Sun Java Webstart virtual machine protection bypass
Published:		14.06.2005
Source:		SECUNIA
SecurityVulns ID:		4887
Type:		client
Level:		6/10
Description:		It's possible to bypass sandbox environment.

Affected:		SUN : JRE 1.5
		SUN : JDK 1.5
		SUN : J2SE 5.0

Original document

SECUNIA, [SA15671] Java Web Start Sandbox Security Bypass Vulnerability (14.06.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple bluetooth devices DoS
Published:		14.06.2005
Source:		BUGTRAQ
SecurityVulns ID:		4884
Type:		local
Level:		5/10
Description:		Traffic or connection flood leads to denial of service.

Affected:		NOKIA : Nokia 7650
		NOKIA : Nokia 6600
		SIEMENS : Siemens V55
		MOTOROLA : Motorola S55

Original document

hugo_(at)_infohacking.com, Bluetooth SIG Denial of Service vulnerability (14.06.2005)

Discuss:

Read or add your comments to this news (0 comments)

Novell eDirectory directory services special DOS device names DoS
Published:		14.06.2005
Source:		FULL-DISCLOSURE
SecurityVulns ID:		4885
Type:		remote
Level:		5/10
Description:		Special devices access causes error in dhost.exe.

Affected:

NOVELL : Novell eDirectory 8.7

Original document

CIRT Advisory, [Full-disclosure] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service (14.06.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Macromedia products licensgin service privilege escalation
Published:		14.06.2005
Source:		SECUNIA
SecurityVulns ID:		4886
Type:		local
Level:		6/10
Description:		Ilcensing service file has weak permisions and may be spoofed by local user.

Affected:		MACROMEDIA : Dreamweaver MX 2004
		MACROMEDIA : Captivate
		MACROMEDIA : Contribute 2
		MACROMEDIA : Contribute 3
		MACROMEDIA : Director MX 2004
		MACROMEDIA : Fireworks MX 2004
		ADOBE : Flash MX 2004
		MACROMEDIA : FreeHand MX
		MACROMEDIA : Macromedia Studio MX 2004

Original document

SECUNIA, [SA15654] Macromedia Products Privilege Escalation Vulnerability (14.06.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple bugs in OpenSSL updated since 30.09.2003
Published:		14.06.2005
Source:		BUGTRAQ
SecurityVulns ID:		3151
Type:		remote
Level:		7/10
Description:		Rpbolem with stack corruption, uninitialized memory references.

Affected:		OPENSSL : OpenSSL 0.9
		APPLE : Mac OS X 10.2
		CRAY : COS 3.4
		STUNNEL : Stunnel 0.9
		PWLIB : PWLib 1.4
		PWLIB : PWLib 1.5
		NOVELL : iManager 2.02

Original document		CIRT Advisory, [Full-disclosure] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module (14.06.2005)
		REDHAT, [RHSA-2004:048-01] Updated PWLib packages fix protocol security issues (16.02.2004)
		OPENSSL, [OpenSSL Advisory] Denial of Service in ASN.1 parsing (05.11.2003)
		Patrik Hornik, New OpenSSL remote vulnerability (issue date 2003/10/02) (03.10.2003)
		CERT, CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations (03.10.2003)
		OPENSSL, [Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing (30.09.2003)
		OPENPKG, Subject: [OpenPKG-SA-2003.044] OpenPKG Security Advisory (openssl) (30.09.2003)

Files:		OpenSSL ASN.1 parsing bugs PoC / brute forcer
Discuss:		Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities updated since 14.06.2005
Published:		18.06.2005
Source:
SecurityVulns ID:		4883
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected:		PAFILEDB : paFileDB 3.1
		UPB : Ultimate PHP Board 1.9
		SQUIRRELMAIL : squirrelmail 1.4
		SINGAPORE : singapore 0.9
		E107 : E107 0.617
		MAMBO : Mambo 4.5
		XAMPP : XAMPP 1.4
		AWSD : WebHints 1.03
		INTERACTIVEPHP : FusionBB 0.11
		PHPFORUMS : McGallery 1.1
		BITRIX : Bitrix Site Manager 4.0
		1TWO : Annuaire 1Two 1.0
		DOKEOS : Dokeos 1.5
		COOLCAFE : Cool Cafe Chat 1.2
		ATUTOR : ATutor 1.4
		ATUTOR : ATutor 1.5
		CONTELLIGENT : Contelligent 9.0
		AMAROK : amaroK Web Frontend 1.3
		AJAX : ajax-spell 1.7

Original document		SECUNIA, [SA15736] amaroK Web Frontend Exposure of User Credentials (18.06.2005)
		SECUNIA, [SA15738] Contelligent Preview Privilege Escalation Vulnerability (17.06.2005)
		SECUNIA, [SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure (17.06.2005)
		SECUNIA, [SA15705] ATutor Cross-Site Scripting Vulnerabilities (17.06.2005)
		morning_wood, [Full-disclosure] CoolCafe Chat SQL injection (17.06.2005)
		Marc Ruef, e107 v0.617 several new and old vulnerabilities (17.06.2005)
		SQUIRRELMAIL, [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] (17.06.2005)
		Alberto Trivero, M4DR007-06SA (security advisory): Multiple vulnerabilities in UPB 1.9.6 GOLD (17.06.2005)
		Sieg Fried, [Full-disclosure] Dokeos - Multiple Vulnerabilities (16.06.2005)
		SECUNIA, [SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion (16.06.2005)
		Emanuele "MadSheep" Gentili, MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability (16.06.2005)
		pokleyzz, Mambo 4.5.2.2 SQL Injection in UPDATE statement (16.06.2005)
		JeiAr, Multiple paFileDB Vulnerabilities (16.06.2005)
		D_BuG, Vulnerability: Bitrix Web Server Paths (16.06.2005)
		D_BuG, Vulnerability: Bitrix Php inclusion (16.06.2005)
		D_BuG, Vulnerability: McGallery v 1.1 Mysql DB including (16.06.2005)
		D_BuG, Vulnerability: McGallery v 1.1 files reading on disk (16.06.2005)
		JeiAr, FusionBB Multiple Vulnerabilities (16.06.2005)
		ActionSpider_(at)_linuxmail.com, Remote Exploit for Web_store.cgi (16.06.2005)
		thegreatone2176_(at)_yahoo.com, singapore v0.9.11 cross site scripting and path disclosure (14.06.2005)
		blackshoe_(at)_gmail.com, File Upload Manager Sploits (14.06.2005)

Files:		Passwords Decrypter for UPB <= 1.9.6
Discuss:		Read or add your comments to this news (0 comments)