Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Microsoft Windows Media Player vulnerabilities
updated since 15.02.2006
Published:22.02.2006
Source:
SecurityVulns ID:5769
Type:client
Threat Level:
8/10
Description:Buffer overflow on BMP files playing. Buffer overflow on oversized SRC for HTML page with EMBED'ded WMP. May be used for client machine trojaning.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564) (15.02.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565) (15.02.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-045A -- Microsoft Windows, Windows Media Player, and Internet Explorer Vulnerabilities (15.02.2006)
 documentEEYE, [EEYEB-20051017] Windows Media Player BMP Heap Overflow (15.02.2006)
 documentIDEFENSE, iDefense Security Advisory 02.14.06: Microsoft Windows Media Player Plugin Buffer Overflow Vulnerability (15.02.2006)
Files:Exploits Windows Media Player BMP Heap Overflow (MS06-005)
 Exploits Bulletin MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution
 Windows Media Player Plug-in for Non-Microsoft Browsers Code Execution (MS06-006)
 Windows Media Player Plug-in for Non-Microsoft Browsers Code Execution (MS06-006) - Exploit II
 Microsoft Security Bulletin MS06-005 Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)
 Microsoft Security Bulletin MS06-006 Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)
 Exploiting 'Non-Critical' Media Player Vulnerabilities for Fun and Profit

PnuPG gpgv / gpg invalid return code
updated since 16.02.2006
Published:22.02.2006
Source:
SecurityVulns ID:5786
Type:client
Threat Level:
5/10
Description:Utility returns 0 status code if no signature found.
Affected:GNUPG : gpg 1.4
Original documentdocumentMarcus Meissner, Not completely fixed? (was: False positive signature verification in GnuPG) (22.02.2006)
 documentWerner Koch, False positive signature verification in GnuPG (18.02.2006)
 documentSECUNIA, [SA18845] GnuPG "gpgv" Signature Verification Security Issue (16.02.2006)

Multiple Bugzilla bug tracking system security vulnerabilities
Published:22.02.2006
Source:
SecurityVulns ID:5808
Type:remote
Threat Level:
5/10
Description:SQL injection cross site scripting.
Affected:BUGZILLA : Bugzilla 2.20
Original documentdocumentBUGZILLA, [BUGZILLA] Security Advisory for Bugzilla 2.20, 2.21.1, and 2.18.4 (22.02.2006)

TrueNorth IA eMailserver IMAP server buffer overflow
Published:22.02.2006
Source:
SecurityVulns ID:5809
Type:remote
Threat Level:
5/10
Description:Buffer overflow in oversized SEARCH command.
Affected:TRUENORTH : IA eMailserver 5.3
Original documentdocumentJoгo Antunes, [AJECT] TrueNorth IA eMailserver 5.3.4 buffer overflow vulnerability (22.02.2006)

Tar tape archiver buffer overflow
Published:22.02.2006
Source:
SecurityVulns ID:5810
Type:local
Threat Level:
5/10
Description:Buffer overflow on extended PAX headers parsing.
Original documentdocumentMANDRIVA, [Full-disclosure] [ MDKSA-2006:046 ] - Updated tar packages fix vulnerability (22.02.2006)

MacOS X ZIP archives code execution
Published:22.02.2006
Source:
SecurityVulns ID:5811
Type:client
Threat Level:
6/10
Description:It's possible to set files associations with __MACOSX folder.
Affected:APPLE : Mac OS X 10.4
 APPLE : Safari 2.0
Original documentdocumentSECUNIA, [SA18963] Mac OS X "__MACOSX" ZIP Archive Shell Script Execution (22.02.2006)
Files:This module exploits a vulnerability in Safari's "Safe file" feature

Novell Common Authentication Service Adapter buffer overflow
Published:22.02.2006
Source:
SecurityVulns ID:5812
Type:remote
Threat Level:
6/10
Description:pam_micasa pre-authentication buffer overflow.
Affected:NOVELL : Novell Linux Desktop 9
 NOVELL : Open Enterprise Server 1
Original documentdocumentSUSE, [Full-disclosure] SUSE Security Announcement: CASA remote code execution (SUSE-SA:2006:010) (22.02.2006)

Hauri Virobot antivirus privilege esalation
Published:22.02.2006
Source:
SecurityVulns ID:5813
Type:local
Threat Level:
5/10
Description:Local user can obtain unrestricted access with suid CGI executable.
Affected:HAURI : ViRobot Linux Server 2.0
Original documentdocumentdong-h0un U, [Full-disclosure] [INetCop Security Advisory] Global Hauri Virobot cookie exploit (22.02.2006)

SCO Unixware ptrace privilege escalation
updated since 22.02.2006
Published:25.02.2006
Source:
SecurityVulns ID:5814
Type:local
Threat Level:
5/10
Description:ptrace can be attached to suid application.
Affected:SCO : UnixWare 7.1
Original documentdocumentIDEFENSE, iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability (25.02.2006)
 documentSCO, [Full-disclosure] SCOSA-2006.9 UnixWare 7.1.3 UnixWare 7.1.4 : Setuid ptrace Local Privilege Escalation Vulnerability (22.02.2006)
Files:SCO Unixware 7.1.3 ptrace local root exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod