Computer Security

Search:Vulnerability:22.10.2004
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Microsoft Windows multiple bugs
updated since 13.10.2004
Published:22.10.2004
Source:MICROSOFT
SecurityVulns ID:4085
Type:client
Level:8/10
Description:Windows management API privilege escalation with SetWindowLong()/SetWindowLongPtr() shatter attack, Virtual DOS Machine privilege escalation, EMF/WMF files code execution, DoS.
Affected:MICROSOFT : Windows NT 4.0 Server
 MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumenthouseofdabus HOD, [EXPL] (MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow (PoC) (22.10.2004)
 documentBrett Moore, SetWindowLong Shatter Attacks (14.10.2004)
 documentEEYE, [Full-Disclosure] EEYE: Windows VDM #UD Local Privilege Escalation (13.10.2004)
 documentMICROSOFT, Microsoft Security Bulletin MS04-032 Security Update for Microsoft Windows (840987) (13.10.2004)
Files:(MS04-032) Microsoft Windows XP Metafile (.emf) Heap Overflow
 Microsoft Security Bulletin MS04-032 Security Update for Microsoft Windows (840987)
Discuss:Read or add your comments to this news (0 comments)

Multiple browsers tab vulnerabilities
Published:22.10.2004
Source:NTBUGTRAQ
SecurityVulns ID:4110
Type:client
Level:5/10
Description:Multiple browsers allow tab spoofing.
Affected:MOZILLA : Mozilla 1.7
 MOZILLA : Firefox 0.10
 MOZILLA : Camino 0.8
 OPERA : Opera 7.54
 KDE : Konqueror 3.2
 NETSCAPE : Netscape 7.2
 AVANT : Avant Browser 9.02
 AVANT : Avant Browser 10.0
 MAXTHON : Maxthon 1.02
Original documentdocumentSECUNIA, Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)

Vypress Tonecast 1.3 DoS
Published:22.10.2004
Source:BUGTRAQ
SecurityVulns ID:4105
Type:remote
Level:5/10
Affected:VYPRESS : Tonecast 1.3
Original documentdocumentLuigi Auriemma, Broadcast crash in Vypress Tonecast 1.3 (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)

LanDesk DoS
Published:22.10.2004
Source:VULN-DEV
SecurityVulns ID:4106
Type:remote
Level:5/10
Affected:LANDESK : LANDesk 8
Original documentdocumentRyan Rounkles, Denial of service in LANDesk 8 (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)

mpg123 buffer overflow
Published:22.10.2004
Source:BUGTRAQ
SecurityVulns ID:4107
Type:client
Level:5/10
Description:getauthfromurl() buffer overflow
Affected:MPG123 : mpg123 0.59
Original documentdocumentCarlos Barros, mpg123 "getauthfromurl" buffer overflow (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)

Linux kernel race konditions
Published:22.10.2004
Source:BUGTRAQ
SecurityVulns ID:4108
Type:local
Level:6/10
Description:Race conditions on TIOCSETLD during read/write operation on same terminal can cause system to crash and potentially may lead to privilege escalation.
Affected:LINUX : kernel 2.2
 LINUX : kernel 2.4
 LINUX : kernel 2.6
Original documentdocumentAlan Cox, CAN-2004-0814: Linux terminal layer races (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple libpng bugs
updated since 05.08.2004
Published:22.10.2004
Source:CERT
SecurityVulns ID:3892
Type:library
Level:7/10
Description:Stack overflow, NULL pointer dereference, integer overflows.
Affected:libpng : libpng 1.2
 libpng : libpng 1.0
 MOZILLA : Mozilla 1.7
 MOZILLA : Firefox 0.9
 MOZILLA : Thunderbird 0.7
Original documentdocumentDEBIAN, [SECURITY] [DSA 570-1] New libpng packages fix several vulnerabilities (22.10.2004)
 documentGENTOO, [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities (25.08.2004)
 documentChris Evans, CESA-2004-001: libpng (05.08.2004)
 documentCERT, US-CERT Technical Cyber Security Alert TA04-217A -- Multiple Vulnerabilities in libpng (05.08.2004)
Files:PNG crashes both mozilla and konqueror
 exploit for libpng, tested on version 1.2.5
Discuss:Read or add your comments to this news (0 comments)

