Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Symantec Veritas Backup Exec backup agent vulnerabilities
updated since 18.03.2006
Published:21.03.2006
Source:
SecurityVulns ID:5906
Type:remote
Threat Level:
5/10
Description:DoS, format string vulnerabilities.
Affected:VERITAS : Backup Exec 9.1
 VERITAS : Backup Exec 10.0
 VERITAS : Backup Exec 9.2
 VERITAS : Backup Exec 10.1
Original documentdocumentSYMANTEC, Symantec Security Advisory, SYM06-005 (21.03.2006)
 documentSYMANTEC, Symantec Security Advisory SYM06-004 (18.03.2006)

Multiple MailEnable vulnerabilities
updated since 20.03.2006
Published:21.03.2006
Source:
SecurityVulns ID:5914
Type:remote
Threat Level:
5/10
Description:POP3 authentication vulnerability, crossite scripting, information leak.
Affected:MAILENABLE : MailEnable Standard 1.93
 MAILENABLE : MailEnable Professional 1.73
 MAILENABLE : MailEnable Enterprise 1.21
CVE:CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password when an administrator edits the user's settings, which allows remote authenticated administrators to obtain sensitive information by viewing the HTML source.)
 CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.)
 CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.)
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200603-01] MailEnable POP3 Pre-Authentication Buffer Overflow (21.03.2006)
 documentSECUNIA, [SA19288] MailEnable Webmail and Unspecified POP Vulnerabilities (20.03.2006)

X.org / X11 X server privilege escalation
Published:21.03.2006
Source:
SecurityVulns ID:5915
Type:local
Threat Level:
8/10
Description:By using -modulepath it's possible to specify shared libraries location to attach user's library to suid application.
Affected:XORG : X11 6.8
 X.ORG : x.org 1.0
 XORG : X11 6.9
Original documentdocumentH D Moore, Re: [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (21.03.2006)
 documentX.ORG, [CVE-2006-0745] X.Org Security Advisory: privilege escalation and DoS in X11R6.9, X11R7.0 (21.03.2006)
Files:Exploits X.Org xmodulepath privilege escalation

Verisign multiple digital certificates managing products crossite scripting
Published:21.03.2006
Source:
SecurityVulns ID:5916
Type:remote
Threat Level:
6/10
Description:Crossite scripting with haydn.exe CGI component.
Affected:VERISIGN : MPKI 6.0
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2006-0124: Cross-Site Scripting in Verisign’s haydn.exe CGI script (21.03.2006)

FreeRADIUS EAP authentication bypass and DoS
Published:21.03.2006
Source:
SecurityVulns ID:5917
Type:remote
Threat Level:
5/10
Description:EAP-MSCHAPv2 implementation problems.
Affected:FREERADIUS : freeRADIUS 1.1
Original documentdocumentFREERADIUS, Vulnerability Notifications (21.03.2006)

F5 Firepass 4100 SSL VPN crossite scripting
updated since 21.03.2006
Published:21.03.2006
Source:
SecurityVulns ID:5918
Type:remote
Threat Level:
5/10
Description:Web interface crossite scripting.
Affected:F5 : FirePass 4100
Original documentdocumentalfy_(at)_coders.ch, XSS in Firepass 4100 SSL VPN v.5.4.2 (and probably others) (21.03.2006)

Gnome Screensaver protection bypass
Published:21.03.2006
Source:
SecurityVulns ID:5919
Type:local
Threat Level:
5/10
Description:It's possible to kill screensaver with hotkey combination if server is running with AllowDeactivateGrabs and AllowClosedownGrabs option set.
Affected:GNOME : GNOME Screensaver 2.13
Original documentdocumentSECUNIA, [SA19280] Gnome Screensaver Password Bypass Vulnerability (21.03.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:21.03.2006
Source:
SecurityVulns ID:5920
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ASPPORTAL : ASP Portal 3.1
 EXTCALENDAR : ExtCalendar 1.1
Original documentdocumentSECUNIA, [SA19321] ExtCalendar calendar.php Cross-Site Scripting Vulnerabilities (21.03.2006)
 documentSECUNIA, [SA19286] ASPPortal "downloadid" SQL Injection Vulnerability (21.03.2006)
Files:ASPPortal <= 3.1.1 Remote SQL Injection Exploit

Gnome Evolution mail client DoS
updated since 28.01.2006
Published:21.03.2006
Source:
SecurityVulns ID:5708
Type:client
Threat Level:
5/10
Description:Inline text attachment with oversized string causes application to hang.
Affected:GNOME : Evolution 2.4
 CAIRO : libcairo 1.0
 CAIRO : cairo 1.0
Original documentdocumentMANDRIVA, [ MDKSA-2006:057 ] - Updated cairo packages to address Evolution DoS vulnerability (21.03.2006)
 documentMike Davis, [Full-disclosure] gnome evolution mail client inline text file DoS issue (28.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod