Mcafee Network Agent buffer overflow
Published:		13.10.2006
Source:		JAACOIS
SecurityVulns ID:		6709
Type:		remote
Level:		6/10
Description:		Buffer overflow on oversized string to TCP/6646.

Files:		Exploits Mcafee Network Agent (mcnasvc.exe) Remote DoS
Discuss:		Read or add your comments to this news (0 comments)

PHP safe_mode glob() protection bypass
Published:		13.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6711
Type:		local
Level:		5/10
Description:		glob() function allows to check existance of file/directory and build directory listing.

Affected:

PHP : PHP 5.2

Files:		PHP Safe mode breaker
Discuss:		Read or add your comments to this news (0 comments)

Toshiba bluetooth stack memory corruption
Published:		13.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6714
Type:		remote
Level:		5/10
Description:		Malformed bluetooth packet causes memory corruption.

Affected:

TOSHIBA : Toshiba Bluetooth Stack 4.0

Original document

Research, SecureWorks Research Client Advisory: Multiple Vendor Bluetooth Memory Stack Corruption Vulnerability (13.10.2006)

Discuss:

Read or add your comments to this news (0 comments)

HP Version Control Agen unauthorized access
Published:		13.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6715
Type:		remote
Level:		5/10

Original document

HP, [security bulletin] HPSBMA02158 SSRT061251 rev.1 - HP Version Control Agent, Remote Unauthorized Access and Possible Elevation of Privilege (13.10.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple FreeBSD vulnerabilities
Published:		13.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6716
Type:		local
Level:		5/10
Description:		Multiple DoS conditions. Crash on ftruncate on non-file device. sched_setscheduler() DoS.

Files:		FreeBSD ftruncate DoS
		Exploits FreeBSD sched_setscheduler() DoS
Discuss:		Read or add your comments to this news (0 comments)

Google Earth buffer overflow
Published:		13.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6710
Type:		client
Level:		5/10
Description:		Buffer overflow on .kml and .kmz files.

Affected:

GOOGLE : Google Earth 4.0

Files:		Google Earth (kml & kmz files) Heap Overflow
Discuss:		Read or add your comments to this news (0 comments)

Wireless Location Appliance default account
Published:		13.10.2006
Source:		BUGTRAQ
SecurityVulns ID:		6713
Type:		remote
Level:		6/10
Description:		'root' account has dafult password.

Affected:

CISCO : Wireless Location Appliances 2.1

Original document

CISCO, Cisco Security Advisory: Default Password in Wireless Location Appliance (13.10.2006)

Discuss:

Read or add your comments to this news (1 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		13.10.2006
Source:
SecurityVulns ID:		6712
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		XEOPORT : Xeobook 0.93
		XEOPORT : XeoPort 0.81
		MAMBO : ExtCalThai_Component 0.9
		MALUINFO : maluinfo 206.2
		PHPBB : phpBB PlusXL 2.0
		GENEPI : Genepi 1.6
		CDSAGENDA : Cdsagenda 4.2
		PHPMYCONFERENCES : phpMyConferences 8.0
		OCS : Open Conference Systems 1.1
		PHPBB : PHPBB insert user 0.1
		REDACTIONSYSTEM : Redaction System 1.0
		PHPBB : phpBB SpamBlocker Mod 1.0
		PHPBB : phpBB Import Tools Mod 0.1
		PHPBB : phpBB Ajax Shoutbox 0.0
		AFGB : afgb GUESTBOOK 2.2
		MINIBB : miniBB keyword_replacer 1.0

Original document		CvIr.System_(at)_gmail.com, CMS contenido Remote File Inclusion (13.10.2006)
		Kw3rLn, miniBB keyword_replacer <= 1.0 [pathToFiles] Remote File Include Vulnerability (13.10.2006)
		MILW0RM, AFGB GUESTBOOK 2.2 (Htmls) Remote File Include Vulnerabilities (13.10.2006)
		MILW0RM, phpBB Ajax Shoutbox <= 0.0.5 Remote File Include Vulnerability (13.10.2006)
		MILW0RM, phpBB Import Tools Mod <= 0.1.4 Remote File Include Vulnerability (13.10.2006)
		MILW0RM, phpht Topsites (common.php) Remote File Include Vulnerability (13.10.2006)
		k1tk4t_(at)_newhack.org, Open Conference Systems <= 1.1.3 Remote File Inclusion (13.10.2006)
		k1tk4t_(at)_newhack.org, phpMyConferences <= 8.0.2 Remote File Inclusion (13.10.2006)
		MILW0RM, Cdsagenda <= 4.2.9 (SendAlertEmail.php) File Include Vulnerability (13.10.2006)
		Kw3rLn, Genepi <= 1.6 [topdir] Remote File Include Vulnerability (13.10.2006)
		k1tk4t_(at)_newhack.org, ExtCalThai_Component <= 0.9.1 Remote File Inclusion (13.10.2006)
		ReeM_HaCk_(at)_HoTmAiL.cOm, Security Suite IP Logger Remote File Inclusion (13.10.2006)
		ReeM_HaCk_(at)_HoTmAiL.cOm, Security Suite IP Logger Remote File Inclusion (13.10.2006)
		hack2prison_(at)_yahoo.com, Iono all version fullpath disclosure (13.10.2006)
		tamriel_(at)_gmx.net, Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities (13.10.2006)
		tamriel_(at)_gmx.net, XeoPort <= 0.81 SQL Injection Vulnerability (13.10.2006)

Files:		maluinfo version 206.2.38l Remote File Include Vulnerability
		PHPBB insert user 0.1
		Redaction System 1.0000 - Remote Include Exploit
		Exploits phpBB PlusXL 2.x <= biuld 272 Remote File Include Vulnerability
		pamBlockerMODv <= 1.0.2 Remote File Include Vulnerability
Discuss:		Read or add your comments to this news (0 comments)

BulletProof FTP client buffer overflow
Published:		13.10.2006
Source:		MILW0RM
SecurityVulns ID:		6717
Type:		remote
Level:		5/10
Description:		Buffer overflow on server reply parsing.

Affected:

BPFTPSERVER : BulletProof FTP 2.45

Files:		BulletProof FTP (Client) V2.45 0day Buffer Overflow PoC Exploit
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Office multiple security vulnerabilities updated since 11.10.2006
Published:		13.10.2006
Source:		MICROSOFT
SecurityVulns ID:		6697
Type:		client
Level:		8/10
Description:		Multiple Excel vulnerabilities on different records type parsing and formats conversion. Multiple Microsoft Word code execution vulnerabilities. Memory corruptions in different Office products.

Affected:		MICROSOFT : Office 2000
		MICROSOFT : Office XP
		MICROSOFT : Office 2003
		MICROSOFT : Office 2004 for Mac
		MICROSOFT : Office v. X for Mac
		MICROSOFT : Works 2004
		MICROSOFT : Works 2005
		MICROSOFT : Works 2006

Original document		MCAFEE, MS06-060 Microsoft Word Memmove Code Execution (13.10.2006)
		MCAFEE, [Full-disclosure] MS06-060 Microsoft Word Memmove Code Execution (12.10.2006)
		Sowhat ., Microsoft Office Malformed Record Memory Corruption Vulnerability (11.10.2006)
		ZDI, ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability (11.10.2006)
		ZDI, ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability (11.10.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) (11.10.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) (11.10.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164) (11.10.2006)

Files:		Microsoft Security Bulletin MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
		Microsoft Security Bulletin MS06-059 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
		Microsoft Security Bulletin MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
Discuss:		Read or add your comments to this news (0 comments)