Computer Security

Search:Vulnerability:15.12.2004
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft WINS server memory corruption
updated since 29.11.2004
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4224
Type:remote
Level:6/10
Description:Bug in replication protocol handling allows code execution.
Affected:MICROSOFT : Windows NT 4.0 Server
 MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS04-045 Vulnerability in WINS Could Allow Remote Code Execution (870763) (15.12.2004)
 documentSECURITEAM, [NT] WINS Replication Remote Vulnerability (29.11.2004)
Files:Microsoft Windows Internet Name Service (WINS) Remote Heap Overflow Exploit
 Microsoft Security Bulletin MS04-045 Vulnerability in WINS Could Allow Remote Code Execution (870763)
Discuss:Read or add your comments to this news (0 comments)

Microsoft WordPad buffer overflow
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4262
Type:local
Level:6/10
Description:Buffer overflow during Word 95/6.0 documents conversion.
Affected:MICROSOFT : Windows NT 4.0 Workstation
 MICROSOFT : Windows NT 4.0 Server
 MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows 98
 MICROSOFT : Windows ME
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS04-041 Vulnerability in WordPad Could Allow Code Execution (885836) (15.12.2004)
 documentIDEFENSE, iDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability (15.12.2004)
Files:Microsoft Security Bulletin MS04-041 Vulnerability in WordPad Could Allow Code Execution (885836)
Discuss:Read or add your comments to this news (0 comments)

HyperTerminal buffer overflow
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4263
Type:client
Level:5/10
Description:Buffer overflow on .ht files parsing.
Affected:MICROSOFT : Windows NT 4.0 Workstation
 MICROSOFT : Windows NT 4.0 Server
 MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentBrett Moore, HyperTerminal - Buffer Overflow In .ht File (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

xzgv integer overflow
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4255
Type:client
Level:5/10
Description:read_prf_file() integer overflow
Affected:ZGV : xzgv 0.8
Original documentdocumentIDEFENSE, iDEFENSE Security Advisory 12.13.04 - Multiple Vendor xzgv PRF Parsing Integer Overflow Vulnerability (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple WinAmp memory corruptions
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4256
Type:remote
Level:5/10
Description:Multiple memory corruptions.
Affected:NULLSOFT : WinAMP 5.07
Original documentdocumentb0f www . b0f . net, Winamp 5.07 (latest version) Remote Crash + other stupid shizle (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Symantec LiveUpdate privilege escalation
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4257
Type:local
Level:6/10
Affected:SYMANTEC : Norton Internet Security 2003
 SYMANTEC : Norton AntiVirus 2002
 SYMANTEC : Norton Internet Security 2004
 SYMANTEC : Norton AntiVirus 2003
 SYMANTEC : Norton Internet Security 2002
 SYMANTEC : Norton Antivirus 2004
 SYMANTEC : Norton SytemWorks 2001
 SYMANTEC : Norton SytemWorks 2002
 SYMANTEC : Norton SytemWorks 2003
 SYMANTEC : Norton SytemWorks 2004
 SYMANTEC : Norton AntiVirus 2001
 SYMANTEC : Norton Internet Security 2001
Original documentdocumentSecure Network Operations, Inc., Secure Network Operations SNOsoft Research Team [SRT2004-12-14-0322] Symantec LiveUpdate Advisory (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple linux kernel IGMP processing bugs
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4258
Type:remote
Level:6/10
Description:DoS, kernel memory access.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
Original documentdocumentPaul Starzetz, Linux kernel IGMP vulnerabilities (15.12.2004)
Files:Linux igmp.c local DoS
Discuss:Read or add your comments to this news (0 comments)

Linux kernel __scm_send DoS
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4259
Type:local
Level:5/10
Description:Race conditions leading to deadlock.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
Original documentdocumentPaul Starzetz, Linux kernel scm_send local DoS (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Adobe Acrobat Readed buffer overflow
Published:15.12.2004
Source:BUGTRAQ
SecurityVulns ID:4260
Type:client
Level:6/10
Description:Buffer overflow in mailListIsPdf() function.
