Microsoft Windows Color Management module buffer overflow updated since 13.07.2005
Published:		17.07.2005
Source:		MICROSOFT
SecurityVulns ID:		4989
Type:		client
Level:		9/10
Description:		Buffer overflow during ICC tags processing in different graphics formats, including JPEG.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		edward11_(at)_postmaster.co.uk, Internet Explorer / MSN ICC Profiles Crash PoC Exploit (17.07.2005)
		X-FORCE, ISS Protection Brief: Microsoft ICM Image Compromise (13.07.2005)
		MICROSOFT, Microsoft Security Bulletin MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214) (12.07.2005)

Files:		MS05-036 ICC Stack Overflow Exploit
		Windows XP ICC Exploit
		Microsoft Security Bulletin MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
Discuss:		Read or add your comments to this news (0 comments)

Sun Solaris LD_AUDIT privilege escalation updated since 28.06.2005
Published:		17.07.2005
Source:		FULL-DISCLOSURE
SecurityVulns ID:		4937
Type:		local
Level:		9/10
Description:		LD_AUDIT environment variable allows to attch external dynamic library compiled with ld.so library. In addition, there is buffer overflow while parsing this variable.

Affected:		ORACLE : Solaris 9
		ORACLE : Solaris 10
		AVAYA : AVAYA CMS 13
		AVAYA : Avaya IR 1.0

Original document		petefran_(at)_gmail.com, Solaris Runtime Linker - Exploit Detection (17.07.2005)
		Przemyslaw Frasunek, Re: [Full-disclosure] Solaris 9/10 ld.so fun (28.06.2005)
		Przemyslaw Frasunek, [Full-disclosure] Solaris 9/10 ld.so fun (28.06.2005)

Files:		Solaris ld.so PoC (AMD64)
		Solaris ld.so PoC (SPARC)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Outlook special DOS device names DoS
Published:		17.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		5011
Type:		client
Level:		5/10
Description:		Microsoft Outlooks gangs on the messages with attachment with special device name.

Affected:

MICROSOFT : Outlook 2003

Original document

kingcope_(at)_gmx.net, [Full-disclosure] hehelol (17.07.2005)

Files:		Microsoft Outlook special device name DoS
Discuss:		Read or add your comments to this news (0 comments)

Multiple PowerDNS bugs
Published:		17.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		5012
Type:		remote
Level:		5/10
Description:		LDAP questions are not properly escaped, leading to deadlock with LDAP server. Race conditions then clients with recursion allowed are unable to perform recursive query after query from the client with recursion denied.

Affected:

POWERDNS : PowerDNS 2.9

Original document

bert.hubert_(at)_netherlabs.nl, PowerDNS 2.9.18 fixes two security issues affecting users of LDAP backend or limited recursion (17.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities updated since 11.07.2005
Published:		17.07.2005
Source:
SecurityVulns ID:		4978
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		INVISION : Invision Power Board 2.0
		INVISION : Invision Power Board 1.3
		HOSTINGCONTROLLE : Hosting Controller 6.1
		BLOGTORRENT : BlogTorrent 0.92
		REINSVEIEN : DownloadProtect 1.0
		IDBOARD : Id Board Free 1.1
		SPID : SPiD 1.3
		PPA : PPA 0.5
		SQUITO : Squito Gallery 1.3
		MOODLE : Moodle 1.5
		INCREDIBLEINTERA : DragonFly Shopping Cart
		PHPYAWP : Yawp 1.0
		IPHOTOALBUM : iPhotoAlbum 1.1
		SIDV : SiDv 3.0
		ETOMITE : Etomite 0.6
		PCDOC24 : WPS Web-Portal-System 0.7
		EKSTREME : PHP Counter 7.2
		PHPSFTPD : PHPsFTPd 0.4
		YABBSE : YabbSE 1.5
		SIMPLEMESSAGEBOA : Simple Message Board 2.0
		WEBEOC : WebEOC 6.0
		SEAGULL : Seagull PHP Framework 0.43
		CLASS1 : Class-1 0.24
		MOOSEGALLERY : MooseGallery 1.02
		PHPCOUNTER : PHPCounter 7.2
		PHPAUCTION : Phpauction GPL 2.0
		EMILDA : Emilda 1.2
		USANET : USANet Shopping Mall
		USANET : Standard Classified Ads
		USANET : MakeBid Standard Auction
		USANET : MakeBid Reverse Auction
		USANET : MakeBid Deluxe Auction
		USANET : Domain Name Auction

Original document		Zinho, [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch (17.07.2005)
		durito, просмотр файлов в Web-Portal-System 0.7.0 (16.07.2005)
		SECUNIA, [SA15985] USANet Creations Products Shell Command Injection Vulnerability (16.07.2005)
		SECUNIA, [SA15857] Emilda User Management Security Bypass Vulnerability (16.07.2005)
		SECUNIA, [SA15967] Phpauction GPL Multiple Vulnerabilities (16.07.2005)
		SECUNIA, [SA15816] PHPCounter "EpochPrefix" Cross-Site Scripting Vulnerability (16.07.2005)
		SECUNIA, [SA16093] MooseGallery "type" File Inclusion Vulnerability (16.07.2005)
		SECUNIA, [SA16074] Seagull PHP Framework PEAR XML_RPC PHP Code Execution (16.07.2005)
		SECUNIA, [SA16075] WebEOC Multiple Vulnerabilities (16.07.2005)
		stormhacker_(at)_hotmail.com, XSS in forums Simple Message Board Version 2.0 Beta 1 (15.07.2005)
		priestmaster, YaBBSe 1.5.5c Path disclosure problem (15.07.2005)
		Steve, PHPsFTPd - Admin password leak (14.07.2005)
		priestmaster, Path Disclosure and XSS problem in PHP Counter 7.2 (14.07.2005)
		blahplok_(at)_yahoo.com, WPS Web-Portal-System v.0.7.0 (wps_shop.cgi) remote commands execution vulnerability (14.07.2005)
		CENSORED, CSS в etomite v0.6 (14.07.2005)
		CENSORED, SQL инъекции в SiDv v3.0 (14.07.2005)
		SECUNIA, [SA16031] iPhotoAlbum File Inclusion Vulnerabilities (13.07.2005)
		Stefan Esser, Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability (13.07.2005)
		dcrab_(at)_hackerscenter.com, Dragonfly Shopping Cart Multiple vulnerabilities (13.07.2005)
		SECUNIA, [SA16028] Moodle Unspecified Vulnerabilities (12.07.2005)
		SECUNIA, [SA16009] Squito Gallery "photoroot" File Inclusion Vulnerability (12.07.2005)
		SECUNIA, [SA16011] PPA "config[ppa_root_path]" File Inclusion Vulnerability (12.07.2005)
		SECUNIA, [SA15976] Id Board free "f" SQL Injection Vulnerability (12.07.2005)
		SECUNIA, [SA16003] DownloadProtect "file" Disclosure of Sensitive Information (12.07.2005)
		Emanuele "MadSheep" Gentili, blogtorrent remote/local user password disclosure (12.07.2005)
		kehieuhoc_(at)_yahoo.com, Bug Hosting Controller New (v6.1 - Hotfix 2.1) (12.07.2005)
		Fixbugs, phpbb <=2.0.16 bug (11.07.2005)

Files:		Installation Path Disclosure Vulnerability phpBB <= 2.0.16
Discuss:		Read or add your comments to this news (0 comments)