.04.2005 Source: BUGTRAQ SecurityVulns ID: 4074 Type: remote Level: 5/10 Description: Integer overflow in signed/unsigned conversion during .doc file parsing. Affected: MICROSOFT : Office 2000 MICROSOFT : Office XP Original document MICROSOFT , Microsoft Security Bulletin MS05-023 Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169) (13.04.2005 ) vuln_(at)_hexview.com , [Full-Disclosure] [HV-HIGH] MS Word multiple exceptions, at least one exploitable (07.10.2004 )
PHP multiple vulnerabilities Published: 14.04.2005 Source: NTBUGTRAQ SecurityVulns ID: 4684 Type: remote Level: 5/10 Description: Integer overflows on EXIF tags parsing. Affected: PHP : PHP 4.3 PHP : PHP 5.0 Original document UBUNTU , [Full-disclosure] [USN-112-1] PHP4 vulnerabilities (14.04.2005 ) NGSSoftware Insight Security Research , Multiple medium risk flaws fixed in new version of PHP (late advisory) (13.04.2005 )
Multiple Microsoft Internet Explorer memory corruptions Published: 14.04.2005 Source: MICROSOFT SecurityVulns ID: 4675 Type: client Level: 6/10 Description: Memory corruptions of different types, including buffer overflows. Affected: MICROSOFT : Internet Explorer 5.5 MICROSOFT : Internet Explorer 6.0 Original document 3APA3A , Internet Explorer wininet.dll URL parsing memory corruption details (14.04.2005 ) IDEFENSE , iDEFENSE Security Advisory 04.12.05: Microsoft Internet Explorer DHTML Engine Race Condition Vulnerability (13.04.2005 ) IDEFENSE , iDEFENSE Security Advisory 04.12.05: Microsoft Windows Internet Explorer Long Hostname Heap Corruption Vulnerability (13.04.2005 ) MICROSOFT , Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923) (13.04.2005 )
gld / postgrey antispam greylisting daemon for Postfix multiple vulnerabilities Published: 17.04.2005 Source: BUGTRAQ SecurityVulns ID: 4682 Type: remote Level: 6/10 Description: Multiple buffer overflows, format string bugs. Affected: GLD : gld 1.4 POSTGREY : postgrey 1.18 Original document SECUNIA , [SA14958] Postgrey Format String Denial of Service Vulnerability (17.04.2005 ) dong-h0un U , GLD (Greylisting daemon for Postfix) multiple vulnerabilities. (13.04.2005 )
Microsoft Exchange Server SMTP protocol buffer overflow Published: 20.04.2005 Source: MICROSOFT SecurityVulns ID: 4680 Type: remote Level: 9/10 Description: Heap overflow on extended SMTP commands. Affected: EXCHANGE : Exchange 2000 MICROSOFT : Exchange 2003 Original document Evgeny Pinchuk , MS05-021 Microsoft Exchange X-LINK2STATE Heap Overflow PoC (20.04.2005 ) X-FORCE , ISS Protection Brief: Microsoft Exchange Remote Compromise (13.04.2005 ) MICROSOFT , Microsoft Security Bulletin MS05-021 Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) (13.04.2005 )
Lotus Domino multiple vulnerabilities Published: 23.06.2005 Source: BUGTRAQ SecurityVulns ID: 4687 Type: remote Level: 5/10 Affected: IBM : Lotus Domino 6.5 IBM : Lotus Domino 6.0 Original document SECURITEAM , [NEWS] Lotus Domino Buffer Overflow (Time/Date Field) (23.06.2005 ) Mark Litchfield , Remote Buffer Overflow in Lotus Domino (13.04.2005 )
Microsoft Message Queuing buffer overflow Published: 30.06.2005 Source: BUGTRAQ SecurityVulns ID: 4677 Type: remote Level: 7/10 Description: Buffer overflow in RPC-based protocol. Affected: MICROSOFT : Windows 2000 Server MICROSOFT : Windows 2000 Professional MICROSOFT : Windows XP Original document MICROSOFT , Microsoft Security Bulletin MS05-017 Vulnerability in Message Queuing Could Allow Code Execution (892944) (13.04.2005 )
ICMP and TCP timestamp attacks to reset TCP connections Published: 05.09.2005 Source: FGONT SecurityVulns ID: 4689 Type: remote Level: 6/10 Description: By using different ICMP packet types and TCP timestamps values it's possible to cause TCP connection resets or performance decrease. Affected: MICROSOFT : Windows 2000 Server MICROSOFT : Windows 2000 Professional NORTEL : Nortel Ethernet Switch 470 NORTEL : Nortel Ethernet Switch 425 NORTEL : Nortel Ethernet Routing Switch 8600 NORTEL : Nortel Ethernet Routing Switch 5520 NORTEL : Nortel Ethernet Routing Switch 5510 NORTEL : Nortel Backbone Concentrator Node NORTEL : Nortel Application Switch NORTEL : Nortel Advanced Remote Node NORTEL : Nortel VPN Router BLUECOAT : SGOS 3.2 AVAYA : Avaya G700 AVAYA : Avaya MN100 CISCO : Cisco SN5400 ALAXALA : AX7800R F5 : BIG-IP 9.1 BLUECOAT : CacheOS 4.1 BLUECOAT : Blue Coat Security Gateway 3.2 NORTEL : Nortel Passport 1150 NORTEL : Nortel Multiservice Switch 6400 NORTEL : Nortel Multiprotocol Router 5430 NORTEL : Nortel Ethernet Switch 420-24T NORTEL : Nortel Backbone Link Node NORTEL : Nortel Access Stack Node HP : Tru64 UNIX 5.1 HP : Tru64 UNIX 4.0 AVAYA : Avaya Predictive Dialing System BLUECOAT : SGOS 4.1 NETWORKAPPLIANCE : ONTAP 6.5 WATCHGUARD : Firebox 1000 WATCHGUARD : Firebox 2500 WATCHGUARD : Firebox 4500 WATCHGUARD : Firebox 700 WATCHGUARD : Firebox SOHO WATCHGUARD : Firebox 10 WATCHGUARD : Firebox 100 WATCHGUARD : Firebox 60 WATCHGUARD : Firebox 80 F5 : BIG-IP 4.5 F5 : BIG-IP 4.6 FREEBSD : FreeBSD 4.11 JUNIPER : JunOS 6.3 OPENBSD : OpenBSD 3.6 IBM : AIX 5.3 FREEBSD : FreeBSD 5.3 HP : HP-UX 11.23 OPENBSD : OpenBSD 3.5 FREEBSD : FreeBSD 4.10 HP : HP-UX 11.00 CISCO : IOS 11.2 SUN : Solaris 8 WATCHGUARD : Firebox II SUN : Solaris 7 CISCO : IOS 11.1 CISCO : IOS 12.1 CISCO : IOS 11.0 CISCO : IOS 11.3 SCO : UnixWare 7.1 CISCO : IOS 12.2 HP : HP-UX 11.11 MICROSOFT : Windows XP MICROSOFT : Windows 2003 Server CISCO : IOS 12.3 FREEBSD : FreeBSD 5.4 OPENBSD : OpenBSD 3.7 CISCO : Cisco MGX 8900 CISCO : Cisco MGX 8800 CISCO : Cisco MGX 8200 CISCO : Aironet 350 ALAXALA : AX7800S ALAXALA : AX5400S HITACHI : Hitachi GR2000 HITACHI : Hitachi GR4000 HITACHI : Hitachi GS4000 HITACHI : Hitachi GS3000 BLUECOAT : CacheOS 3.0 BLUECOAT : CacheOS 4.0 BLUECOAT : Blue Coat Security Gateway 4.1 AVAYA : Avaya Intuity LX AVAYA : Avaya G350 AVAYA : Avaya G250 AVAYA : Avaya IP Phones 2.0 AVAYA : Avaya Modular Messaging 2.0 NORTEL : Nortel Services Edge Router 5500 NORTEL : Nortel Multiservice Switch 7400 NORTEL : Nortel Multiservice Switch 20000 NORTEL : Nortel Multiservice Switch 15000 NORTEL : Nortel Multiservice Access Switch 4400 HP : HP-UX 11.04 SUN : Solaris 9 WATCHGUARD : Firebox III HP : HP-UX 11.22 CISCO : Cisco CSS 11000 CISCO : Aironet 1200 SUN : Solaris 10 NORTEL : Nortel Multiprotocol Router 2430 CVE: CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.) Original document SECUNIA , UnixWare ICMP Message Handling Denial of Service (05.09.2005 ) Fernando Gont , [Full-disclosure] ICMP attacks against TCP: Conclusions (23.07.2005 ) Fernando Gont , ICMP-based blind connection-reset attack (23.07.2005 ) Fernando Gont , [Full-disclosure] ICMP-based blind performance-degrading attack (20.07.2005 ) Fernando Gont , [Full-disclosure] Trivial BGP attacks (ICMP-based blind throughput-reduction attack) (20.07.2005 ) SECUNIA , [SA16126] Blue Coat Products ICMP Message Handling Denial of Service (20.07.2005 ) SECUNIA , [SA16106] Avaya Predictive Dialing System TCP/IP Denial of Service (19.07.2005 ) HP , HPSBTU01210 SSRT4743, SSRT4884 rev.0 - HP Tru64 UNIX TCP/IP remote Denial of Service (DoS) (19.07.2005 ) SECUNIA , [SA15761] Nortel Networks Products ICMP Handling Vulnerabilities (16.07.2005 ) Vic Vandal , [Full-disclosure] ICMP Security Vulnerabilities - NEW (cough) (13.07.2005 ) KERNELTRAP , Feature: OpenBSD Hackathon 2005, Part III (07.07.2005 ) Theo de Raadt , ICMP vulnerabilities (07.07.2005 ) SECUNIA , [SA15876] Avaya Products TCP Timestamp Denial of Service (01.07.2005 ) FREEBSD , FreeBSD Security Advisory FreeBSD-SA-05:15.tcp (30.06.2005 ) SECUNIA , [SA15851] Blue Coat Products TCP Timestamp Denial of Service (29.06.2005 ) SECUNIA , [SA15531] BIG-IP TCP Timestamp Denial of Service (27.05.2005 ) SECUNIA , [SA15409] Hitachi Various Products TCP Timestamp Denial of Service (20.05.2005 ) SECUNIA , [SA15434] ALAXALA Networks Products TCP Connection Denial of Service (20.05.2005 ) SECUNIA , [SA15393] Cisco Various Products TCP Timestamp Denial of Service (19.05.2005 ) SECUNIA , [SA15417] OpenBSD TCP Timestamp Denial of Service (19.05.2005 ) HP , [security bulletin] SSRT5954 rev.0 HP-UX TCP/IP Remote Denial of Service (DoS) (26.04.2005 ) CISCO , [Full-disclosure] Cisco Security Advisory: Crafted ICMP Messages Can Cause Denial of Service (13.04.2005 ) FGONT , ICMP attacks against TCP (13.04.2005 ) MICROSOFT , Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) (13.04.2005 )
