Search:Vulnerability:14.07.2004 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Microsoft HTML Help buffer overflow
Published: 14.07.2004
Source: MICROSOFT
SecurityVulns ID: 3845
Type: client
Level: 8/10
Description: Buffer overflow on CHM format parsing.

Affected: MICROSOFT : Windows NT 4.0 Workstation
MICROSOFT : Windows NT 4.0 Server
MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server

Original document Brett Moore, HtmlHelp - .CHM File Heap Overflow (14.07.2004)

MICROSOFT, Microsoft Security Bulletin MS04-023 (14.07.2004)

Files: Microsoft Security Bulletin MS04-023 Vulnerability in HTML Help Could Allow Code Execution (840315)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Windows Task Scheduler buffer overflow
Published: 14.07.2004
Source: MICROSOFT
SecurityVulns ID: 3844
Type: client
Level: 6/10
Description: Buffer overflow during .job files parsing.

Affected: MICROSOFT : Windows NT 4.0 Workstation
MICROSOFT : Windows NT 4.0 Server
MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP

Original document Brett Moore, Unchecked buffer in mstask.dll (14.07.2004)

NGSSoftware Insight Security Research, Microsoft Windows Task Scheduler '.job' Stack Overflow (14.07.2004)

MICROSOFT, Microsoft Security Bulletin MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (841873) (14.07.2004)

Files: Microsoft Windows 2K/XP Task Scheduler Vulnerability (MS04-022) Proof-of-Concept Exploit for English WinXP SP1
(MS04-022) Microsoft Windows XP Task Scheduler (.job) Universal Exploit
Microsoft Security Bulletin MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (841873)
Discuss: Read or add your comments to this news (0 comments)

Windows POSIX subsystem buffer overflow
Published: 14.07.2004
Source: MICROSOFT
SecurityVulns ID: 3846
Type: local
Level: 5/10
Description: POSIX subsystem overflow allows privilege escalation.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : INTERIX 2.2

Original document MICROSOFT, Microsoft Security Bulletin MS04-020 Vulnerability in POSIX Could Allow Code Execution (841872) (14.07.2004)

Files: �� POSIX.EXE (MS04-020) by 0x90 [at] rambler.ru
Microsoft Windows POSIX Subsystem Local Privilege Escalation Exploit (MS04-020)
Microsoft Security Bulletin MS04-020 Vulnerability in POSIX Could Allow Code Execution (841872)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Internet Information Server buffer overflow
Published: 14.07.2004
Source: MICROSOFT
SecurityVulns ID: 3847
Type: remote
Level: 5/10
Description: Buffer overflow on oversized URL to redirected site.

Affected: MICROSOFT : Internet Information Server 4.0

Original document MICROSOFT, Microsoft Security Bulletin MS04-021 (14.07.2004)

Files: Microsoft Security Bulletin MS04-021 Security Update for IIS 4.0 (841373)
Discuss: Read or add your comments to this news (0 comments)

Windows Shell file type spoofing
Published: 14.07.2004
Source: MICROSOFT
SecurityVulns ID: 3848
Type: client
Level: 5/10
Description: By using class id in content-disposition it's possible ti spoof file type. Content-Disposition: attachment; filename=malware.{3050f4d8-98B5- 11CF-BB82-00AA00BDCE0B}fun_ball_gites_pie_throw%2Empeg"

Affected: MICROSOFT : Windows NT 4.0 Workstation
MICROSOFT : Windows NT 4.0 Server
MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Professional
MICROSOFT : Windows XP
MICROSOFT : Windows 2003 Server

Original document MICROSOFT, Microsoft Security Bulletin MS04-024 (14.07.2004)

Files: Microsoft Security Bulletin MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution (839645)
Discuss: Read or add your comments to this news (0 comments)

Microsoft Outlook Express DoS
Published: 14.07.2004
Source: MICROSOFT
SecurityVulns ID: 3849
Type: client
Level: 4/10
Description: Invalid mail headers processing.

Original document MICROSOFT, Microsoft Security Bulletin MS04-018 (14.07.2004)

Files: Microsoft Security Bulletin MS04-018 Cumulative Security Update for Outlook Express (823353)
Discuss: Read or add your comments to this news (0 comments)

IBM AIX Inventory Scout symbolic links problem
Published: 14.07.2004
Source: SECURITEAM
SecurityVulns ID: 3836
Type: local
Level: 6/10
Description: Unsafe temporary dirs usage.

