Macromedia Flash Player buffer overflow updated since 13.09.2006
Published:		14.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6608
Type:		client
Level:		8/10
Description:		Buffer overflow on .swf files playing. Vulnerability can be used for hidden malware installation through browser.

Affected:		MICROSOFT : Windows XP
		ADOBE : Flash MX 2004
		ADOBE : Flash Player 8.0
		ADOBE : Flex 1.5

Original document		MICROSOFT, Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) (14.11.2006)
		irc_(at)_computerterrorism.com, Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability (13.09.2006)

Files:		Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
Discuss:		Read or add your comments to this news (2 comments)

Microsoft Windows XMLHTTP ActiveX code execution updated since 05.11.2006
Published:		14.11.2006
Source:		MICROSOFT
SecurityVulns ID:		6784
Type:		client
Level:		9/10
Description:		ActiveX vulenrability is used for silent malware installation.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		MICROSOFT, Microsoft Security Bulletin MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) (14.11.2006)
		MICROSOFT, Microsoft Security Advisory (927892) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (05.11.2006)

Files:		MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
		MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
		Microsoft Security Bulletin MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
		Microsoft Security Advisory (927892) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Discuss:		Read or add your comments to this news (2 comments)

Citrix Metaframe multiple security vulnerabilities updated since 09.11.2006
Published:		14.11.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6804
Type:		remote
Level:		6/10
Description:		DoS and buffer overflow in IMA service (TCP/2512, TCP/2513).

Affected:		CITRIX : MetaFrame Presentation Server 3.0
		CITRIX : Metaframe Presentation Server 4.0
		CITRIX : MetaFrame XP 1.0
		CITRIX : MetaFrame XP 2.0

Original document		IDEFENSE, iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability (14.11.2006)
		IDEFENSE, [Full-disclosure] iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability (09.11.2006)
		ZDI, [Full-disclosure] ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow (09.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

VMWare ESX Server multiple security vulnerabilities
Published:		14.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6817
Type:		local
Level:		5/10
Description:		Invalid AMD fxsave/restore instructions handling. Vulnerabilities in embedded packages.

Affected:		VMWARE : VMware ESX Server 2.0
		VMWARE : VMware ESX Server 2.1
		VMWARE : VMware ESX Server 2.5
		VMWARE : VMware ESX Server 3.0

Original document		VMWARE, VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (14.11.2006)
		VMWARE, VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (14.11.2006)
		VMWARE, VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (14.11.2006)
		VMWARE, VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue (14.11.2006)
		VMWARE, VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (14.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.11.2006
Source:
SecurityVulns ID:		6818
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		SHOPSYSTEMS : ShopSystems 4.0
		NUSCHOOL : NuSchool 1.0
		PHPMANTA : phpManta - Mdoc 1.0
		ASPIRED2POLL : AspPired2 Poll 1.0
		PHPDEBUG : Phpdebug 1.1
		MUNCHPRO : Munch Pro 1.0
		NETQUERY : Netquery 4.0
		PHPWCMS : phpwcms 1.2
		EXOSCRIPTS : ExoPHPDesk 1.2
		AMPACHE : ampache 3.3
		ELOG : ELOG 2.6
		PHPKIT : PHPKIT 1.6
		CPANEL : CPanel 10
		TOPSTORY : TOPSTORY BASIC 1.0
		USTORE : UStore 1.0
		NUCOMMUNITY : NuCommunity 1.0
		NUREMS : NuRems 1.0
		VBULLETIN : vBulletin 3.6
		PHPJOBSCHEDULER : phpjobscheduler 3.0
		ULTRASITE : UltraSite 1.0
		ASPSCRIPTER : ASP Scripter Easy Portal 1.4
		ASPSCRIPTER : ASP Scripter Live Support 1.3
		RAMACMS : Rama CMS 0.68
		PHPWIND : PHPWind 5.0
		STORYSTREAM : Storystream 4.0
		CONTENTNOW : ContentNow 1.30
		VALLHERU : Vallheru 1.0
		PHPPEANUTS 1.1 : Phppeanuts 1.1
		PROPERTYPRO : Property Pro 1.0
		ASPPORTAL : ASPPortal 4.0
		MYSTATS : MyStats 1.0
		MAMBO : shambo2 Mambo component 4.5
		UPUBLISHER : UPublisher 1.0
		DIRECTADMIN : DirectAdmin 1.28
		ONLINEEVENTREGIS : Online Event Registration 2.0
		OPENSOLUTIONS : Quick.Cart 2.0
		DOTDEB : Dotdeb PHP 5.2
		ESTATEAGENTMANAG : Estate Agent Manager 1.3
		MINIBB : MiniBB 2
CVE:		CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.)
		CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.)
		CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).)
		CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
		CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.)

Original document		Advisory_(at)_Aria-Security.net, SiteXpress SQL Injection (14.11.2006)
		Advisory_(at)_Aria-Security.net, SiteXpress SQL Injection (14.11.2006)
		Stefan Esser, [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability (14.11.2006)
		Advisory_(at)_Aria-Security.net, ASPintranet SQL Injection (14.11.2006)
		SECUNIA, [SA22842] Ampache Unauthorized Guest Access (14.11.2006)
		SECUNIA, [SA22864] Netquery "User-Agent" HTTP Header Script Insertion (14.11.2006)
		Hidayat Sagita, Phppeanuts 1.1 Remote File Include (14.11.2006)
		navairum_(at)_gmail.com, ContentNow Directory Traversal(upload.php) (14.11.2006)
		timq_(at)_hackernetwork.com, ContentNow Directory Traversal(upload.php) (14.11.2006)
		SECUNIA, [SA22812] Vallheru mail.php SQL Injection Vulnerabilities (14.11.2006)
		writ3r_(at)_gmail.com, StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities (14.11.2006)
		v1per-haCker, StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities (14.11.2006)
		philip anselmo, New Bug MiniBB Forum <= 2 Remote File Include (index.php) (14.11.2006)
		Advisory_(at)_Aria-Security.net, DirectAdmin Multiple Cross Site Scription (14.11.2006)
		ajannhwt_(at)_hotmail.com, Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability (14.11.2006)
		Advisory_(at)_Aria-Security.net, CPanel Multiple Cross Site Scription (14.11.2006)
		ajannhwt_(at)_hotmail.com, Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability (14.11.2006)
		OS2A BTO, ELOG Web Logbook Remote Denial of Service Vulnerability (14.11.2006)
		firewall1954_(at)_hotmail.com, Phpdebug 1.1.0 - Remote File Include by Firewall (14.11.2006)
		firewall1954_(at)_hotmail.com, Phpjobscheduler 3.0 - Multiple Remote File Include (14.11.2006)
		navairum_(at)_gmail.com, Aigaion Web Interface remote file inclusion (14.11.2006)
		laurent gaffié, infinicart [ multiples injection sql & xss (post) ] (14.11.2006)
		ajannhwt_(at)_hotmail.com, NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability (14.11.2006)
		ajannhwt_(at)_hotmail.com, NuRems 1.0 Remote XSS/SQL Injection Exploit (14.11.2006)
		ajannhwt_(at)_hotmail.com, UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability (14.11.2006)
		laurent gaffié, Mega Mall [ multiples injection sql & full path disclosure ] (14.11.2006)
		benjilenoob_(at)_hotmail.com, MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure] (14.11.2006)
		Aesthetico, TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability (14.11.2006)
		Aesthetico, [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue (14.11.2006)
		vannovax_(at)_gmail.com, Wordpress File Inclusion (14.11.2006)
		firewall1954_(at)_hotmail.com, Exophpdesk V1.2 - Remote File Include (14.11.2006)
		philipp.niedziela_(at)_gmx.de, PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit (14.11.2006)

