Computer Security
[EN] no-pyccku

Microsoft HTML Help Workshop buffer overflow
updated since 06.02.2006
SecurityVulns ID:5738
Threat Level:
Description:Buffer overflow on .hhp files parsing.
Affected:MICROSOFT : Microsoft HTML Help Workshop 4.74
Original documentdocumentEagle Werros, Eagle Werros (14.02.2006)
 documentEagle Werros, vuln & p0c (10.02.2006)
 documentSECUNIA, [SA18740] Microsoft HTML Help Workshop ".hhp" Parsing Buffer Overflow (06.02.2006)
Files: Microsoft HTML Help Workshop ".hhp" File Handling Buffer Overflow Exploit
 Exploits HTML Help Workshop buffer overflow
 Windows HTML Help Workshop Index File Stack Overflow Exploit

Microsoft Internet Explorer Drag-and-Drop code execution
updated since 13.02.2006
SecurityVulns ID:5766
Threat Level:
Description:By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.
Affected:MICROSOFT : Internet Explorer 5.01
 MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentMatthew Murphy, Microsoft Internet Explorer Drag-and-Drop Redeux (14.02.2006)
 documentSECURITEAM, [NT] Microsoft Internet Explorer Drag-and-Drop Redeux (13.02.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:5768
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CLEVERCOPY : Clever Copy 2.0
 CLEVERCOPY : Clever Copy 3.0
 HINTONDESIGN : phpstatus 1.0
 RUNCMS : Runcms 1.3
 DOCMGR : DocMGR 0.54
 HINTONDESIGN : phphd 1.0
 GASTBUCH : gastbuch 1.3
 SITEFRAME : Beaumont 5.0
 EGS : Enterprise Groupware System 1.0
 QWIKIWIKI : QwikiWiki 1.5
 PYBLOSXOM : PyBlosxom 1.3
 ZENCART : Zen Cart 1.2
Original documentdocumentSECUNIA, [SA18801] Zen Cart Unspecified SQL Injection Vulnerabilities (14.02.2006)
 documentSECUNIA, [SA18831] RunCMS pmlite.php SQL Injection Vulnerability (14.02.2006)
 documentSECUNIA, [SA18858] PyBlosxom Arbitrary File Disclosure Vulnerability (14.02.2006)
 documentSECUNIA, [SA18814] QwikiWiki "search.php" Cross-Site Scripting Vulnerability (14.02.2006)
 documentrgod_(at), EGS Enterprise Groupware System 1.0 rc4 remote commands execution & FlySpray 0.9.7 remote commands execution (14.02.2006)
 documentfederico.alice_(at), Siteframe Beaumont 5.0.1a <== Cross-Site Scripting Vulnerability (14.02.2006)
 documentMicha Borrmann, XSS vulnerability in guestbook-php-script (14.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phpstatus Authentication Bypass (14.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Clever Copy 'Referer' & 'X-Forwarded-For' XSS Vulnerabilities (14.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phphd Multiple Vulnerabilities (14.02.2006)
 documentrgod_(at), DocMGR <= 0.54.2 arbitrary remote inclusion (14.02.2006)
Files:DocMGR <= 0.54.2 remote commands execution exploit
 EGS Enterprise Groupware System <=1.0 rc4 remote commands execution exploit

eStara Softphone SIP VoIP phone buffer overflow
updated since 12.01.2006
SecurityVulns ID:5625
Threat Level:
Description:Buffer overflow on oversized SIP packet attribute field. Integer overflows and format string bugs.
Affected:ESTARA : eStara Softphone 3.0
Original documentdocumentzwell_(at), eStara SIP softphone several message-processing vulnerabilities (14.02.2006)
 documentzwell_(at), eStara Softphone SIP stack Buffer Overflow Vulnerability (12.01.2006)
Files:Exploits eStara Softphone SIP stack Buffer Overflow Vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod