Computer Security

Search:Vulnerability:13.06.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Symantec multiple security applications buffer overflow
Published:13.06.2006
Source:BUGTRAQ
SecurityVulns ID:6249
Type:remote
Level:8/10
Description:Buffer overflow in remote management interface (TCP/2967).
Affected:SYMANTEC : Symantec AntiVirus 10.0
 SYMANTEC : Symantec AntiVirus 10.1
 SYMANTEC : Symantec Client Security 3.0
 SYMANTEC : Symantec Client Security 3.1
Original documentdocumentEEYE, [EEYEB-20060524] Symantec Remote Management Stack Buffer Overflow (13.06.2006)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.06.2006
Source:
SecurityVulns ID:6248
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ZEROBOARD : Zeroboard 4.1
 PHPCMS : phpCMS 1.2
 INVISION : Invision Power Board 2.1
 COPPERMINE : Coppermine Photo Gallery 1.4
 BOASTMACHINE : boastMachine 3.1
 MYBB : MyBB 1.1
 CZARNEWS : CzarNews 1.14
 FOING : Foing 0.7
 AWEBNEWS : aWebNews 1.0
 CABACOS : Cabacos Web CMS 3.8
 AWFCMS : AWF CMS 1.11
 IGLOOWEB : igloo DoubleSpeak 0.1
 MYSCRAPBOOK : Myscrapbook 3.1
 THWBOARD : ThWboard 3.0
 MYPHPGUESTBOOK : myPHP Guestbook 2.0
 MDNEWS : MD News 1
 SAXON : SAXON 4.6
 SOMERY : Somery 0.4
 FLOG : FLog 1.1
 MAMBLOG : Mamblog 1.0
 WHEATBLOG : wheatblog 1.0
 SUBTEXT : SubText 1.5
 LOGISPHERE : LogiSphere 1.6
 CSFORUM : CS-Forum 0.81
CVE:CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.)
 CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195.)
 CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.)
Original documentdocumentSECUNIA, [SA20592] Zeroboard ".htaccess" File Upload Vulnerability (13.06.2006)
 documentSECUNIA, [SA20534] CS-Forum Multiple Vulnerabilities (13.06.2006)
 documentSECUNIA, [SA20578] LogiSphere Cross-Site Scripting Vulnerability (13.06.2006)
 documentSECUNIA, [SA20580] SubText MultiBlog Admin Logon Security Issue (13.06.2006)
 documentSECUNIA, [SA20583] Cabacos Web CMS "suchtext" Parameter Cross-Site Scripting (13.06.2006)
 documentSpC-x, wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability (13.06.2006)
 documentSpC-x, Mamblog 1.0 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Flog 1.1.2 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, boastMachine v3.1 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Somery 0.4.4 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, SAXON 4.6 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, CzarNews v1.14 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, MD News 1 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, aWebNews 1.0 version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)
 documentkepche_(at)_msn.com, Invision Power Board XSS (13.06.2006)
 documentx0r_1_(at)_hotmail.de, MIME-tools 5.411 (Entity 5.404) (13.06.2006)
 document666_(at)_hell.de.tk, ThWboard 3.0 <= SQL Injection (13.06.2006)
 documentdarkfire_(at)_f4kelive.zzn.com, Foing (manage_songs.php) Remote File Inclusion[phpBB] (13.06.2006)
 documentimei, [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack (13.06.2006)
 documentluny_(at)_youfucktard.com, Myscrapbook v3.1 - XSS (13.06.2006)
 documentSECUNIA, Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability (13.06.2006)
 documentaminrayden_(at)_yahoo.com, igloo DoubleSpeak v 0.1 Multiple remote file inclusion (13.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)
Discuss:Read or add your comments to this news (0 comments)