Affected: IBM : AIX 4.3
IBM : AIX 5.1

Original document SECURITEAM, [EXPL] IBM AIX Inventory Scout Log File Vulnerability (invscoutd) (14.07.2004)

Files: Exploit invscoutd of Aix4.x & 5L to get a uid=0 shell.
Discuss: Read or add your comments to this news (0 comments)

PHP strip_tags protection bypass
Published: 14.07.2004
Source: FULL-DISCLOSURE
SecurityVulns ID: 3840
Type: remote
Level: 5/10
Description: Insertion null character into tag allow protection bypass for few browsers.

Affected: PHP : PHP 4.3
PHP : PHP 5.0

Original document Stefan Esser, [Full-Disclosure] Advisory 12/2004: PHP strip_tags() bypass vulnerability (14.07.2004)

Discuss: Read or add your comments to this news (0 comments)

PHP memory corruption
Published: 14.07.2004
Source: FULL-DISCLOSURE
SecurityVulns ID: 3841
Type: remote
Level: 6/10
Description: Invalid exceptional conditions handling allows memory corruption leading to code execution.

Affected: PHP : PHP 4.3
PHP : PHP 5.0

Original document Stefan Esser, [Full-Disclosure] Advisory 11/2004: PHP memory_limit remote vulnerability (14.07.2004)

Files: Remote exploit for the php memory_limit vulnerability
Discuss: Read or add your comments to this news (0 comments)

Mozilla crossite scripting
Published: 14.07.2004
Source: BUGTRAQ
SecurityVulns ID: 3842
Type: remote
Level: 5/10
Description: By using local cache it's possible to access local files.

Affected: MOZILLA : Mozilla 1.7
MOZILLA : Firefox 0.9

Original document Mind Warper, Two Vulnerabilities in Mozilla may lead to remote compromise (14.07.2004)

Discuss: Read or add your comments to this news (0 comments)

4D Webstar multiple bugs
Published: 14.07.2004
Source: BUGTRAQ
SecurityVulns ID: 3843
Type: remote
Level: 6/10
Description: Buffer overflow, information leakage, symbolic links.

Affected: 4D : WebSTAR 5.3

Original document L0PHT, @stake advisory: WebSTAR (5.3.2 and below) Multiple Vulnerabilities (14.07.2004)

Discuss: Read or add your comments to this news (0 comments)

FoxMail buffer overflow
updated since 14.07.2004
Published: 14.07.2004
Source: SECURITEAM
SecurityVulns ID: 3838
Type: remote
Level: 5/10
Description: Buffer overflow on oversized From:

Affected: FOXMAIL : Foxmail 5.0

Original document SECURITEAM, [EXPL] Foxmail FROM Field Buffer Overflow (14.07.2004)

Discuss: Read or add your comments to this news (0 comments)

CGI bugs
updated since 14.07.2004
Published: 17.07.2004
Source:
SecurityVulns ID: 3839
Type: remote
Level: 5/10

Affected: PHPBB : phpBB 2.06
PHPNUKE : PHPNuke 7.3
MOODLE : Moodle 1.3
MOODLE : Moodle 1.4
THEWEBMASTERFORU : Board Power forum 2.04

Original document Janek Vind, [waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2] (17.07.2004)

Janek Vind, [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8] (16.07.2004)

Alexander Antipov, [Full-Disclosure] XSS in Board Power forum (15.07.2004)

sasan hezarkhani, PHP BB bug (15.07.2004)

document Thomas Waldegger, Moodle XSS Vulnerability (14.07.2004)

Discuss: Read or add your comments to this news (0 comments)

HP-UX Xfs buffer overflow
updated since 14.07.2004
Published: 26.07.2004
Source: SECURITEAM
SecurityVulns ID: 3837
Type: remote
Level: 6/10
Description: Buffer overflow on oversized line in configuration file (sgid bin).

Affected: HP : HP-UX 11.00

Original document HP, [security bulletin] SSRT4773 HP-UX xfs and stmkfont remote unauthorized access (26.07.2004)

SECURITEAM, [EXPL] HP-UX Xfs Daemon Port Buffer Overflow (14.07.2004)

Files: Exploit xfs command of HPUX to get bin gid shell.
Discuss: Read or add your comments to this news (0 comments)