Multiple bugs in Macromedia flash plugin updated since 09.08.2002
Published:		17.12.2002
Source:		BUGTRAQ
SecurityVulns ID:		2220
Type:		client
Level:		6/10
Description:		Buffer overflows, local file reading.

Affected:

MACROMEDIA : Flash Player 6.0

Original document		Marc, Macromedia Shockwave Flash Malformed Header Overflow #2 (17.12.2002)
		jelmer, Macromedia Flash plugin can read local files (09.08.2002)
		EEYE, EEYE: Macromedia Shockwave Flash Malformed Header Overflow (09.08.2002)

Discuss:

Read or add your comments to this news (0 comments)

Multiple XML parsers DTD DoS
Published:		17.12.2002
Source:		BUGTRAQ
SecurityVulns ID:		2483
Type:		local
Level:		5/10
Description:		By using DTD part of XML document it's possible to cause 100% CPU exhaustion.

Affected:		BEA : WebLogic Server 6.0
		ORACLE : WebLogic Server 6.1
		ADOBE : JRun 4.0
		ORACLE : WebLogic Server 7.0
		MACROMEDIA : ColdFusion MX
		SYBASE : EAServer 4.1
		BEA : WebLogic Integration 2.1
		BEA : WebLogic Integration 7.0

Original document

Amit Klein, Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD (17.12.2002)

Discuss:

Read or add your comments to this news (0 comments)

Macromedia ColdFusion crossite scripting
Published:		17.12.2002
Source:		BUGTRAQ
SecurityVulns ID:		2484
Type:		remote
Level:		5/10
Description:		Crossite scripting in error message.

Affected:

MACROMEDIA : ColdFusion 5.0

Original document

KiLL CoLe, Cross-site scripting vulnerability in CF 5.0 (17.12.2002)

Discuss:

Read or add your comments to this news (0 comments)

Mulbiple bugs in different SSH2 realizations updated since 17.12.2002
Published:		21.12.2002
Source:		CERT
SecurityVulns ID:		2481
Type:		remote
Level:		10/10
Description:		Differeng bugs on malformed packets processing during keys exchange.

Affected:		CISCO : IOS 12.0
		CISCO : IOS 12.1
		CISCO : IOS 12.2
		SSH : ssh 3.1
		SSH : SSH 3.2
		F-SECURE : F-Secure SSH for Unix 3.1
		F-SECURE : F-Secure SSH for Windows 5.2
		FISSH : FiSSH 1.0
		INTERSOFT : SecureNetTerm 5.4
		NETCOMPOSITE : ShellGuard 3.4
		PRAGMA : SecureShell SSH 2
		PUTTY : putty 0.53
		WINSCP : WinSCP 2.0

Original document		CISCO, Cisco Security Advisory: Cisco Security Advisory: SSH Malformed Packet Vulnerabilities (21.12.2002)
		CERT, CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations (17.12.2002)
		Rapid 7 Security Advisories, R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors (17.12.2002)

Files:		Putty v0.52 and minor exploit
		Putty v0.52 and minor exploit
Discuss:		Read or add your comments to this news (0 comments)

CGI bugs updated since 17.12.2002
Published:		21.12.2002
Source:		BUGTRAQ
SecurityVulns ID:		2482
Type:		remote
Level:		5/10

Affected:		PHPNUKE : PHP-Nuke 6.0
		CAPTARIS : Infinite WebMail 3.61
		NEWSLETTER : newsletter.php 2.1
		OPENWEBMAIL : Openwebmail 1.71
		SPG : SPGpartenaires 3.0

Original document		xatr0z, XSS and PHP include bug in W-Agora (21.12.2002)
		frog frog, SPGpartenaires (PHP) (21.12.2002)
		Dmitry Guyvoronsky, Openwebmail 1.71 remote root compromise (20.12.2002)
		frog frog, WAnewsletter (PHP) (20.12.2002)
		frog frog, Security Patchs for PHP Products (17.12.2002)
		Pedram Amini, Captaris (Infinite) WebMail XSS (17.12.2002)
		Ulf Harnhammar, PHP-Nuke code execution and XSS vulnerabilities (17.12.2002)
		frog frog, PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting (17.12.2002)

Discuss:

Read or add your comments to this news (0 comments)

zkfingerd format string bug updated since 17.12.2002
Published:		10.07.2003
Source:		BUGTRAQ
SecurityVulns ID:		2485
Type:		remote
Level:		5/10
Description:		Format string on syslog() call.

Affected:		ZKFINGERD : zkfingerd 0.9
		ZKFINGERD : zkfingerd 2.0

Original document		yan feng, zkfingerd-2.0.2(the last version)Format String Vulnerabilities (10.07.2003)
		NGSSoftware Insight Security Research, zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A) (17.12.2002)

Files:		remote exploit for zkfingerd-r3-0.9 linux/x86
Discuss:		Read or add your comments to this news (0 comments)