Computer Security

Search:Vulnerability:20.10.2005
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Encrypted data hijacking within Enigmail encryption plugin for Mozilla / Thunderbird
Published:20.10.2005
Source:FULL-DISCLOSURE
SecurityVulns ID:5368
Type:m-i-t-m
Level:5/10
Description:Key with empty id is used to encrypt all outgoing mail if presents in keyring.
Affected:MOZILLA : Enigmail 0.92
Original documentdocumentUBUNTU, [Full-disclosure] [USN-211-1] Enigmail vulnerability (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Debian module-assistant symbolic links problem
Published:20.10.2005
Source:FULL-DISCLOSURE
SecurityVulns ID:5369
Type:local
Level:5/10
Description:Symbolic links problem on insecure temporary files creation.
Affected:DEBIAN : module-assistant 0.9
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 867-1] New module-assistant package fixes insecure temporary file (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Linux kernel console keyboard mapping commands execution
Published:20.10.2005
Source:SECUNIA
SecurityVulns ID:5375
Type:local
Level:6/10
Description:User can set keyboard mapping which will impact next users on this console.
Affected:LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA17226] Linux Kernel Console Keyboard Mapping Shell Command Injection (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Squid proxy server DoS
Published:20.10.2005
Source:SECUNIA
SecurityVulns ID:5371
Type:remote
Level:5/10
Description:Server crash on parsing FTP Server response.
Affected:SQUID : squid 2.5
Original documentdocumentSECUNIA, [SA17271] Squid FTP Server Response Handling Denial of Service (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Internet Explorer URL spoofing
Published:20.10.2005
Source:BUGTRAQ
SecurityVulns ID:5373
Type:client
Level:4/10
Description:It's possible to spoof URL with document.write within OnClick method for <a> tag.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentK-Gen Gen, [Full-disclosure] New (19.10.05) MS-IE Url Spoofing bug (by K-Gen). (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple IBM DB2 Universal Database vulnerabilities
Published:20.10.2005
Source:SECUNIA
SecurityVulns ID:5370
Type:remote
Level:6/10
Description:Server crash on constant string processing in queries; endless loop on hash joins processing; multiple problems with invalid connection termination; unauthorized creation of routine based objects; array overflow on oversized number of elements in 'in' list; db2jd crash on certain clients.
Affected:IBM : DB2 8.9
Original documentdocumentSECUNIA, [SA17031] DB2 Universal Database Multiple Denial of Service Vulnerabilities (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Symantec Norton AntiVirus and another Symantec security products for Macintosh privilege escalation
updated since 20.10.2005
Published:21.10.2005
Source:SECUNIA
SecurityVulns ID:5374
Type:local
Level:6/10
Description:Norton Antivirus DiskMountNotify suid utility executes external applications by relative name. LiveUpdate contains suid wrapper for Java interpreter without proper command line check.
Affected:SYMANTEC : Norton Utilities for Macintosh 8.0
 SYMANTEC : Norton AntiVirus for Macintosh 10.0
 SYMANTEC : Norton AntiVirus for Macintosh 9.0
 SYMANTEC : Norton Internet Security for Macintosh 3.0
 SYMANTEC : Norton Personal Firewall for Macintosh 3.0
 SYMANTEC : Norton SystemWorks for Macintosh 3.0
Original documentdocumentIDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus DiskMountNotify Local Privilege Escalation (21.10.2005)
 documentIDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 10.20.05: Symantec Norton AntiVirus LiveUpdate Local Privilege Escalation (21.10.2005)
 documentSECUNIA, [SA17268] Symantec Norton AntiVirus / LiveUpdate for Macintosh Privilege Escalation (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple Ethereal sniffer vulnerabilities
updated since 20.10.2005
Published:21.10.2005
Source:BUGTRAQ
SecurityVulns ID:5372
Type:remote
Level:6/10
Description:Multiple bugs of different nature while parsing different protocols. Vulnerable version of PCRE library is used in Windows Ethereal version.
Affected:ETHEREAL : Ethereal 0.10
Original documentdocumentIDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 10.20.05: Multiple Vendor Ethereal srvloc Buffer Overflow Vulnerability (21.10.2005)
 documentSECUNIA, [SA17254] Ethereal Multiple Protocol Dissector and PCRE Vulnerabilities (20.10.2005)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server