Search:Vulnerability:13.09.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple Microsoft Internet Explorer security vulnerabilities
updated since 08.08.2006
Published: 13.09.2006
Source: MICROSOFT
SecurityVulns ID: 6465
Type: client
Level: 9/10
Description: Crossite scripting, crossite information access, FTP commands injection. Vulnerabilities can be used for hidden malware installation.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server

Original document EEYE, [EEYEB-20080824] Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2 (13.09.2006)

NSFOCUS, NSFOCUS SA2006-08 : Microsoft IE6 urlmon.dll Long URL Buffer Overflow Vulnerability (28.08.2006)

EEYE, [Full-disclosure] EEYE: Internet Explorer Compressed Content URL Heap Overflow Vulnerability (25.08.2006)

document MICROSOFT, Microsoft Security Advisory (923762) Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit (23.08.2006)

EEYE, EEYE:ALERT: MS06-042 Related Internet Explorer 'Crash' is Exploitable (23.08.2006)

document TSRT_(at)_3com.com, [Full-disclosure] TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability (09.08.2006)

TSRT_(at)_3com.com, [Full-disclosure] TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability (09.08.2006)

ZDI, ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability (09.08.2006)

document ZDI, ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability (09.08.2006)

MICROSOFT, Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) (08.08.2006)

Files: Internet Explorer COM CreateObject Code Execution exploit (metasploit)
Internet Explorer 6 Service Pack 1 unexpectedly exits after you install the 918899 update
Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Publisher memory corruption
updated since 12.09.2006
Published: 13.09.2006
Source: MICROSOFT
SecurityVulns ID: 6605
Type: client
Level: 5/10
Description: Memory corruption on .pub files parsing.

Affected: MICROSOFT : Office 2000
MICROSOFT : Office XP
MICROSOFT : Office 2003

Original document irc_(at)_computerterrorism.com, Computer Terrorism (UK) :: Incident Response Centre - Microsoft Publisher Font Parsing Vulnerability (13.09.2006)

MICROSOFT, Microsoft Security Bulletin MS06-054 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729) (12.09.2006)

Files: Microsoft Security Bulletin MS06-054 Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729)
Discuss: Read or add your comments to this news (0 comments)

XFree / X.org integer overflows
Published: 13.09.2006
Source: BUGTRAQ
SecurityVulns ID: 6606
Type: local
Level: 6/10
Description: Multiple integer overflows on Type One fonts parsing.

Affected: XFREE : XFree86 4.6
XORG : X.Org 1.2

Original document IDEFENSE, iDefense Security Advisory 09.12.06: Multiple Vendor X Server CID-keyed Fonts 'scan_cidfont()' Integer Overflow Vulnerability (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 13.09.2006
Source:
SecurityVulns ID: 6610
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: SOFTCOMPLEX : PHP Event Calendar 1.5
WTOOLS : WTools 0.0
PHPBB : phpBB XS 0.58
SQLLEDGER : SQL-Ledger 2.6
LEDGERSMB : LedgerSMB 1.0
NEWSSCRIPT : Newsscript 0.5
CCHOST : ccHost 3.0
SIGNKORN : Signkorn Guestbook 1.3
QuickSilver : Quicksilver Forum 1.2

Original document bilkopat_(at)_hotmail.com, Quicksilver Forums [(v1.2.0)+(1.2.1)] (set[include_path]) Remote File Inclusion Vulnerabilities (13.09.2006)

SHiKaA-_(at)_hotmail.com, Signkorn Guestbook <= v1.3 (dir_path) Remote File Inclusion Exploit (13.09.2006)

SECUNIA, [SA21822] ccHost File ID SQL Injection Vulnerability (13.09.2006)

document daftrix_(at)_gmail.com, Newsscript version 0.5 (print.php) Local File Inclusion Vulnerability (13.09.2006)

Chris Travers, LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution (13.09.2006)

azzcoder_(at)_hotmail.com, AzzCoder => phpBB XS 0.58 Remote File Include (13.09.2006)

document erne_(at)_ernealizm.com, WTools v0.0.1-ALPH - Remote File Include Vulnerabilities (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

NetGear routers buffer overflow
Published: 13.09.2006
Source: BUGTRAQ
SecurityVulns ID: 6609
Type: remote
Level: 5/10
Description: Buffer overflow on oversized username in Web interface.

