Search:Vulnerability:22.03.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

ASP.NET invalid components usage DoS
Published: 22.03.2006
Source: HACKINGSPIRIT
SecurityVulns ID: 5921
Type: remote
Level: 4/10
Description: w2wp process can crash or exhaust resources on .Net applications written without “AspCompat” directive.

Affected: MICROSOFT : ASP.Net 1.1
MICROSOFT : ASP.NET 2.0

Original document SECURITEAM, [NT] w3wp DoS (22.03.2006)

HACKINGSPIRIT, w3wp remote DoS due to improper reference of STA COM components in ASP.NET (22.03.2006)

Files: Exploits ASP.NET invalid components usage
Discuss: Read or add your comments to this news (0 comments)

snmptrapfmt symbolic links vulnerability
Published: 22.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5924
Type: remote
Level: 5/10
Description: Symbolic links problem on temporary files creation.

Affected: SNMPTRAPFMT : snmptrapfmt 1.03

Original document DEBIAN, [Full-disclosure] [SECURITY] [DSA 1013-1] New snmptrapfmt packages fix insecure temporary file (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

RunIt chpst privilege escalation
Published: 22.03.2006
Source: SECUNIA
SecurityVulns ID: 5926
Type: local
Level: 5/10
Description: It's possible to obtain root group privilege.

Affected: RUNIT : RunIt 1.3

Original document SECUNIA, [SA19323] RunIt "chpst" Multiple Groups Handling Security Issue (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

WebLogic Server / WebLogic Express multiple security vulnerabilities
Published: 22.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5927
Type: remote
Level: 5/10
Description: DoS, local filesystem access.

Affected: ORACLE : WebLogic Server 6.1
ORACLE : WebLogic Server 7.0
ORACLE : WebLogic Server 8.1

Original document SECUNIA, [SA19310] BEA WebLogic Server/Express Two Vulnerabilities (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

util-vserver restrictions bypass
Published: 22.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5933
Type: remote
Level: 5/10
Description: All unknown capacities are allowed by default.

Affected: VSERVER : util-vserver 0.30

Original document SECUNIA, [SA19333] util-vserver Unknown Capabilities Handling Security Issue (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

Motorola cellular phones multiple bluetooth vulnerabilities
Published: 22.03.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 5925
Type: remote
Level: 5/10
Description: Security dialog spoofing, buffer overflow.

Affected: MOTOROLA : PEBL U6
MOTOROLA : V600
MOTOROLA : E398

Original document Kevin Finisterre, [Full-disclosure] DMA[2006-0321a] - 'Motorola P2K Platform setpath() overflow and Blueline attack' (22.03.2006)

Files: Exploits Motorola cellulars bluetooth device history vulnerability
Discuss: Read or add your comments to this news (0 comments)

BEA WebLogic Portal information leak
Published: 22.03.2006
Source: SECUNIA
SecurityVulns ID: 5928
Type: remote
Level: 5/10
Description: Incorrect caching algorithm leads to user's portlet data may be leaked to another portlet.

Affected: ORACLE : WebLogic Portal 8.1

Original document SECUNIA, [SA19308] BEA WebLogic Portal JSR-168 Portlets Rendering Security Issue (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

opie one time password system privilege escalation
Published: 22.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5930
Type: remote
Level: 6/10
Description: Under some conditions unprivileged user can be validated as 'root'.

Affected: FREEBSD : FreeBSD 4.10
FREEBSD : FreeBSD 5.3
FREEBSD : FreeBSD 5.4
FREEBSD : FreeBSD 4.11
FREEBSD : FreeBSD 6.0
FREEBSD : FreeBSD 6.1
FREEBSD : FreeBSD 5.5

Original document FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:12.opie (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

FreeBSD IPSec replay attack
Published: 22.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5931
Type: remote
Level: 6/10
Description: fast_ipsec implementation doesn't increment packet sequence number, allowing replay attack for captured packet.

