Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Microsoft Internet Explorer security vulnerabilities
updated since 08.08.2006
Published:13.09.2006
Source:
SecurityVulns ID:6465
Type:client
Threat Level:
9/10
Description:Crossite scripting, crossite information access, FTP commands injection. Vulnerabilities can be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentEEYE, [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2 (13.09.2006)
 documentNSFOCUS, NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability (28.08.2006)
 documentEEYE, [Full-disclosure] EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability (25.08.2006)
 documentMICROSOFT, Microsoft Security Advisory (923762) Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit (23.08.2006)
 documentEEYE, EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable (23.08.2006)
 documentTSRT_(at)_3com.com, [Full-disclosure] TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability (09.08.2006)
 documentTSRT_(at)_3com.com, [Full-disclosure] TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability (09.08.2006)
 documentZDI, ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability (09.08.2006)
 documentZDI, ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability (09.08.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) (08.08.2006)
Files:Internet Explorer COM CreateObject Code Execution exploit (metasploit)
 Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899)
 Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update

XFree / X.org integer overflows
Published:13.09.2006
Source:
SecurityVulns ID:6606
Type:local
Threat Level:
6/10
Description:Multiple integer overflows on Type One fonts parsing.
Affected:XFREE : XFree86 4.6
 XORG : X.Org 1.2
Original documentdocumentIDEFENSE, iDefense Security Advisory 09.12.06: Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability (13.09.2006)

NetGear routers buffer overflow
Published:13.09.2006
Source:
SecurityVulns ID:6609
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized username in Web interface.
Affected:NETGEAR : Netgear DG834GT
Original documentdocumentnullflag_(at)_gmail.com, NETGEAR Rotuer DG834GT Firmware V1.01.28 (DoS) (13.09.2006)

Multiple NetPerformer FRAD ACT security vulnerabilities
Published:13.09.2006
Source:
SecurityVulns ID:6612
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized telnet username, LAND attack vulnerability.
Original documentdocumentarif.jatmoko_(at)_sea.ccamatil.com, [Full-disclosure] NetPerformer FRAD ACT Multiple Vulnerabilities (13.09.2006)

Multiple Macromedia Coldfusion security vulnerabilities
Published:13.09.2006
Source:
SecurityVulns ID:6613
Type:remote
Threat Level:
5/10
Description:DoS, crossite scripting, sandbox escaping.
Affected:ADOBE : Macromedia ColdFusion MX 7
 ADOBE : Macromedia ColdFusion MX 6.1
CVE:CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.)
Original documentdocumentSECUNIA, [SA21858] ColdFusion Error Page Cross-Site Scripting Vulnerability (13.09.2006)
 documentSECUNIA, [SA21866] ColdFusion Denial of Service and Sandbox Bypass (13.09.2006)

Cisco routers and Catalist switches multiple VTP security vulnerabilities
updated since 13.09.2006
Published:14.09.2006
Source:
SecurityVulns ID:6611
Type:remote
Threat Level:
7/10
Description:DoS, integer overflow and buffer oveflow on VTP (VLAN Trunking Protocol) packets parsing.
Affected:CISCO : IOS 12.1
Original documentdocumentCISCO, Re: Cisco IOS VTP issues (14.09.2006)
 documentFX, [email protected], [email protected], [email protected] (13.09.2006)

Multiple Apple QuickTime security vulnerabilities
updated since 13.09.2006
Published:22.09.2006
Source:
SecurityVulns ID:6607
Type:client
Threat Level:
6/10
Description:Integer overflow on H.264 protocol parsing, heap buffer overflow on parsing FLIC files.
Affected:APPLE : QuickTime 7.1
Original documentdocumentSECUNIA, [SA22048] Apple QuickTime Plug-In Local Resource Linking Weakness (22.09.2006)
 documentReversemode, [Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow (18.09.2006)
 documentAvert, Multiple Vulnerabilities in Apple QuickTime (13.09.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-256A -- Apple QuickTime Vulnerabilities (13.09.2006)
 documentPiotr Bania, Apple QuickTime Player H.264 Codec Remote Integer Overflow (13.09.2006)
 documentSowhat ., Apple QuickTime H.264 Integer Overflow Vulnerability (13.09.2006)
 documentIDEFENSE, iDefense Security Advisory 09.12.06: Apple QuickTime FLIC File Heap Overflow Vulnerability (13.09.2006)

Macromedia Flash Player buffer overflow
updated since 13.09.2006
Published:14.11.2006
Source:
SecurityVulns ID:6608
Type:client
Threat Level:
8/10
Description:Buffer overflow on .swf files playing. Vulnerability can be used for hidden malware installation through browser.
Affected:MICROSOFT : Windows XP
 ADOBE : Flash MX 2004
 ADOBE : Flash Player 8.0
 ADOBE : Flex 1.5
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) (14.11.2006)
 documentirc_(at)_computerterrorism.com, Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability (13.09.2006)
Files:Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Microsoft Windows daxctle.ocx and HTML parsing buffer overflows
updated since 13.09.2006
Published:15.11.2006
Source:
SecurityVulns ID:6614
Type:client
Threat Level:
9/10
Description:DirectAnimation.PathControl ActiveX control KeyFrame method heap overflow. Buffer overflow in CSS Floatproperty. May be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentZDI, [Full-disclosure] ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability (15.11.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) (14.11.2006)
Files:Internet Explorer COM Object Heap Overflow Download Exec Exploit
 Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod