kdegraphics KDE graphics library DoS
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6924
Type:		library
Level:		5/10
Description:		Malformed EXIF section of JPEG file causes infinite recursion with stack overflow (stack memory consumption).

Affected:

KDE : KDE 3.5

Original document

MANDRIVA, [ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

OpenLDAP slapd LDAP server buffer overflow
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6925
Type:		remote
Level:		6/10
Description:		Buffer overflow on Kerberos v4 authentication.

Affected:

OPENLDAP : OpenLDAP 2.4

Original document

Solar Eclipse, OpenLDAP kbind authentication buffer overflow (14.12.2006)

Files:		OpenLDAP kbind remote exploit
Discuss:		Read or add your comments to this news (0 comments)

Quicktime crossite scripting
Published:		14.12.2006
Source:		MAXIMIZEDESIGNS
SecurityVulns ID:		6927
Type:		client
Level:		6/10
Description:		XML file with .MOV extension allows to execute script in local zone with qtnext parameter of EMBED tag with embedded short movie.

Affected:

APPLE : QuickTime 7.1

Original document

Maximize Designs, Unpatchable Quicktime XSS (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Symantec Veritas NetBackup security vulnerabilities
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6929
Type:		remote
Level:		7/10
Description:		CONNECT_OPTIONS and oversized requests to bpcd.exe buffer overflows.

Affected:		SYMANTEC : Veritas NetBackup 5.1
		SYMANTEC : Veritas NetBackup 5.0
		SYMANTEC : Veritas NetBackup 6.0

Original document		ZDI, ZDI-06-049: Symantec Veritas NetBackup Long Request Buffer Overflow Vulnerability (14.12.2006)
		ZDI, ZDI-06-050: Symantec Veritas NetBackup CONNECT_OPTIONS Buffer Overflow Vulnerability (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

GNOME gdmchooser format string vulnerability
Published:		14.12.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6934
Type:		local
Level:		6/10
Description:		Format string vulnerability in remote hostname.

Affected:

GNUME : gdm 2.14

Original document

IDEFENSE, [Full-disclosure] iDefense Security Advisory 12.14.06: GNOME Foundation Display Manager gdmchooser Format String Vulnerability (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

CA Anti-Virus multiple DoS conditions
Published:		14.12.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6935
Type:		local
Level:		5/10
Description:		Multiple NULL pointer dereferences.

Affected:		CA : CA Anti-Virus 2007 8.1
		CA : CA Internet Security Suite 2007 3.0

Original document

CA, [Full-disclosure] [CAID 34870]: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local Denial of Service Vulnerabilities (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Sun Solaris vulnerabilities
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6926
Type:		local
Level:		6/10
Description:		Buffer overflow in ld.so doprf(), directory traversal on parsing different environment variables in ld.so.

Affected:

SUN : Solaris 10

Original document		IDEFENSE, iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so 'doprf()' Buffer Overflow Vulnerability (14.12.2006)
		IDEFENSE, iDefense Security Advisory 12.12.06: Sun Microsystems Solaris ld.so Directory Traversal Vulnerability (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

IBM DB2 database server DoS
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6928
Type:		remote
Level:		5/10
Description:		NULL pointer dereference on malformed SQLJRA packet.

Affected:		IBM : DB2 8.1
		IBM : DB2 8.2

Original document

SHATTER, IBM DB2 Remote DoS during CONNECT processing (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.12.2006
Source:
SecurityVulns ID:		6931
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		RADINKS : Rad Upload 3.02
		GENESIS : GenesisTrader 1.0

Original document		Hackers Center Security Group, shopsite advisory (14.12.2006)
		Mr_KaLiMaN, GenesisTrader v1.0 - Multiple Vulnerabilities (14.12.2006)
		HACKERS PAL, BLOG:CMS Remote file include Vulnerability (14.12.2006)
		rko.thelegendkiller_(at)_gmail.com, Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

enemies-of-carlotta mailing list processor shell characters
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6933
Type:		remote
Level:		5/10
Description:		Shell characters problem on e-mail address parsing.

Affected:

ENEMIESOFCARLOTT : enemies-of-carlotta 1.3

Original document

DEBIAN, [SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

SiteKiosk security protection bypass
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6930
Type:		local
Level:		5/10
Description:		It's possible to access disk content with broser path ABOUT:hello<a href=\>click here</a>.

Affected:

SITEKIOSK : SiteKiosk 6.5

Original document

Brett Moore, [SBDA] SiteKiosk - FileSystem Access (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple HyperAccess telnet / ssh terminal security vulnerabilities
Published:		14.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6932
Type:		client
Level:		6/10
Description:		Code execution with .HAW files and telnet: protocol handler.

Affected:

HILGRAEVE : HyperAccess 8.4

Original document

Brett Moore, HyperAccess - Multiple Vulnerabilities (14.12.2006)

Discuss:

Read or add your comments to this news (0 comments)