Microsoft HTML Help Workshop buffer overflow updated since 06.02.2006
Published:		14.02.2006
Source:		SECUNIA
SecurityVulns ID:		5738
Type:		client
Level:		5/10
Description:		Buffer overflow on .hhp files parsing.

Affected:

MICROSOFT : Microsoft HTML Help Workshop 4.74

Original document		Eagle Werros, Eagle Werros (14.02.2006)
		Eagle Werros, vuln & p0c (10.02.2006)
		SECUNIA, [SA18740] Microsoft HTML Help Workshop ".hhp" Parsing Buffer Overflow (06.02.2006)

Files:		Microsoft HTML Help Workshop ".hhp" File Handling Buffer Overflow Exploit
		Exploits HTML Help Workshop buffer overflow
		Windows HTML Help Workshop Index File Stack Overflow Exploit
Discuss:		Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.02.2006
Source:
SecurityVulns ID:		5768
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CLEVERCOPY : Clever Copy 2.0
		CLEVERCOPY : Clever Copy 3.0
		HINTONDESIGN : phpstatus 1.0
		RUNCMS : Runcms 1.3
		DOCMGR : DocMGR 0.54
		HINTONDESIGN : phphd 1.0
		GASTBUCH : gastbuch 1.3
		SITEFRAME : Beaumont 5.0
		EGS : Enterprise Groupware System 1.0
		QWIKIWIKI : QwikiWiki 1.5
		PYBLOSXOM : PyBlosxom 1.3
		ZENCART : Zen Cart 1.2

Original document		SECUNIA, [SA18801] Zen Cart Unspecified SQL Injection Vulnerabilities (14.02.2006)
		SECUNIA, [SA18831] RunCMS pmlite.php SQL Injection Vulnerability (14.02.2006)
		SECUNIA, [SA18858] PyBlosxom Arbitrary File Disclosure Vulnerability (14.02.2006)
		SECUNIA, [SA18814] QwikiWiki "search.php" Cross-Site Scripting Vulnerability (14.02.2006)
		rgod_(at)_autistici.org, EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution (14.02.2006)
		federico.alice_(at)_tiscali.it, Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability (14.02.2006)
		Micha Borrmann, XSS vulnerability in guestbook-php-script (14.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] phpstatus Authentication Bypass (14.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities (14.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] phphd Multiple Vulnerabilities (14.02.2006)
		rgod_(at)_autistici.org, DocMGR <= 0.54.2 arbitrary remote inclusion (14.02.2006)

Files:		EGS Enterprise Groupware System <=1.0 rc4 remote commands execution exploit
		DocMGR <= 0.54.2 remote commands execution exploit
Discuss:		Read or add your comments to this news (0 comments)

eStara Softphone SIP VoIP phone buffer overflow updated since 12.01.2006
Published:		14.02.2006
Source:		BUGTRAQ
SecurityVulns ID:		5625
Type:		remote
Level:		6/10
Description:		Buffer overflow on oversized SIP packet attribute field. Integer overflows and format string bugs.

Affected:

ESTARA : eStara Softphone 3.0

Original document		zwell_(at)_sohu.com, eStara SIP softphone several message-processing vulnerabilities (14.02.2006)
		zwell_(at)_sohu.com, eStara Softphone SIP stack Buffer Overflow Vulnerability (12.01.2006)

Files:		Exploits eStara Softphone SIP stack Buffer Overflow Vulnerability
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Internet Explorer Drag-and-Drop code execution updated since 13.02.2006
Published:		14.02.2006
Source:		SECURITEAM
SecurityVulns ID:		5766
Type:		remote
Level:		5/10
Description:		By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.

Affected:		MICROSOFT : Internet Explorer 5.01
		MICROSOFT : Internet Explorer 5.5
		MICROSOFT : Internet Explorer 6.0

Original document		Matthew Murphy, Microsoft Internet Explorer Drag-and-Drop Redeux (14.02.2006)
		SECURITEAM, [NT] Microsoft Internet Explorer Drag-and-Drop Redeux (13.02.2006)

Discuss:

Read or add your comments to this news (0 comments)