Affected: NETGEAR : Netgear DG834GT

Original document nullflag_(at)_gmail.com, NETGEAR Rotuer DG834GT Firmware V1.01.28 (DoS) (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple Macromedia Coldfusion security vulnerabilities
Published: 13.09.2006
Source: BUGTRAQ
SecurityVulns ID: 6613
Type: remote
Level: 5/10
Description: DoS, crossite scripting, sandbox escaping.

Affected: ADOBE : Macromedia ColdFusion MX 7
ADOBE : Macromedia ColdFusion MX 6.1
CVE: CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.)

Original document SECUNIA, [SA21858] ColdFusion Error Page Cross-Site Scripting Vulnerability (13.09.2006)

SECUNIA, [SA21866] ColdFusion Denial of Service and Sandbox Bypass (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple NetPerformer FRAD ACT security vulnerabilities
Published: 13.09.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 6612
Type: remote
Level: 5/10
Description: Buffer overflow on oversized telnet username, LAND attack vulnerability.

Original document arif.jatmoko_(at)_sea.ccamatil.com, [Full-disclosure] NetPerformer FRAD ACT Multiple Vulnerabilities (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Cisco routers and Catalist switches multiple VTP security vulnerabilities
updated since 13.09.2006
Published: 14.09.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 6611
Type: remote
Level: 7/10
Description: DoS, integer overflow and buffer oveflow on VTP (VLAN Trunking Protocol) packets parsing.

Affected: CISCO : IOS 12.1

Original document CISCO, Re: Cisco IOS VTP issues (14.09.2006)

FX, bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, darklab@darklab.org (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple Apple QuickTime security vulnerabilities
updated since 13.09.2006
Published: 22.09.2006
Source: BUGTRAQ
SecurityVulns ID: 6607
Type: client
Level: 6/10
Description: Integer overflow on H.264 protocol parsing, heap buffer overflow on parsing FLIC files.

Affected: APPLE : QuickTime 7.1

Original document SECUNIA, [SA22048] Apple QuickTime Plug-In Local Resource Linking Weakness (22.09.2006)

Reversemode, [Reversemode Advisory] Apple Quicktime FLIC File Heap Overflow (18.09.2006)

Avert, Multiple Vulnerabilities in Apple QuickTime (13.09.2006)

CERT, US-CERT Technical Cyber Security Alert TA06-256A -- Apple QuickTime Vulnerabilities (13.09.2006)

document Piotr Bania, Apple QuickTime Player H.264 Codec Remote Integer Overflow (13.09.2006)

Sowhat ., Apple QuickTime H.264 Integer Overflow Vulnerability (13.09.2006)

IDEFENSE, iDefense Security Advisory 09.12.06: Apple QuickTime FLIC File Heap Overflow Vulnerability (13.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Macromedia Flash Player buffer overflow
updated since 13.09.2006
Published: 14.11.2006
Source: BUGTRAQ
SecurityVulns ID: 6608
Type: client
Level: 8/10
Description: Buffer overflow on .swf files playing. Vulnerability can be used for hidden malware installation through browser.

Affected: MICROSOFT : Windows XP
ADOBE : Flash MX 2004
ADOBE : Flash Player 8.0
ADOBE : Flex 1.5

Original document MICROSOFT, Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) (14.11.2006)

irc_(at)_computerterrorism.com, Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability (13.09.2006)

Files: Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
Discuss: Read or add your comments to this news (2 comments)

Microsoft Windows daxctle.ocx and HTML parsing buffer overflows
updated since 13.09.2006
Published: 15.11.2006
Source: BUGTRAQ
SecurityVulns ID: 6614
Type: client
Level: 9/10
Description: DirectAnimation.PathControl ActiveX control KeyFrame method heap overflow. Buffer overflow in CSS Floatproperty. May be used for hidden malware installation.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server

Original document ZDI, [Full-disclosure] ZDI-06-041: Microsoft Internet Explorer CSS Float Property Memory Corruption Vulnerability (15.11.2006)

MICROSOFT, Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) (14.11.2006)

Files: Internet Explorer COM Object Heap Overflow Download Exec Exploit
Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760)
Discuss: Read or add your comments to this news (0 comments)