Search:Vulnerability:21.03.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple MailEnable vulnerabilities
updated since 20.03.2006
Published: 21.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5914
Type: remote
Level: 5/10
Description: POP3 authentication vulnerability, crossite scripting, information leak.

Affected: MAILENABLE : MailEnable Standard 1.93
MAILENABLE : MailEnable Professional 1.73
MAILENABLE : MailEnable Enterprise 1.21
CVE: CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.)
CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.)
CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.)

Original document noreply_(at)_musecurity.com, [Full-disclosure] [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow (21.03.2006)

SECUNIA, [SA19288] MailEnable Webmail and Unspecified POP Vulnerabilities (20.03.2006)

Discuss: Read or add your comments to this news (0 comments)

X.org / X11 X server privilege escalation
Published: 21.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5915
Type: local
Level: 8/10
Description: By using -modulepath it's possible to specify shared libraries location to attach user's library to suid application.

Affected: XORG : X11 6.8
X.ORG : x.org 1.0
XORG : X11 6.9

Original document H D Moore, Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (21.03.2006)

X.ORG, [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (21.03.2006)

Files: Exploits X.Org xmodulepath privilege escalation
Discuss: Read or add your comments to this news (0 comments)

Gnome Screensaver protection bypass
Published: 21.03.2006
Source: SECUNIA
SecurityVulns ID: 5919
Type: local
Level: 5/10
Description: It's possible to kill screensaver with hotkey combination if server is running with AllowDeactivateGrabs and AllowClosedownGrabs option set.

Affected: GNOME : GNOME Screensaver 2.13

Original document SECUNIA, [SA19280] Gnome Screensaver Password Bypass Vulnerability (21.03.2006)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 21.03.2006
Source:
SecurityVulns ID: 5920
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: ASPPORTAL : ASP Portal 3.1
EXTCALENDAR : ExtCalendar 1.1

Original document SECUNIA, [SA19321] ExtCalendar calendar.php Cross-Site Scripting Vulnerabilities (21.03.2006)

SECUNIA, [SA19286] ASPPortal "downloadid" SQL Injection Vulnerability (21.03.2006)

Files: ASPPortal <= 3.1.1 Remote SQL Injection Exploit
Discuss: Read or add your comments to this news (0 comments)

Multiple Symantec Veritas Backup Exec backup agent vulnerabilities
updated since 18.03.2006
Published: 21.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5906
Type: remote
Level: 5/10
Description: DoS, format string vulnerabilities.

Affected: VERITAS : Backup Exec 9.1
VERITAS : Backup Exec 10.0
VERITAS : Backup Exec 9.2
VERITAS : Backup Exec 10.1

Original document SYMANTEC, Symantec Security Advisory, SYM06-005 (21.03.2006)

SYMANTEC, Symantec Security Advisory SYM06-004 (18.03.2006)

Discuss: Read or add your comments to this news (0 comments)

Verisign multiple digital certificates managing products crossite scripting
Published: 21.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5916
Type: remote
Level: 6/10
Description: Crossite scripting with haydn.exe CGI component.

Affected: VERISIGN : MPKI 6.0

Original document CORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script (21.03.2006)

Discuss: Read or add your comments to this news (0 comments)

FreeRADIUS EAP authentication bypass and DoS
Published: 21.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5917
Type: remote
Level: 5/10
Description: EAP-MSCHAPv2 implementation problems.

Affected: FREERADIUS : freeRADIUS 1.1

Original document FREERADIUS, Vulnerability Notifications (21.03.2006)

Discuss: Read or add your comments to this news (0 comments)

F5 Firepass 4100 SSL VPN crossite scripting
updated since 21.03.2006
Published: 21.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5918
Type: remote
Level: 5/10
Description: Web interface crossite scripting.

Affected: F5 : FirePass 4100

Original document alfy_(at)_coders.ch, XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others) (21.03.2006)

Discuss: Read or add your comments to this news (0 comments)

Gnome Evolution mail client DoS
updated since 28.01.2006
Published: 21.03.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 5708
Type: client
Level: 5/10
Description: Inline text attachment with oversized string causes application to hang.

Affected: GNOME : Evolution 2.4
CAIRO : libcairo 1.0
CAIRO : cairo 1.0

Original document MANDRIVA, [ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability (21.03.2006)

Mike Davis, [Full-disclosure] gnome evolution mail client inline text file DoS issue (28.01.2006)

Discuss: Read or add your comments to this news (0 comments)

test server