Affected: FREEBSD : FreeBSD 4.10
FREEBSD : FreeBSD 5.3
FREEBSD : FreeBSD 5.4
FREEBSD : FreeBSD 4.11
FREEBSD : FreeBSD 6.0
FREEBSD : FreeBSD 6.1
FREEBSD : FreeBSD 5.5

Original document FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:11.ipsec (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 22.03.2006
Source:
SecurityVulns ID: 5922
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: 1WEBCALENDAR : 1WebCalendar 4.0
MININUKE : Mini-NUKE 1.8
ASPPORTAL : ASPPortal 3.1
FREEWPS : FreeWPS 2.11
OSWIKI : OSWiki 0.3

Original document Aliaksandr Hartsuyeu, [eVuln] PHP SimpleNEWS, PHP SimpleNEWS MySQL - Authentication Bypass Vulnerability (22.03.2006)

SECUNIA, [SA19290] OSWiki Username Script Insertion Vulnerability (22.03.2006)

Mustafa Can Bjorn IPEKCI, ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities (22.03.2006)

document botan_(at)_linuxmail.org, Free Articles Directory Remote Command Exucetion (22.03.2006)

dabdoub_mosikar_(at)_forislam.com, Mini-Nuke<=1.8.2 SQL injection (6) (22.03.2006)

r0t, 1WebCalendar v 4.x vuln. (22.03.2006)

Files: freewps 2.11 exploit
Discuss: Read or add your comments to this news (0 comments)

Linux kernel multiple vulnerabilities
updated since 22.03.2006
Published: 23.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5932
Type: library
Level: 7/10
Description: Integer overflow in netfilter's do_replace() function, memory corruption in usb/gadget driver. Kernel memory content leak through sockaddr_in.sin_zero.

Affected: LINUX : kernel 2.6

Original document SECUNIA, [SA19357] Linux Kernel IPv4 "sockaddr_in.sin_zero" Information Disclosure (23.03.2006)

SECUNIA, [SA19330] Linux Kernel Buffer Overflow Vulnerabilities (22.03.2006)

Discuss: Read or add your comments to this news (0 comments)

Sendmail mail server race conditions
updated since 22.03.2006
Published: 24.03.2006
Source: BUGTRAQ
SecurityVulns ID: 5929
Type: remote
Level: 9/10
Description: Race conditions on signals processing with setjmp/longjmp allow remote code execution.

Affected: SENDMAIL : Sendmail 8.12
SENDMAIL : Sendmail 8.13
FREEBSD : FreeBSD 4.10
FREEBSD : FreeBSD 5.3
FREEBSD : FreeBSD 5.4
FREEBSD : FreeBSD 4.11
FREEBSD : FreeBSD 6.0
FREEBSD : FreeBSD 6.1
FREEBSD : FreeBSD 5.5

Original document Jack, [Full-disclosure] sendmail stuff2 (24.03.2006)

CERT, US-CERT Technical Cyber Security Alert TA06-081A -- Sendmail Race Condition Vulnerability (23.03.2006)

SENDMAIL, Sendmail 8.13.6 release notes (22.03.2006)

FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:13.sendmail (22.03.2006)

Files: sendmail tester draft
Discuss: Read or add your comments to this news (0 comments)

Multiple Microsoft Internet Explorer security vulnerabilities
updated since 22.03.2006
Published: 27.05.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 5923
Type: client
Level: 9/10
Description: Jump to ininitialized function pointer by referencing unspupported object's method (createTextRange() for checkbox). Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM objects memory corruption. Crossite scripting.

Affected: MICROSOFT : Internet Explorer 6.0

Original document Thomas Waldegger, [BuHa-Security] DoS Vulnerability in MS IE 6 SP2 (27.05.2006)

Thomas Waldegger, [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2 (27.05.2006)

Thomas Waldegger, [BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 (13.04.2006)

document Sowhat ., [Full-disclosure] Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability (12.04.2006)

X-FORCE, ISS Protection Bried: ie_patch_ms_06-13 (12.04.2006)

Sowhat ., Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability (12.04.2006)

CERT, US-CERT Technical Cyber Security Alert TA06-101A -- Microsoft Windows and Internet Explorer Vulnerabilities (12.04.2006)

document MICROSOFT, Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) (11.04.2006)

Determina Secure, Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution) (29.03.2006)

EEYE, [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerability (28.03.2006)

document H D Moore, [Full-disclosure] Fun with DHTML (23.03.2006)

SECUNIA, [SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution (22.03.2006)

Computer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution (22.03.2006)

document Stelian Ene, [Full-disclosure] IE crash (22.03.2006)

Files: Exploits Internet Explorer uninitialized object action function pointer vulnerability (crash)
This module exploits a vulnerability in Internet Explorer's setTextRange on a checkbox
Internet Explorer Remote Code Execution Exploit v 0.1
Internet Explorer "createTextRang" Download Shellcoded Exploit
Exploits HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2
Common DHTML implementation flaws via method and property fuzzing
Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812)
Temporary workaround for IE createTextRange vulnerability
Determina Fix for CVE-2006-1359
Discuss: Read or add your comments to this news (0 comments)

test server