Computer Security

Search:Vulnerability:14.11.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



GraphicsMagick buffer overflow
Published:14.11.2006
Source:BUGTRAQ
SecurityVulns ID:6820
Type:library
Level:5/10
Description:Buffer overflows on parsing PALM and DCM formats.
Original documentdocumentGENTOO, [ GLSA 200611-07 ] GraphicsMagick: PALM and DCM buffer overflows (14.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Multiple PowerDNS vulnerabilities
Published:14.11.2006
Source:SECUNIA
SecurityVulns ID:6823
Type:remote
Level:6/10
Description:Buffer overflow and DoS.
Affected:POWERDNS : PowerDNS 3.1
Original documentdocumentSECUNIA, [SA22824] PowerDNS Recursor Two Vulnerabilities (14.11.2006)
Discuss:Read or add your comments to this news (0 comments)

3Com SuperStack 3 switch SNMP information leak
Published:14.11.2006
Source:SECUNIA
SecurityVulns ID:6824
Type:remote
Level:5/10
Description:It's possible to get SNMP community string with management packets.
Affected:3COM : SuperStack 3 4400
Original documentdocumentSECUNIA, [SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure (14.11.2006)
Discuss:Read or add your comments to this news (0 comments)

VMWare ESX Server multiple security vulnerabilities
Published:14.11.2006
Source:BUGTRAQ
SecurityVulns ID:6817
Type:local
Level:5/10
Description:Invalid AMD fxsave/restore instructions handling. Vulnerabilities in embedded packages.
Affected:VMWARE : VMware ESX Server 2.0
 VMWARE : VMware ESX Server 2.1
 VMWARE : VMware ESX Server 2.5
 VMWARE : VMware ESX Server 3.0
Original documentdocumentVMWARE, VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4 (14.11.2006)
 documentVMWARE, VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2 (14.11.2006)
 documentVMWARE, VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2 (14.11.2006)
 documentVMWARE, VMSA-2006-0009 - VMware ESX Server 3.0.0 AMD fxsave/restore issue (14.11.2006)
 documentVMWARE, VMSA-2006-0005 - VMware ESX Server 2.5.4 Upgrade Patch 1 (14.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:14.11.2006
Source:
SecurityVulns ID:6818
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPKIT : PHPKIT 1.6
 PHPWCMS : phpwcms 1.2
 EXOSCRIPTS : ExoPHPDesk 1.2
 AMPACHE : ampache 3.3
 ELOG : ELOG 2.6
 CPANEL : CPanel 10
 SHOPSYSTEMS : ShopSystems 4.0
 TOPSTORY : TOPSTORY BASIC 1.0
 MYSTATS : MyStats 1.0
 PHPMANTA : phpManta - Mdoc 1.0
 ASPIRED2POLL : AspPired2 Poll 1.0
 USTORE : UStore 1.0
 NUCOMMUNITY : NuCommunity 1.0
 NUREMS : NuRems 1.0
 NUSCHOOL : NuSchool 1.0
 MAMBO : shambo2 Mambo component 4.5
 VBULLETIN : vBulletin 3.6
 PHPJOBSCHEDULER : phpjobscheduler 3.0
 PHPDEBUG : Phpdebug 1.1
 ULTRASITE : UltraSite 1.0
 ASPSCRIPTER : ASP Scripter Easy Portal 1.4
 ASPSCRIPTER : ASP Scripter Live Support 1.3
 PROPERTYPRO : Property Pro 1.0
 ASPPORTAL : ASPPortal 4.0
 UPUBLISHER : UPublisher 1.0
 ESTATEAGENTMANAG : Estate Agent Manager 1.3
 DIRECTADMIN : DirectAdmin 1.28
 MINIBB : MiniBB 2
 ONLINEEVENTREGIS : Online Event Registration 2.0
 RAMACMS : Rama CMS 0.68
 PHPWIND : PHPWind 5.0
 MUNCHPRO : Munch Pro 1.0
 STORYSTREAM : Storystream 4.0
 CONTENTNOW : ContentNow 1.30
 VALLHERU : Vallheru 1.0
 OPENSOLUTIONS : Quick.Cart 2.0
 PHPPEANUTS 1.1 : Phppeanuts 1.1
 NETQUERY : Netquery 4.0
 DOTDEB : Dotdeb PHP 5.2
CVE:CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the subid parameter.)
 CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.)
 CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).)
 CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via crafted arguments to the (1) text_evento and (2) email_eventonome_evento parameters to phpwcms_code_snippets/mail_file_form.php and sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.)
Original documentdocumentAdvisory_(at)_Aria-Security.net, SiteXpress SQL Injection (14.11.2006)
 documentAdvisory_(at)_Aria-Security.net, SiteXpress SQL Injection (14.11.2006)
 documentStefan Esser, [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability (14.11.2006)
 documentAdvisory_(at)_Aria-Security.net, ASPintranet SQL Injection (14.11.2006)
 documentSECUNIA, [SA22842] Ampache Unauthorized Guest Access (14.11.2006)
 documentSECUNIA, [SA22864] Netquery "User-Agent" HTTP Header Script Insertion (14.11.2006)
 documentHidayat Sagita, Phppeanuts 1.1 Remote File Include (14.11.2006)
 documentnavairum_(at)_gmail.com, ContentNow Directory Traversal(upload.php) (14.11.2006)
 documenttimq_(at)_hackernetwork.com, ContentNow Directory Traversal(upload.php) (14.11.2006)
 documentSECUNIA, [SA22812] Vallheru mail.php SQL Injection Vulnerabilities (14.11.2006)
 documentwrit3r_(at)_gmail.com, StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities (14.11.2006)
 documentv1per-haCker, StoryStream 4.0 (baseDir) Remote File Include Vulnerabilities (14.11.2006)
 documentphilip anselmo, New Bug MiniBB Forum <= 2 Remote File Include (index.php) (14.11.2006)
 documentAdvisory_(at)_Aria-Security.net, DirectAdmin Multiple Cross Site Scription (14.11.2006)
 documentajannhwt_(at)_hotmail.com, Estate Agent Manager <= v1.3 (default.asp) Remote Login ByPass SQL Injection Vulnerability (14.11.2006)
 documentajannhwt_(at)_hotmail.com, UPublisher 1.0 (viewarticle.asp) Remote SQL Injection Vulnerability (14.11.2006)
 documentajannhwt_(at)_hotmail.com, Property Pro v1.0 (vir_Login.asp) Remote Login ByPass SQL Injection Vulnerability (14.11.2006)
 documentAdvisory_(at)_Aria-Security.net, CPanel Multiple Cross Site Scription (14.11.2006)
 documentajannhwt_(at)_hotmail.com, Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability (14.11.2006)
 documentajannhwt_(at)_hotmail.com, Asp Scripter Products (cpLogin.asp) Remote SQL ByPass Injection Vulnerability (14.11.2006)
 documentajannhwt_(at)_hotmail.com, UltraSite 1.0 (update.asp) Remote SQL Injection Vulnerability (14.11.2006)
 documentOS2A BTO, ELOG Web Logbook Remote Denial of Service Vulnerability (14.11.2006)
 documentfirewall1954_(at)_hotmail.com, Phpdebug 1.1.0 - Remote File Include by Firewall (14.11.2006)
 documentfirewall1954_(at)_hotmail.com, Phpjobscheduler 3.0 - Multiple Remote File Include (14.11.2006)
 documentnavairum_(at)_gmail.com, Aigaion Web Interface remote file inclusion (14.11.2006)
 documentlaurent gaffié, infinicart [ multiples injection sql & xss (post) ] (14.11.2006)
 documentajannhwt_(at)_hotmail.com, NuStore 1.0 (Products.asp) Remote SQL Injection Vulnerability (14.11.2006)
 documentajannhwt_(at)_hotmail.com, NuRems 1.0 Remote XSS/SQL Injection Exploit (14.11.2006)
 documentajannhwt_(at)_hotmail.com, UStore 1.0 (detail.asp) Remote SQL Injection Vulnerability (14.11.2006)
 documentlaurent gaffié, Mega Mall [ multiples injection sql & full path disclosure ] (14.11.2006)
 documentbenjilenoob_(at)_hotmail.com, MyStats <=1.0.8 [injection sql, multiples xss, array & full path disclosure] (14.11.2006)
 documentAesthetico, TOPSTORY BASIC Version 1.0 => Remote File Include Vulnerability (14.11.2006)
 documentAesthetico, [MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue (14.11.2006)
 documentvannovax_(at)_gmail.com, Wordpress File Inclusion (14.11.2006)
 documentfirewall1954_(at)_hotmail.com, Exophpdesk V1.2 - Remote File Include (14.11.2006)
 documentphilipp.niedziela_(at)_gmx.de, PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploit (14.11.2006)
Files:phpManta - Mdoc 1.0
 AspPired2 Poll 1.0
 NuCommunity 1.0 (cl_CatListing.asp) Remote SQL Injection Exploit
 NuSchool 1.0 (CampusNewsDetails.asp) Remote SQL Injection Exploit
 shambo2 Component For Mambo 4.5 Remote File Inclusion Exploit
 phpwcms <= 1.2.6 (Cookie: wcs_user_lang) Local File Include Exploit
 Script Name: Munch Pro 1.0 (switch.asp) Remote SQL Injection Exploit
 NuRems 1.0 (propertysdetails.asp) Remote SQL Injection Exploit
 VBulletin DoS Exploit
 Rama CMS <= 0.68 (Cookie: lang) Local File Include Exploit
 PHPWind <= 5.0.1 "AdminUser" blind SQL injection exploit
 CMSmelborp(user_standard.php) Remote File Inclusion Exploit
 Quick.Cart <= 2.0 Remote Code Execution Exploit
 AspPortal Password Decrypter
 Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit
Discuss:Read or add your comments to this news (0 comments)

