Computer Security

Search:Vulnerability:25.12.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Novell NetMail IMAP server multiple buffer overflows
updated since 23.12.2006
Published:25.12.2006
Source:BUGTRAQ
SecurityVulns ID:6968
Type:remote
Level:6/10
Description:Buffer overflows on STOP, APPEND commands and on IMAP literals parsing.
Affected:NOVELL : NetMail 3.52
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 12.23.06: Novell Netmail IMAP append Denial of Service Vulnerability (25.12.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 12.23.06: Novell NetMail IMAPD subscribe Buffer Overflow Vulnerability (25.12.2006)
 documentZDI, [Full-disclosure] ZDI-06-053: Novell NetMail IMAP Verb Literal Heap Overflow Vulnerability (23.12.2006)
 documentZDI, [Full-disclosure] ZDI-06-054: Novell NetMail IMAP APPEND Buffer Overflow Vulnerability (23.12.2006)
 documentZDI, [Full-disclosure] ZDI-06-052: Novell NetMail NMAP STOR Buffer Overflow Vulnerability (23.12.2006)
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.12.2006
Source:
SecurityVulns ID:6969
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:HLSTATS : HLStats 1.34
 EFKAN : Efkan Forum 1.0
 JINZORA : Jinzora 2.7
 IROKEZ : Irokez CMS 0.7
 ENDONESIA : eNdonesia 8.4
 CIBERIA : ciberia 1.0
 SHADOWEDPORTAL : Shadowed Portal 5.7
 FILEUPLOADMAN : File Upload Manager 1.0
 MXMANIA : Newsletter MX 1.0
 ANANDA : Ananda Real Estate 3.4
 ENTHRALLWEB : Enthrallweb ePhotos 1.0
 ENTHRALLWEB : Enthrallweb eHomes 1.0
 ENTHRALLWEB : Enthrallweb eCars 1.0
 ENTHRALLWEB : Enthrallweb eMates 1.0
 ENTHRALLWEB : Enthrallweb ePages 1.0
 ENTHRALLWEB : Enthrallweb eClassifieds 1.0
 ENTHRALLWEB : Enthrallweb eCoupons 1.0
 ENTHRALLWEB : Enthrallweb eNews 1.0
 ENTHRALLWEB : Dragon Business Directory 3.01
 MXMANIA : Calendar MX BASIC 1.0
 OKULMERKEZIPORTA : Okul Merkezi Portal 1.0
 PAGETOOL : Pagetool CMS 1.07
 B2 : B2 blog 0.5
 SHNEWS : SH-News 0.93
 OPENTAPS : opentaps 0.9
 ABLOG : a-blog 1.52
CVE:CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the search class. NOTE: it is possible that this issue overlaps CVE-2006-4543.3 or CVE-2006-4454.)
 CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.)
Original documentdocumentSECUNIA, [SA23444] a-blog Cross-Site Scripting Vulnerability (25.12.2006)
 documentSECUNIA, [SA23457] opentaps "SEARCH_STRING" Cross-Site Scripting Vulnerability (25.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, b2 - 0.5 * [index] Remote File Include Vulnerability (25.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, Okul Merkezi Portal v1.0 Remote File IncLude Vuln. (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Title : Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Title : Dragon Business Directory <= V3.01.12 (ID) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Enthrallweb eCars 1.0 (types.asp) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Title : Enthrallweb eHomes 1.0 Multiple (SQL/XSS) Vulnerabilities (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Enthrallweb ePhotos 1.0 (subLevel2.asp) Remote SQL Injection Vulnerability (25.12.2006)
 documentajannhwt_(at)_hotmail.com, Ananda Real Estate <= 3.4 (agent) Remote SQL Injection Vulnerability (25.12.2006)
 documentcw.cybersecurity_(at)_gmail.com, myPHPNuke Gallery Module (basepath) Remote File Include (25.12.2006)
 documentcw.cybersecurity_(at)_gmail.com, Shadowed Portal 5.7. Roster Module (mod_root) Remote File Include (25.12.2006)
 documentz1ckX(ru), bugs for Endonesia8.4 (25.12.2006)
 documentnuffsaid, Irokez CMS <= 0.7.1 Multiple Remote File Include Vulnerabilities (25.12.2006)
 documentnuffsaid, Jinzora <= 2.7 (include_path) Multiple Remote File Include Vulnerabilities (25.12.2006)
 documentCorryL, [Full-disclosure] TimberWolf 1.2.2 vulnerable to XSS (25.12.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, Multiple Bugs in Future Internet ( XSS & SQL Injection ) (25.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, Efkan Forum v1.0 SqL Inj. Vuln. (25.12.2006)
Files:Newsletter MX <= 1.0.2 (ID) Remote SQL Injection Exploit
 File Upload Manager <= 1.0.6 (detail.asp) Remote SQL Injection Exploit
 Enthrallweb eNews 1.0 Remote User Pass Change Exploit
 Enthrallweb eCoupons 1.0(myprofile.asp) Remote Pass Change Exploit
 Enthrallweb eClassifieds 1.0 Remote User Pass Change Exploit
 Enthrallweb ePages (actualpic.asp) Remote SQL Injection Exploit
 Enthrallweb emates 1.0 (newsdetail.asp) Remote SQL Injection Exploit
 Enthrallweb eJobs (newsdetail.asp) Remote SQL Injection Exploit
 Exploits Pagetool CMS <=1.07 (RFI)
 SH-News 0.93 (misc.php) Remote File Include Exploit
 Exploits HLStats HLStats <=1.34 and Hlstats >= 1.20 SQL Inection + Path Disclosure
 MTCMS <= 2.0 (admin/admin_settings.php) Remote File Include Exploit
 ciberia 1.0<(Ciberia Content Federator)>(maquetacion_socio.php) Remote File Inclusion Exploit
Discuss:Read or add your comments to this news (0 comments)

acFTP FTP Server DoS
Published:25.12.2006
Source:MILW0RM
SecurityVulns ID:6971
Type:remote
Level:5/10
Description:Crash on REST command with invalid argument.
Affected:ACFTP : acFTP 1.5
Files:acFTP 1.5 (REST/PBSZ) Denial of Service
Discuss:Read or add your comments to this news (0 comments)

Multiple browsers DNS pinning protection bypass
Published:25.12.2006
Source:BUGTRAQ
SecurityVulns ID:6970
Type:remote
Level:6/10
Description:By emulatin Web server failure it's possible to bypass DNS pinning protection (protection against changing IP address resolution by DNS name for crossite access)
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MOZILLA : Firefox 1.5
 MICROSOFT : Windows 2003
 MOZILLA : Firefox 2.0
 MICROSOFT : Windows Vista
Original documentdocumentKanatoko, [Full-disclosure] DNS-Pinning demo (25.12.2006)
Discuss:Read or add your comments to this news (0 comments)

NeoTrace ActiveX buffer overflow
Published:25.12.2006
Source:SECUNIA
SecurityVulns ID:6972
Type:client
Level:5/10
Description:Buffer overflow on oversized NeoTraceExplorer.NeoTraceLoader element TraceTarget() method argument.
Affected:NEOTRACE : Neotrace 3.25
 MCAFEE : McAfee Visual Trace 3.25
Original documentdocumentSECUNIA , [SA23463] NeoTrace Express/Pro ActiveX Control "TraceTarget()" Buffer Overflow (25.12.2006)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server