Search:Vulnerability:17.01.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Content filtering bypass for SMTP/HTTP in multiple products
updated since 09.03.2002
Published: 17.01.2005
Source: 3APA3A
SecurityVulns ID: 1845
Type: remote
Level: 6/10
Description: By using unusuall representation for filename, boundaries, etc it's possible to bypass content filtering software.

Affected: RIPMIME : ripMIME 1.2
SYMANTEC : Norton Anti-Virus 2002
KASPERSKY : Kaspersky Antivirus 4.0
ZONELABS : ZoneAlarm 3.0
MIMETOOLS : MIME::Tools
INTERSCAN : VirusWall 3.6

Original document SECUNIA, [SA13869] SafeHTML Hexadecimal HTML Entities Security Bypass (17.01.2005)

advisories, [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue (13.09.2004)

advisories, [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field whitespace issue (13.09.2004)

document advisories, [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME separator issue (13.09.2004)

advisories, [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue (13.09.2004)

advisories, [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue (13.09.2004)

document advisories, [Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field multiple occurrence issue (13.09.2004)

Vincent Royer, Bypassing TrendMicro InterScan VirusWall (12.09.2002)

Aviram Jenik, Bypassing SMTP Content Protection with a Flick of a Button (12.09.2002)

document David F. Skoll, MIME::Tools Perl module and virus scanners (04.06.2002)

eDvice Security Services, Various Vulnerabilities in ZoneAlarm MailSafe (03.04.2002)

3APA3A, One more way to bypass NAV (25.03.2002)

Boris Wesslowski, VirusWall HTTP proxy content scanning circumvention (12.03.2002)

document eDvice Security Services, Various Vulnerabilities in Norton Anti-Virus 2002 (09.03.2002)

Paul L Daniels, Outlook \r expliots - ripMIME fix. (09.03.2002)

SYMANTEC, Re: Edvice Security Services <support@edvicesecurity.com, 000701c1c5fb$c168f970$5a01010a@mic2000 (09.03.2002)

document 3APA3A, SECURITY.NNOV: Bypassing content filtering software (09.03.2002)

Files: Bypassing content filtering software
Discuss: Read or add your comments to this news (0 comments)

BlackBerry Enterprise Server Mobile Data Service WML (Wireless Markup Language) DoS
Published: 17.01.2005
Source: SECUNIA
SecurityVulns ID: 4369
Type: remote
Level: 5/10
Description: Invalid WML (Wireless Markup Language) request causes Mobile Data Service to utilize 100% CPU.

Affected: BLACKBERRY : BlackBerry Enterprise Server for Domino 2.2
BLACKBERRY : BlackBerry Enterprise Server for Domino 4.0
BLACKBERRY : BlackBerry Enterprise Server for Microsoft Exchange 3.6
BLACKBERRY : BlackBerry Enterprise Server for Microsoft Exchange 4.0

Original document SECUNIA, [SA13861] BlackBerry Enterprise Server Mobile Data Service Denial of Service (17.01.2005)

Discuss: Read or add your comments to this news (0 comments)

Multiple VMware ESX Server problems
Published: 17.01.2005
Source: BUGTRAQ
SecurityVulns ID: 4370
Type: remote
Level: 6/10
Description: Web interface format string bugs and protection bypass, kernel memory access.

Affected: VMWARE : VMware ESX Server 2.0
VMWARE : VMware ESX Server 2.1
VMWARE : VMware ESX Server 1.5

Original document SECUNIA, [SA13871] VMware ESX Server Three Vulnerabilities (17.01.2005)

Discuss: Read or add your comments to this news (0 comments)

PHP/ASP/CGI web applications security flaws
updated since 10.01.2005
Published: 17.01.2005
Source:
SecurityVulns ID: 4344
Type: remote
Level: 5/10

Affected: ZEROBOARD : Zeroboard 4.1
VBULLETIN : vBulletin 3.0
INVISION : Invision Power Board 2.0
ILOHAMAIL : IlohaMail 0.8
AMPHORA : Amphora Gate StandAlone
VHCS : Virtual Hosting Control System 2.2
GREYMATTER : Greymatter 1.3
WBB : Woltlab Burning Board Lite 1.0
ALABANZA : AlaCart 2.18
PHPADSNEW : phpAdsNew 2.0
PHPNUKE : SGallery 1.01
BITSHIFTERS : BiTBOARD 2.5
EMOTION : MediaPartner 5.0
EMOTION : MediaPartner 5.1
BOTTOMLINE : Webseries Payment Application
WBB : Burning Book Lite 1.1
FORUMKIT : forumKIT 1.0
HORDE : Horde 3.0
MPM : MPM Guestbook Pro 1.05
SITEMAN : Siteman 1.1
SPARKLEBLOG : SparkleBlog 2.1
EXBB : ExBB 1.9
PHPGIFTREQ : phpGiftReq 1.4
MINIS : Minis 0.2
ITASTUDIO : ITA Forum 1.49

Original document SECURITEAM, [EXPL] ITA Forum SQL Injection (17.01.2005)

Madelman, [Full-Disclosure] Minis directory traversal vulnerability (17.01.2005)

Madelman, [Full-Disclosure] phpGiftReq SQL Injection (17.01.2005)

pigrelax, XSS in the nested BB tag in many forum (16.01.2005)

document bugtracklist.fm, Various Vulnerabilities in SparkleBlog (16.01.2005)

Pedram hayati, XSS Vulnerability in Siteman v1.1.9 (15.01.2005)

SECUNIA, [SA13849] MPM Guestbook Pro "header" File Inclusion Vulnerability (14.01.2005)

Hyperdose Security, Cross Site Scripting holes found in Horde 3.0 (14.01.2005)

document SSR Team, STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities (14.01.2005)

tom cruise, XSS Vulnerability in ForumKIT (14.01.2005)

SECUNIA, [SA13794] Dokeos Course Script Insertion Vulnerability (13.01.2005)

wang_(at)_readyresponse.org, IlohaMail Insecure Configuration Files (13.01.2005)

document Martin Heistermann, Woltlab Burning Book addentry.php SQL Injection (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-010 (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-008 (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-009 (13.01.2005)

document Paul J Docherty, Portcullis Security Advisory 05-007 (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-006 (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-005 (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-004 (13.01.2005)

document Paul J Docherty, Portcullis Security Advisory 05-003 (13.01.2005)

Paul J Docherty, Portcullis Security Advisory 05-001 (13.01.2005)

Martin Heistermann, Security Advisory: BiTBOARD xss (13.01.2005)

Janek Vind, [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke (13.01.2005)

document roman_(at)_mosk.ru, SQL-инъекция в phpAdsNew (13.01.2005)

SECUNIA, [SA13769] Zeroboard "dir" File Inclusion Vulnerability (11.01.2005)

durito, уязвимость в AlaCart Version 2.18 (11.01.2005)

darkhawk matrix, SQL Injection Vulnerability in Invision Community Blog (11.01.2005)

document Martin Heistermann, Security Advisory: Woltlab Burning Board Lite formmail.php XSS (11.01.2005)

Kernelpanik Labs - Security Lists, [Full-Disclosure] Kernelpanik Labs Digest 2005-1 (10.01.2005)

Discuss: Read or add your comments to this news (2 comments)

Novell GroupWise WebAccess multiple bugs
updated since 17.01.2005
Published: 19.07.2005
Source: FULL-DISCLOSURE
SecurityVulns ID: 4371
Type: remote
Level: 6/10
Description: Crossite scripting, unauthorized access.

Affected: NOVELL : GroupWise 6.5 Webaccess

Original document Francisco Amato, [Full-disclosure] [ISR] - Novell Groupwise WebAccess Cross-Site Scripting (19.07.2005)

NOVELL, [Full-Disclosure] NOVL-2005-10096251 GroupWise WebAccess error handling modules (report) (23.01.2005)

Marc Ruef, [Full-Disclosure] Novell GroupWise WebAccess error modules loading (17.01.2005)

Discuss: Read or add your comments to this news (0 comments)