Digipass Go3 tokens weak encryption
Published:14.11.2006
Source:BUGTRAQ
SecurityVulns ID:6819
Type:local
Level:3/10
Description:Weakened implementation of 3DES is used.
Original documentdocumentfcollyer_(at)_gmail.com, Digipass Go3 Token Dumper (at least for 2006) (14.11.2006)
Files:Digipass Go3 Token Dumper
Discuss:Read or add your comments to this news (0 comments)

D-Link wireless drivers buffer overflow
Published:14.11.2006
Source:METASPLOIT
SecurityVulns ID:6821
Type:remote
Level:7/10
Description:Buffer overflow on oversized 802.11 beacon frame Rates parameter.
Affected:DLINK : D-Link DWL-G132
Files:D-Link DWL-G132 Wireless Driver Beacon Rates Overflow
Discuss:Read or add your comments to this news (0 comments)

Novell BorderManager ISAKMP weak cryptography
Published:14.11.2006
Source:SECUNIA
SecurityVulns ID:6822
Type:m-i-t-m
Level:5/10
Description:Predictable cookie generation allows DoS and replay attacks.
Affected:NOVEL : BorderManager 3.8
Original documentdocumentSECUNIA, [SA22699] Novell BorderManager ISAKMP Predictable Cookie Security Issue (14.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Citrix Metaframe multiple security vulnerabilities
updated since 09.11.2006
Published:14.11.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6804
Type:remote
Level:6/10
Description:DoS and buffer overflow in IMA service (TCP/2512, TCP/2513).
Affected:CITRIX : MetaFrame Presentation Server 3.0
 CITRIX : Metaframe Presentation Server 4.0
 CITRIX : MetaFrame XP 1.0
 CITRIX : MetaFrame XP 2.0
Original documentdocumentIDEFENSE, iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability (14.11.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 11.09.06: Citrix Presentation Server 4.0 IMA Service Invalid Name Length DoS Vulnerability (09.11.2006)
 documentZDI, [Full-disclosure] ZDI-06-038: Citrix MetaFrame IMA Management Module Remote Heap Overflow (09.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows XMLHTTP ActiveX code execution
updated since 05.11.2006
Published:14.11.2006
Source:MICROSOFT
SecurityVulns ID:6784
Type:client
Level:9/10
Description:ActiveX vulenrability is used for silent malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) (14.11.2006)
 documentMICROSOFT, Microsoft Security Advisory (927892) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (05.11.2006)
Files:MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
 MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
 Microsoft Security Bulletin MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
 Microsoft Security Advisory (927892) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Discuss:Read or add your comments to this news (0 comments)

Macromedia Flash Player buffer overflow
updated since 13.09.2006
Published:14.11.2006
Source:BUGTRAQ
SecurityVulns ID:6608
Type:client
Level:8/10
Description:Buffer overflow on .swf files playing. Vulnerability can be used for hidden malware installation through browser.
Affected:MICROSOFT : Windows XP
 ADOBE : Flash MX 2004
 ADOBE : Flash Player 8.0
 ADOBE : Flex 1.5
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) (14.11.2006)
 documentirc_(at)_computerterrorism.com, Computer Terrorism (UK) :: Incident Response Centre - Adobe/Macromedia Flash Player Vulnerability (13.09.2006)
Files:Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
Discuss:Read or add your comments to this news (2 comments)

Microsoft Windows Client Service for Netware multiple vulnerabilities
updated since 14.11.2006
Published:16.11.2006
Source:MICROSOFT
SecurityVulns ID:6825
Type:remote
Level:5/10
Description:Memory corruption, DoS.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMCAFEE, [Full-disclosure] Vulnerabilities in Client Service for NetWare (16.11.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) (14.11.2006)
Files: Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows Workstation service buffer overflow
updated since 14.11.2006
Published:20.11.2006
Source:MICROSOFT
SecurityVulns ID:6827
Type:remote
Level:7/10
Description:Buffer overflow in RPC based service.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
Original documentdocumentEEYE, [Full-disclosure] EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow (14.11.2006)
 documentMICROSOF, Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) (14.11.2006)
Files:Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit
 MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit
 Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Agent memory corruption
updated since 14.11.2006
Published:30.01.2007
Source:MICROSOFT
SecurityVulns ID:6826
Type:client
Level:7/10
Description:Memory corruption on parsing .ACF files.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Microsoft XML Core Services 6.0
 MICROSOFT : Microsoft XML Core Services 4.0
CVE:CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.)
Original documentdocumentCoseinc, COSEINC Alert: Microsoft Agent Heap Overflow Vulnerability Technical Details (Patched) (30.01.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213) (14.11.2006)
Files:Microsoft Security Bulletin MS06-068 Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server