Files:		phpManta - Mdoc 1.0
		AspPired2 Poll 1.0
		NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit
		NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit
		shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit
		phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit
		Script Name: Munch Pro 1.0 (switch.asp) Remote SQL Injection Exploit
		NuRems 1.0 (propertysdetails.asp) Remote SQL Injection Exploit
		VBulletin DoS Exploit
		Rama CMS <= 0.68 (Cookie: lang) Local File Include Exploit
		PHPWind <= 5.0.1 "AdminUser" blind SQL injection exploit
		CMSmelborp(user_standard.php) Remote File Inclusion Exploit
		Quick.Cart <= 2.0 Remote Code Execution Exploit
		AspPortal Password Decrypter
		Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit
Discuss:		Read or add your comments to this news (0 comments)

Digipass Go3 tokens weak encryption
Published:		14.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6819
Type:		local
Level:		3/10
Description:		Weakened implementation of 3DES is used.

Original document

fcollyer_(at)_gmail.com, Digipass Go3 Token Dumper (at least for 2006) (14.11.2006)

Files:		Digipass Go3 Token Dumper
Discuss:		Read or add your comments to this news (0 comments)

D-Link wireless drivers buffer overflow
Published:		14.11.2006
Source:		METASPLOIT
SecurityVulns ID:		6821
Type:		remote
Level:		7/10
Description:		Buffer overflow on oversized 802.11 beacon frame Rates parameter.

Affected:

DLINK : D-Link DWL-G132

Files:		D-Link DWL-G132 Wireless Driver Beacon Rates Overflow
Discuss:		Read or add your comments to this news (0 comments)

Novell BorderManager ISAKMP weak cryptography
Published:		14.11.2006
Source:		SECUNIA
SecurityVulns ID:		6822
Type:		m-i-t-m
Level:		5/10
Description:		Predictable cookie generation allows DoS and replay attacks.

Affected:

NOVEL : BorderManager 3.8

Original document

SECUNIA, [SA22699] Novell BorderManager ISAKMP Predictable Cookie Security Issue (14.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

GraphicsMagick buffer overflow
Published:		14.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6820
Type:		library
Level:		5/10
Description:		Buffer overflows on parsing PALM and DCM formats.

Original document

GENTOO, [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows (14.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple PowerDNS vulnerabilities
Published:		14.11.2006
Source:		SECUNIA
SecurityVulns ID:		6823
Type:		remote
Level:		6/10
Description:		Buffer overflow and DoS.

Affected:

POWERDNS : PowerDNS 3.1

Original document

SECUNIA, [SA22824] PowerDNS Recursor Two Vulnerabilities (14.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

3Com SuperStack 3 switch SNMP information leak
Published:		14.11.2006
Source:		SECUNIA
SecurityVulns ID:		6824
Type:		remote
Level:		5/10
Description:		It's possible to get SNMP community string with management packets.

Affected:

3COM : SuperStack 3 4400

Original document

SECUNIA, [SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure (14.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Windows Client Service for Netware multiple vulnerabilities updated since 14.11.2006
Published:		16.11.2006
Source:		MICROSOFT
SecurityVulns ID:		6825
Type:		remote
Level:		5/10
Description:		Memory corruption, DoS.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		MCAFEE, [Full-disclosure] Vulnerabilities in Client Service for NetWare (16.11.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) (14.11.2006)

Files:		Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Windows Workstation service buffer overflow updated since 14.11.2006
Published:		20.11.2006
Source:		MICROSOFT
SecurityVulns ID:		6827
Type:		remote
Level:		7/10
Description:		Buffer overflow in RPC based service.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP

Original document		EEYE, [Full-disclosure] EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow (14.11.2006)
		MICROSOF, Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) (14.11.2006)

Files:		MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit
		Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit
		Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Agent memory corruption updated since 14.11.2006
Published:		30.01.2007
Source:		MICROSOFT
SecurityVulns ID:		6826
Type:		client
Level:		7/10
Description:		Memory corruption on parsing .ACF files.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server
		MICROSOFT : Microsoft XML Core Services 6.0
		MICROSOFT : Microsoft XML Core Services 4.0
CVE:		CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.)

Original document		Coseinc, COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched) (30.01.2007)
		MICROSOFT, Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) (14.11.2006)

Files:		Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
Discuss:		Read or add your comments to this news (0 comments)