Affected:ADOBE : Acrobat Reader 5.0
Original documentdocumentIDEFENSE, iDEFENSE Security Advisory 12.14.04 - Adobe Acrobat Reader 5.0.9 mailListIsPdf() Buffer Overflow Vulnerability (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple Microsoft Windows NT 4.0 DHCP bugs
Published:15.12.2004
Source:MICROSOFT
SecurityVulns ID:4265
Type:remote
Level:6/10
Description:DoS, buffer overflow.
Affected:MICROSOFT : Windows NT 4.0 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS04-042 Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249) (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Opera 7 multiple bugs
updated since 04.02.2003
Published:15.12.2004
Source:NTBUGTRAQ
SecurityVulns ID:2571
Type:client
Level:7/10
Description:Crossite scripting (including local zone), local files access, mail access, user activity tracking, etc. Buffer overflow. Directory traversal. Files overwriting. Local files access with Location overwriting. Multiple Java bugs.
Affected:OPERA : Opera 7
 OPERA : Opera 6.05
 OPERA : Opera 7.01
 OPERA : Opera 7.02
 OPERA : Opera 6.06
 OPERA : Opera 7.10
 OPERA : Opera 7.11
 OPERA : Opera 7.20
 OPERA : Opera 7.21
 OPERA : Opera 7.22
 OPERA : Opera 7.23
 OPERA : Opera 7.53
 OPERA : Opera 7.54
Original documentdocumentGiovanni Delvecchio, [ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclien (15.12.2004)
 documentMarc Schönefeld, Java Vulnerabilities in Opera 7.54 (22.11.2004)
 documentGreyMagic Software, Opera Local File/Directory Detection (GM#009-OP) (19.08.2004)
 documentGreyMagic Software, Opera: Location, Location, Location (06.08.2004)
 documentGreyMagic Software, Opera: Location, Location, Location (06.08.2004)
 documentJakob Balle, Re: [Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability (13.05.2004)
 documentIDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 05.12.04: Opera Telnet URI Handler File Creation/Truncation Vulnerability (13.05.2004)
 documentnesumin, [Opera 7] Arbitrary File Delete Vulnerability (24.12.2003)
 documentnesumin, [Opera 7] Arbitrary File Delete Vulnerability (15.12.2003)
 documentnesumin, [Opera 7] Arbitrary File Auto-Saved Vulnerability. (24.11.2003)
 documentJouko Pynnonen, [Full-Disclosure] Opera directory traversal and buffer overflow (22.11.2003)
 documentS G Masood, Opera Directory Traversal in Internal URI Protocol (Advisory) (13.11.2003)
 documentS G Masood, Opera Skinned & Opera Directory Traversal (Additional Details & a Simple Exploit) (13.11.2003)
 documentS G Masood, Opera Skinned : Arbitrary File Dropping And Execution (Advisory) (13.11.2003)
 documentL0PHT, Opera HREF escaped server name overflow (23.10.2003)
 documentnesumin, [Opera 7] Five DoS codes on general web sites (01.07.2003)
 documentBreakp0int, Buffer overflow (15.05.2003)
 documentJakob Balle, Secunia Research: Opera browser filename extension buffer overflows (13.05.2003)
 documentnesumin, [Opera 7] Yet Another Story of "Phantom of the Opera" (29.04.2003)
 documentnesumin, [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download. (29.04.2003)
 documentDavid F.Madrid, Unchecked Buffer in Opera 7.02 (08.04.2003)
 documentidoru_(at)_VIDEOSOFT.NET.UY, Using Java from Javascript (05.04.2003)
 documentnesumin, [Opera 7/6] Long Filename Buffer Overflow Vulnerability in Download (12.03.2003)
 documentJakob Balle, Secunia Research: Opera browser Cross Site Scripting (26.02.2003)
 documentnesumin, Opera Username Buffer Overflow Vulnerability (11.02.2003)
 documentMarc Schönefeld, Java-Applet crashes Opera 6.05 and 7.01 (11.02.2003)
 documentGreyMagic Software, Sniffing Opera's Tracks (GM#006-OP) (04.02.2003)
 documentGreyMagic Software, Opera: What's Next (GM#005-OP) (04.02.2003)
 documentGreyMagic Software, Opera Images (GM#004-OP) (04.02.2003)
 documentGreyMagic Software, Phantom of the Opera (GM#003-OP) (04.02.2003)
 documentGreyMagic Software, Opera's Security Model is Highly Vulnerable (GM#002-OP) (04.02.2003)
Files:Opera Username Buffer Overflow Exploit
 Opera Username Buffer Overflow Vulnerability (updated)
 Opera 6.06 user name buffer overflow demonstration
 This little program returns the addresses of LoadLibraryA() GetProcAddress(), and "jmp ESP" on your Windows.