Multiple FAST360 Appliance security vulnerabilities
Published:13.06.2006
Source:SECUNIA
SecurityVulns ID:6250
Type:remote
Level:5/10
Description:DNS requiest processing DoS, HTTP filtering bypass.
Affected:ARKOON : FAST360 3.0
 ARKOON : FAST360 3.1
 ARKOON : FAST360 3.2
 ARKOON : FAST360 3.3
 ARKOON : FAST360 4.0
Original documentdocumentSECUNIA, [SA20570] FAST360 Appliance HTTP Analysis Bypass Vulnerability (13.06.2006)
 documentSECUNIA, [SA20618] FAST360 Appliance DNS Analysis Denial of Service (13.06.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft JScript (Internet Explorer) memory corruption
Published:13.06.2006
Source:MICROSOFT
SecurityVulns ID:6253
Type:client
Level:8/10
Description:Memory corruption on objects release. May be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) (13.06.2006)
Files:Microsoft Security Bulletin MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Word memory corruption
updated since 20.05.2006
Published:13.06.2006
Source:CERT
SecurityVulns ID:6164
Type:client
Level:9/10
Description:Malformув object pointer memory corruption is used in-the-wild for malware distribution.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Works 2001
 MICROSOFT : Works 2002
 MICROSOFT : Works 2003
 MICROSOFT : Office 2003
 MICROSOFT : Works 2000
 MICROSOFT : Works 2004
 MICROSOFT : Works 2005
 MICROSOFT : Works 2006
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336) (13.06.2006)
 documentSANS, Targeted attack: experience from the trenches (20.05.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-139A -- Microsoft Word Vulnerability (20.05.2006)
Files:Microsoft Security Bulletin MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Power Point memory corruption
Published:13.06.2006
Source:MICROSOFT
SecurityVulns ID:6256
Type:client
Level:7/10
Description:Memory corruption can be used for hidden malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office v. X for Mac
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-028 (13.06.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Exchange Outlook Web Access crossite scripting
updated since 13.06.2006
Published:14.06.2006
Source:MICROSOFT
SecurityVulns ID:6257
Type:client
Level:6/10
Description:Crossite scripting on message reading.
Original documentdocumentDaniel Fabian, [Full-disclosure] SEC Consult SA-20060613-0 :: Outlook Web Access Cross Site Scripting Vulnerability (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-029 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442) (13.06.2006)
Files:Microsoft Security Bulletin MS06-029 Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
Discuss:Read or add your comments to this news (0 comments)

Windows Media Player PNG files buffer overflow
updated since 13.06.2006
Published:14.06.2006
Source:MICROSOFT
SecurityVulns ID:6254
Type:client
Level:7/10
Description:Buffer overflow on PNG files processing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Media Player 9
 MICROSOFT : Windows Media Player 10
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-024 (13.06.2006)
Files: Microsoft Security Bulletin MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
Discuss:Read or add your comments to this news (0 comments)

Multiple Microsoft Internet Explorer security vulnerabilities
updated since 13.06.2006
Published:14.06.2006
Source:MICROSOFT
SecurityVulns ID:6251
Type:remote
Level:8/10
Description:Multiple memory corruptions, address bar spoofing, cross-frame data access. May be used for hidden malware installation.
Affected:MICROSOFT : Internet Explorer 5.01
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentSECUNIA, Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability (14.06.2006)
 documentZDI, ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability (14.06.2006)
 documentZDI, ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-021 (13.06.2006)
Files:Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows 2000 AOL Image Support Update ART images buffer overflow
updated since 13.06.2006
Published:14.06.2006
Source:MICROSOFT
SecurityVulns ID:6252
Type:client
Level:5/10
Description:Buffer overflow on ART images processing.
Affected:MICROSOFT : Windows 2000 AOL Image Support Update
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) (13.06.2006)
Files:Microsoft Security Bulletin MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows RRAS Service buffer overflow
updated since 13.06.2006
Published:14.06.2006
Source:MICROSOFT
SecurityVulns ID:6255
Type:remote
Level:9/10
Description:Buffer overflows in service RPC interface. May be used by network worm.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentPeter Winter-Smith, High Risk Vulnerability in Microsoft Windows RASMAN Service (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280) (13.06.2006)
Files:Exploits Microsoft RRAS MSO6-025 Stack Overflow (metasploit)
 Microsoft Security Bulletin MS06-025 Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows SMB/CIFS privilege escalation
updated since 13.06.2006
Published:16.06.2006
Source:BUGTRAQ
SecurityVulns ID:6258
Type:local
Level:6/10
Description:MRxSmbCscIoctlOpenForCopyChunk buffer overflow. In additions, there are DoS vulnerabilities not covered by MS06-30.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentReversemode, Regarding "SMB Invalid Handle Value" - MS06-030. Vulnerability not fixed. (16.06.2006)
 documentruben_(at)_reversemode.com, REVERSING MRXSMB.SYS CHAPTER I “Getting Ring0” (14.06.2006)
 documentruben_(at)_reversemode.com, REVERSING MRXSMB.SYS CHAPTER II “NtClose DeadLock” (14.06.2006)
 documentIDEFENSE, iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS (14.06.2006)
 documentIDEFENSE, iDefense Security Advisory 06.13.06: Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-030 Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389) (13.06.2006)
Files:Exploit for the Mrxsmb.sys privilege escalation(MS06-030), which allows to execute ring0 shellcode. "Fast-Food" coding style, nasty but works. C source code.
  Exploit for the NtClose DeadLock vulnerability (MS06-030). C source code.
 http://www.microsoft.com/technet/security/Bulletin/MS06-030.mspx
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server