Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities
Published:		20.12.2006
Source:		MOZILLA
SecurityVulns ID:		6959
Type:		client
Level:		7/10
Description:		Crossite scripting with functions prototypes. Information leak. Buffer overflows on oversized Content-Type fields in messages. Memory corruption on SVG header. Crossite scripting with img.src. DoS. JavaScript watchpoint privilege escalation. CSS image cursor property buffer overflow. Multiple memory corruptions.

Affected:		MOZILLA : Thunderbird 1.5
		MOZILLA : Firefox 1.5
		MOZILLA : Seamonkey 1.0
		MOZILLA : Firefox 2.0

Original document		MOZILLA, Mozilla Foundation Security Advisory 2006-68 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-69 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-70 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-71 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-72 (20.12.2006)
		ZDI, [Full-disclosure] ZDI-06-051: Mozilla Firefox SVG Processing Remote Code Execution Vulnerability (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-73 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-74 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-75 (20.12.2006)
		MOZILLA, Mozilla Foundation Security Advisory 2006-76 (20.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		20.12.2006
Source:
SecurityVulns ID:		6960
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		WAGORA : W-Agora 4.1
		NOVELL : NetWare 6.5
		VALDERSOFT : Valdersoft Shopping Cart 3.0
		TYPO3 : TYPO3 4.0
		EYEOS : eyeOS 0.9
		OBIEWEBSITE : Mini Web Shop 2.1
		PARISTEMI : Paristemi 0.8
		PHPPROFILES : phpProfiles 3.1
		AZUCARCMS : Azucar CMS 1.3
		CWMDESIGN : cwmVote 1.0
		CWMDESIGN : cwmExplorer 1.0
		CWMDESIGN : cwmCounter 1.0
		VERLIADMIN : VerliAdmin 0.3
CVE:		CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.)
		CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by language.php.)

Original document		SECUNIA, [SA23406] Novell NetWare Welcome web-app Cross-Site Scripting Vulnerability (20.12.2006)
		SECUNIA, [SA23388] eyeOS File Upload Vulnerability (20.12.2006)
		ajannhwt_(at)_hotmail.com, cwmExplorer 1.0 (show_file) Source Code Disclosure Vulnerability (20.12.2006)
		bd0rk_(at)_hackermail.com, cwmVote 1.0 File Include Vulnerability (20.12.2006)
		Cold Zero, PHPFanBase (protection.php) Remote File Include Vulnerability (20.12.2006)
		nuffsaid, Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability (20.12.2006)
		nuffsaid, phpProfiles <= 3.1.2b Multiple Remote File Include Vulnerabilities (20.12.2006)
		nuffsaid, Paristemi 0.8.3b (buycd.php) Remote File Include Vulnerability (20.12.2006)
		bilkopat_(at)_hotmail.com, Valdersoft Shopping Cart v3.0 (E-Commerce Software)*****[ commonIncludePath ] Remote File Include (20.12.2006)
		Daniel Fabian, [Full-disclosure] SEC Consult SA-20061220-0 :: Typo3 Command Execution Vulnerability (20.12.2006)
		xx_hack_xx_2004_(at)_hotmail.com, Multiple Bugs in MINI WEB SHOP (20.12.2006)
		ShaFuq31_(at)_HoTMaiL.CoM, Burak Yilmaz Download Portal Sql Injection Vuln. (20.12.2006)
		l.d.0_(at)_hotmail.com, xss in Support Cards v1 ( oSTicket ) (20.12.2006)
		MustLive, Vulnerabilities в W-Agora (20.12.2006)
		webmaster666_(at)_email.it, MkPortal Urlobox Cross Site Request Forgery (20.12.2006)

Files:		cwmCounter Remote File Include Exploit
		Exploits PHPUpdate <= 2.7 extract() auth bypass / shell inject
		VerliAdmin <= 0.3 File Include Exploit
Discuss:		Read or add your comments to this news (0 comments)

Sun Java Runtime Environment multiple security vulnerabilities
Published:		20.12.2006
Source:		SECUNIA
SecurityVulns ID:		6963
Type:		client
Level:		8/10
Description:		Multiple vulnerabilities allow sandbox protection bypass and system functions access.

Affected:		SUN : JRE 1.3
		SUN : JDK 1.3
		SUN : JDK 1.4
		SUN : JRE 1.4
		SUN : JRE 1.5
		SUN : JDK 1.5

Original document		SECUNIA, [SA23398] Sun Java JRE Applet Security Bypass (20.12.2006)
		SECUNIA, [SA23445] Sun Java JRE Multiple Vulnerabilities (20.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

ESET NOD32 antivirus multiple security vulnerabilities updated since 20.12.2006
Published:		21.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6961
Type:		remote
Level:		6/10
Description:		Buffer overflow on .DOC documents and .CAB archives parsing, DoS on CHM files parsing.

Affected:

eset : NOD32 2.7

Original document		security_(at)_nruns.com, [Full-disclosure] NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory (21.12.2006)
		security_(at)_nruns.com, [Full-disclosure] NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory (20.12.2006)

Discuss:

Read or add your comments to this news (0 comments)

WinFTP FTP server / Dream FTP Server buffer overflow updated since 20.12.2006
Published:		21.12.2006
Source:		MILW0RM
SecurityVulns ID:		6962
Type:		remote
Level:		5/10
Description:		Buffer overflow on oversized PASV command.

Affected:		WINFTP : WinFtp 2.0
		DREAMFTP : DREAM FTP 1.02
CVE:		CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.)

Files:		Exploits WinFtp Server Version 2.0.2 Denial of Service"
Discuss:		Read or add your comments to this news (0 comments)