 Sample exploit code of [Opera 7/6] Long Filename Buffer Overflow
 Opera java vulnerability demonstration
 Sample code of [Opera 7] Arbitrary File Auto-Saved Vulnerability
Discuss:Read or add your comments to this news (0 comments)

CGI bugs
updated since 15.12.2004
Published:18.12.2004
Source:
SecurityVulns ID:4254
Type:remote
Level:5/10
Affected:PHPGROUPWARE : phpGroupWare 0.9
 PHPBB : phpBB 1.4
 IKONBOARD : Ikonboard 3.1
 SINGAPORE : singapore 0.9
 GADUGADU : Gadu-Gadu 6.0
 WORDPRESS : WordPress 1.2
 PHPMYADMIN : phpMyAdmin 2.6
 MONIWIKI : MoniWiki 1.0
 SUGARCRM : SugarSales 2.0
 PHPBB : phpBB Attachment Mod 2.3
 ASPCALENDAR : ASP Calendar
 USEMODEWIKI : UseModWiki 1.0
 ASP-RIDER : ASP-rider
 GNUBOARD : GNUBoard 3.39
 JSBOARD : JSBoard 1.3
 JSBOARD : jsboard 2.0
 INFOPOP : UBB.Thread 6.2
 INFOPOP : UBB.Thread 6.5
 PHPDIG : PhpDig 1.8
 WINMAIL : WinMail 4.0
 PHPLIVE : PHP Live! 2.8
 IWEBNEGAR : iWebNegar 1.0
 68DESIGNS : Froogle 1.0
Original documentdocumentSECUNIA, [SA13504] 68 Designs Froogle Installation Security Issue (18.12.2004)
 documentJaroslaw Sajko, Gadu-Gadu, another two bugs (18.12.2004)
 documentSECUNIA, [SA13485] iWebNegar "string" SQL Injection Vulnerability (17.12.2004)
 documentSECUNIA, [SA13420] PHP Live! Unspecified Vulnerability (17.12.2004)
 documentSECUNIA, [SA13438] Winmail Server Installation Path Disclosure Weakness (17.12.2004)
 documentSECUNIA, [SA13422] PhpDig Unspecified Vulnerability (17.12.2004)
 documentchewkeong_(at)_security.org.sg, [SIG^2 G-TEC] singapore Image Gallery Web Application v0.9.10 Multiple Vulnerabilities (17.12.2004)
 documentgp, [Full-Disclosure] Multiple XSS Vulnerabilities in several UBB.Thread Versions (17.12.2004)
 documentThomas Waldegger, Multiple XSS Vulnerabilities in Wordpress 1.2.1 (16.12.2004)
 documentAlexander Anisimov, [MaxPatrol] SQL-injection in Ikonboard 3.1.x (16.12.2004)
 documentSSR Team, STG Security Advisory: [SSA-20041215-17] Vulnerability of uploading files with multiple extensions in JSBoard (16.12.2004)
 documentSSR Team, STG Security Advisory: [SSA-20041215-15] Vulnerability of uploading files with multiple extensions in MoniWiki (16.12.2004)
 documentshervin khaleghjou, iwebnegar is vulnerable to all kind of sql injections (16.12.2004)
 documentSSR Team, STG Security Advisory: [SSA-20041214-14] GNUBoard PHP injection vulnerability (16.12.2004)
 documentJeiAr, Multiple phpGroupWare Vulnerabilities [ phpGroupWare 0.9.16.003 && Earlier ] (15.12.2004)
 documentshervin khaleghjou, ASP-rider is vulnerable to sql injection attack (15.12.2004)
 documentSSR Team, STG Security Advisory: [SSA-20041209-13] UseModWiki XSS vulnerability (15.12.2004)
 documentali reza AcTiOnSpIdEr, ASP Calendar Vulnerability <www.ashiyane.com> (15.12.2004)
 documentPaul Laudanski, phpBB Attachment Mod Directory Traversal HTTP POST Injection (15.12.2004)
 documentNicolas Gregoire, Multiple vulnerabilities in phpMyAdmin (15.12.2004)
 documentJaroslaw Sajko, Gadu-Gadu several vulnerabilities (15.12.2004)