Multiple antivirii DoS
updated since 11.02.2003
Published:22.10.2004
Source:3APA3A
SecurityVulns ID:2579
Type:local
Level:5/10
Description:Creation of file with oversized path or special device name causes application to hang or allows detection bypassing. ZIP with zero archive length allow to bypass checking.
Affected:KASPERSKY : Kaspersky Antivirus 4.0
 SYMANTEC : Norton AntiVirus 2002
 SALD : Dr Web 4.28
 SYMANTEC : Norton Antivirus 2004
Original documentdocumentSowhat ., Mutiple AntiVirus Reserved Device Name Handling Vulnerability (22.10.2004)
 documentIDEFENSE, iDEFENSE Security Advisory 10.18.04: Multiple Vendor Anti-Virus Software Detection Evasion Vulnerability (22.10.2004)
 documentIDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 10.05.04b: Symantec Norton AntiVirus Reserved Device Name Handling Vulnerability (06.10.2004)
 documentbipin gautam, Norton AntiVirus nested file manual scan bypass..... (19.04.2004)
 documentSYMANTEC, Kaspersky Antivirus, Dr. Web and Symantec Antivirus DoS (15.03.2003)
 documentSECURITEAM, [NT] Buffer Overflow Vulnerability in Dr. Web (11.03.2003)
 documentJames C Slora Jr, FW: Re[2]: SECURITY.NNOV: Kaspersky Antivirus DoS (15.02.2003)
 document3APA3A, SECURITY.NNOV: Kaspersky Antivirus DoS (11.02.2003)
Files:ДОПОЛНЕНИЕ к информации, опубликованной на SECURITY.NNOV (Vladimir Yumashev)
 Kaspersky Antivirus DoS
Discuss:Read or add your comments to this news (0 comments)

CGI bugs
updated since 22.10.2004
Published:23.10.2004
Source:
SecurityVulns ID:4104
Type:remote
Level:5/10
Affected:S9Y : Serendipity 0.7
 CPANEL : cPanel 9.4
 SAGE : SalesLogix 6.1
 PSCRIPT : pscript 1.26
 UBBCENTRAL : UBB.threads 3.4
Original documentdocumentChaotic Evil, HTTP Response Splitting in Serendipity 0.7-beta4 (23.10.2004)
 documentFlorian Rock, SQL Injection in UBB.threads 3.4.x (23.10.2004)
 documentChristoph Jeschke, [Powie's PSCRIPT Forum] Multiple SQL-Injection Vulnerabilities (22.10.2004)
 documentCarl, Multiple vulnerabilities in Sage Saleslogix (22.10.2004)
 documentAndrey Bayora, [Full-Disclosure] cPanel check only the first 8 characters of webmail password (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple PDF parsing library security vulnerabilities
updated since 22.10.2004
Published:01.02.2006
Source:BUGTRAQ
SecurityVulns ID:4109
Type:library
Level:7/10
Description:Multiple vulnerabilities including heap corruption, buffer overflows.
Affected:CUPS : cups 1.1
 KDE : KDE 3.2
 CLEARSWIFT : MIMEsweeper 5.0
 KDE : KDE 3.3
 XPDF : xpdf 3.0
 GNOME : gpdf 0.112
 TETEX : tetex 2.0
 TETEX : pTeX 3.1
 TETEX : CSTeX 2.0
 ADOBE : Acrobat Reader 7.0
 LIBEXTRACTOR : libextractor 0.4
 POPPLER : poppler 0.4
 XPDF : xpdf 3.01
 GPDF : GPdf 2.10
 PDFTOHTML : pdftohtml 0.36
 GNUSTEP : PDFKit Framework 0.8
 APPLE : Preview.app 3.0
Original documentdocumentMOAB, MOAB-06-01-2007: Multiple Vendor PDF Document Catalog Handling Vulnerability (21.01.2007)
 documentKDE, [KDE Security Advisory] kpdf of KDE 3.3.x heap based buffer overflow (10.03.2006)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 961-1] New pdfkit.framework packages fix arbitrary code execution (01.02.2006)
 documentGENTOO, [ GLSA 200601-17 ] Xpdf, Poppler, GPdf, libextractor, pdftohtml: Heap overflows (01.02.2006)
 documentSECUNIA, [SA18677] Xpdf PDF Splash Image Handling Vulnerability (01.02.2006)
 documentMANDRIVA, MDKSA-2006:005 - Updated xpdf packages fix several vulnerabilities (07.01.2006)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability (06.12.2005)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow (06.12.2005)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability (06.12.2005)
 documentIDEFENSE, iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability (06.12.2005)
 documentUBUNTU, [USN-163-1] xpdf vulnerability (10.08.2005)
 documentGENTOO, [ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities (10.06.2005)
 documentGENTOO, [ GLSA 200501-31 ] teTeX, pTeX, CSTeX: Multiple vulnerabilities (26.01.2005)
 documentIDEFENSE, iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow (19.01.2005)
 documentKDE, KDE Security Advisory: kpdf Buffer Overflow Vulnerability (30.12.2004)
 documentIDEFENSE, iDEFENSE Security Advisory 12.21.04: Multiple Vendor xpdf PDF Viewer Buffer Overflow Vulnerability (22.12.2004)
 documentSECUNIA, [SA13411] MIMEsweeper for SMTP PDF File Processing Denial of Service (11.12.2004)
 documentMANDRAKE, MDKSA-2004:116 - Updated cups packages fix DoS vulnerabilities (22.10.2004)
 documentMANDRAKE, MDKSA-2004:114 - Updated gpdf packages fix DoS vulnerability (22.10.2004)
 documentKDE, [KDE security advisory] Multiple integer overflows in kpdf (22.10.2004)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server