jabberd instant messaging server DoS
Published:		20.03.2006
Source:		SECUNIA
SecurityVulns ID:		5912
Type:		remote
Level:		6/10
Description:		Crash on malformed SASL request.

Affected:

JABBERD : jabberd 2.0

Original document

SECUNIA, [SA19281] jabberd SASL Negotiation Denial of Service Vulnerability (20.03.2006)

Discuss:

Read or add your comments to this news (0 comments)

Avast! antivirus weak file permissions
Published:		20.03.2006
Source:		BUGTRAQ
SecurityVulns ID:		5913
Type:		local
Level:		6/10
Description:		Everyone:Full Control permissions are set to program folder.

Affected:

ALWIL : Avast! Antivirus 4.6

Original document

SECUNIA, [SA19284] avast! Antivirus Insecure Default File Permissions (20.03.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		20.03.2006
Source:
SecurityVulns ID:		5911
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		NOAH : Classifieds 1.3
		CUREPHP : CuteNews 1.4
		EXTCALENDAR : ExtCalendar 1.0
		ILOHAMAIL : ilohamil 0.8
		STREBER : Streber 0.05
		SOFTBB : SoftBB 0.1
		GCARDS : gCards 1.45
		SLAB500 : SLAB500

Original document		keitel andres ortega, Path Disclosure and Arbitrary File Read Vulnerability in SLAB5000 (20.03.2006)
		SECUNIA, [SA19289] CuteNews "archive" Disclosure of Sensitive Information Vulnerability (20.03.2006)
		SECUNIA, [SA19283] SoftBB "mail" SQL Injection Vulnerability (20.03.2006)
		SECUNIA, [SA19263] Streber Unspecified Script Insertion Vulnerability (20.03.2006)
		raphael.huck_(at)_free.fr, Noah's Classifieds Multiple Path Disclosure and Cross Site Scripting Vulnerabilities (20.03.2006)
		dabdoub_mosikar_(at)_forislam.com, phpWebsite <= SQL Injection (friend.php) & (article.php) (20.03.2006)
		DEBIAN, [SECURITY] [DSA 1010-1] New ilohamail packages fix cross-site scripting vulnerabilities (20.03.2006)
		soot hackers, ExtCalendar v1.0 Multiple Xss Vuln (20.03.2006)

Files:		SoftBB BruteForcing tool
		Exploits gCards <= 1.45 multiple vulnerabilities
Discuss:		Read or add your comments to this news (0 comments)

Multiple MailEnable vulnerabilities updated since 20.03.2006
Published:		21.03.2006
Source:		BUGTRAQ
SecurityVulns ID:		5914
Type:		remote
Level:		5/10
Description:		POP3 authentication vulnerability, crossite scripting, information leak.

Affected:		MAILENABLE : MailEnable Standard 1.93
		MAILENABLE : MailEnable Professional 1.73
		MAILENABLE : MailEnable Enterprise 1.21
CVE:		CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.)
		CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.)
		CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.)

Original document		noreply_(at)_musecurity.com, [Full-disclosure] [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow (21.03.2006)
		SECUNIA, [SA19288] MailEnable Webmail and Unspecified POP Vulnerabilities (20.03.2006)

Discuss:

Read or add your comments to this news (0 comments)

cURL command line download utility buffer overflow updated since 20.03.2006
Published:		28.03.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		5910
Type:		client
Level:		6/10
Description:		Buffer overflow on parsing tftp:// URL.

Affected:		CURL : curl 7.15
		CURL : libcurl 7.15
		OPENOFFICE : OpenOffice 2.0

Original document		GENTOO, [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl (28.03.2006)
		Ulf Harnhammar, [Full-disclosure] [SSAG#001] :: cURL tftp:// URL Buffer Overflow (20.03.2006)

Discuss:

Read or add your comments to this news (0 comments)