 documentDaniel Fabian, SugarSales Multiple Vulnerabilities (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple Linux kernel bugs
updated since 15.12.2004
Published:25.12.2004
Source:BUGTRAQ
SecurityVulns ID:4261
Type:local
Level:7/10
Description:DoS, privilege escalation, buffer overflow on 32bit calls emulation under 64bit platforms.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA13627] Linux Kernel 32bit System Call Emulation and ELF Binary Vulnerabilities (25.12.2004)
 documentUBUNTU, [USN-38-1] Linux kernel vulnerabilities (15.12.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple Microsoft Windows bugs
updated since 15.12.2004
Published:11.01.2005
Source:MICROSOFT
SecurityVulns ID:4266
Type:local
Level:8/10
Description:Kernel buffer overflow LSASS privilege escalation.
Affected:MICROSOFT : Windows NT 4.0 Workstation
 MICROSOFT : Windows NT 4.0 Server
 MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentVivek Rathod (Application Security, Inc.), [Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows Improper Token Validation (11.01.2005)
 documentVivek Rathod (Application Security, Inc.), [Full-Disclosure] [AppSecInc Team SHATTER Security Advisory] Microsoft Windows LPC heap overflow (11.01.2005)
 documentMICROSOFT, Microsoft Security Bulletin MS04-044 Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835) (15.12.2004)
Files:Windows Improper Token Validation -Exploit-
 Microsoft Security Bulletin MS04-044 Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Internet Explorer DHTML Edit and Help ActiveX crossite scripting
updated since 15.12.2004
Published:09.02.2005
Source:BUGTRAQ
SecurityVulns ID:4264
Type:client
Level:9/10
Description:DHTML ActiveX and Help allows code injection into context of different server. By combining this vulnerability it's psosible to execute code in local machine zone. This vulnerability can potentially be used for silent spyware/adware installation.
Affected:MICROSOFT : Internet Explorer 6.0
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) (08.02.2005)
 documentValentin Avram, IE HHCTRL exploit still usable even after patch (18.01.2005)
 documentCERT, US-CERT Technical Cyber Security Alert TA05-012B -- Microsoft Windows HTML Help ActiveX Contol Cross-Domain Vulnerability (13.01.2005)
 documentMICROSOFT, Alert: Microsoft Security Bulletin MS05-001 - Vulnerability in HTML Help Could Allow Code Execution (890175) (13.01.2005)
 documentShredderSub7 SecExper, [Full-Disclosure] Remote code execution with parameters without user interaction, even with XP SP2 (04.01.2005)
 documentPaul, Microsoft Internet Explorer SP2 Fully Automated Remote Compromise (27.12.2004)
 documentPaul, Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated) (21.12.2004)
 documentPaul, MSIE DHTML Edit Control Cross Site Scripting Vulnerability (15.12.2004)
Files:Microsoft Security Bulletin MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175)
 Microsoft Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server