 |
|
|
|
Multiple Symantec Antivirus products buffer overflow
updated since 09.02.2005 | | Published: |  | 20.12.2005 | | Source: |  | X-FORCE | | SecurityVulns ID: |  | 4464 | | Type: |  | remote | | Level: |  | 7/10 | | Description: |  | Heap memory buffer overflow on UPX compressed files and RAR archives. |
| Affected: |  | SYMANTEC : Norton Internet Security 2004 | | | | SYMANTEC : Symantec Client Security 1.0 | | | | SYMANTEC : Symantec Client Security 2.0 | | | | SYMANTEC : Norton Antivirus 2004 | | | | SYMANTEC : Norton AntiVirus for Microsoft Exchange 2.1 | | | | SYMANTEC : Symantec Mail Security for Microsoft Exchange 4.0 | | | | SYMANTEC : Symantec Mail Security for Microsoft Exchange 4.5 | | | | SYMANTEC : Symantec Mail Security for Domino 4.0 | | | | SYMANTEC : Symantec AntiVirus/Filtering for Domino Ports 3.0 | | | | SYMANTEC : Symantec Antivirus 4.3 | | | | SYMANTEC : Symantec AntiVirus for SMTP 3.1 | | | | SYMANTEC : Symantec Mail Security for SMTP 4.0 | | | | SYMANTEC : Symantec Web Security 3.0 | | | | SYMANTEC : BrightMail AntiSpam 4.0 | | | | SYMANTEC : Brightmail AntiSpam 5.5 | | | | SYMANTEC : Symantec AntiVirus 9.0 | | | | SYMANTEC : Symantec AntiVirus 8.01 | | | | SYMANTEC : Norton System Works 2004 |
| Original document |  | list_(at)_rem0te.com, [Full-disclosure] Symantec Antivirus Library Remote Heap Overflows (20.12.2005) |
| | | SYMANTEC, SYM05-003 Symantec UPX Parsing Engine Heap Overflow (12.02.2005) |
| | | X-FORCE, ISS Protection Advisory: Symantec Antivirus Library Heap Overflow (09.02.2005) |
| Multipe FTGate mail server vulnerabilities | | Published: | | 20.12.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5552 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Format string vulnerabilities in IMAP and POP3, HTTP server buffer overflow and crossite scripting. |
| Affected: | | FTGATE : FTGate 4.4 |
| Original document | | Security Advisories, [Full-disclosure] [ACSSEC-2005-11-25-0x6] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Fo rmat String Overflow (20.12.2005) |
| | | Security Advisories, [Full-disclosure] [ACSSEC-2005-11-25-0x3] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Cr oss Site Scripting Vulnerability (20.12.2005) |
| | | Security Advisories, [Full-disclosure] [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow (20.12.2005) |
| | | Security Advisories, [Full-disclosure] [ACSSEC-2005-11-25-0x5] FTGate 4.4 [Build 4.4.000 Oct 26 2005] Fo rmat String Overflow (20.12.2005) |
| McAfee VirusScan unauthorized files access | | Published: | | 20.12.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 5554 | | Type: | | client | | Level: | | 6/10 | | Description: | | It's possible to access client computer files with McAfee Security Center (MCINSCTL.DLL) ActiveX. |
| Affected: | | MCAFEE : VirusScan 10.0 |
| Original document | | IDEFENSE, [Full-disclosure] iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite (20.12.2005) |
Sun Java JRE sandbox protection bypass
updated since 29.11.2005 | | Published: | | 20.12.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5488 | | Type: | | client | | Level: | | 9/10 | | Description: | | Few vulnerabilities allow applets to write local files and execute applications. |
| Affected: | | SUN : JRE 1.3 | | | | SUN : JDK 1.3 | | | | SUN : JDK 1.4 | | | | SUN : JRE 1.4 | | | | SUN : JRE 1.5 | | | | IBM : Java SDK 1.3 | | | | IBM : Java SDK 1.4 | | | | SUN : JDK 1.5 | | | | SUN : JRE 5.0 | | | | SUN : JDK 5.0 |
| Original document | | SECUNIA, [SA18092] IBM Java SDK JRE Sandbox Security Bypass Vulnerabilities (20.12.2005) |
| | | SECUNIA, [SA17748] Sun Java JRE Sandbox Security Bypass Vulnerabilities (29.11.2005) |
| Multiple Pegasus Mail mail agent vulnerabilities | | Published: | | 20.12.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 5553 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow on oversized POP3 server reply, buffer overflow on oversized e-mail header. |
| Affected: | | PMAIL : Pegasus Mail 4.21 | | | | PMAIL : Pegasus Mail 4.30 |
| Original document | | SECUNIA, [Full-disclosure] Secunia Research: Pegasus Mail Buffer Overflow and Off-by-One Vulnerabilities (20.12.2005) |
| Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) | | Published: | | 20.12.2005 | | Source: | | | | SecurityVulns ID: | | 5550 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | NQCONTENT : NQcontent 3 | | | | METADOT : Metadot 6.4 | | | | ELOG : elog 2.0 | | | | ABLEDESIGN : D-Man 3.0 | | | | ABLEDESIGN : ReSearch 2.0 | | | | ASPBITE : ASPBite 8.0 | | | | ENTERPRISEHEART : Enterprise Connector 1.02 | | | | PHPGEDVIEW : PHPGedView 3.3 |
| Original document | | retrogod_(at)_aliceposta.it, PHPGedView <= 3.3.7 remote code execution (20.12.2005) |
| | | darkz.gsa_(at)_gmail.com, Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass (20.12.2005) |
| | | SECUNIA, [SA18132] ASPBite "strSearch" Cross-Site Scripting Vulnerability (20.12.2005) |
| | | SECUNIA, [SA18122] AbleDesign ReSearch Cross-Site Scripting Vulnerability (20.12.2005) |
| | | SECUNIA, [SA18074] AbleDesign D-Man "title" Cross-Site Scripting Vulnerability (20.12.2005) |
| | | SECUNIA, [SA18124] ELOG Long Parameter Value Denial of Service Vulnerability (20.12.2005) |
| | | SECUNIA, [SA18026] UStore Cross-Site Scripting and SQL Injection Vulnerabilities (20.12.2005) |
| | | Gerry Chng, [Full-disclosure] Vulnerability in Metadot portal server allows users to gain administrative privileges (20.12.2005) |
| | | Andrew Farmer, [Full-disclosure] LiveJournal CSS/JS injection vulnerability (20.12.2005) |
| | | r0t, NQcontent V3 XSS vuln. (20.12.2005) |
| Qualcomm WorldMail IMAP mail server buffer overflow | | Published: | | 20.12.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 5551 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflows in multiple IMAP commands. |
| |
|
| |
