abc2ps / abcmidi abc music files to postscript converter buffer overflow updated since 25.04.2006
Published:		26.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6048
Type:		client
Level:		5/10
Description:		Buffer overflow on abc format parsing.

Affected:		ABC2PS : abc2ps 1.3
		ABCMIDI : abcmidi 17

Original document		DEBIAN, [Full-disclosure] [SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution (26.04.2006)
		DEBIAN, [Full-disclosure] [SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution (25.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Mozilla browsers and mail agents memory corruption
Published:		26.04.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6054
Type:		client
Level:		8/10
Description:		Memory corruption on displaying corrupted HTML tables. Can be used for silent malware installation.

Affected:		MOZILLA : Mozilla 1.7
		MOZILLA : Firefox 1.0
		MOZILLA : Thunderbird 1.0
		MOZILLA : Thunderbird 1.5
		MOZILLA : Firefox 1.5
		MOZILLA : Seamonkey 1.0

Original document

ZDI, [Full-disclosure] ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Sun Solaris libpkcs11 library privilege escalation
Published:		26.04.2006
Source:		SECUNIA
SecurityVulns ID:		6059
Type:		library
Level:		5/10
Description:		Privilege escalation with getpwnam() functions family.

Affected:

ORACLE : Solaris 10

Original document

SECUNIA, [SA19789] Sun Solaris "libpkcs11" Privilege Escalation Vulnerability (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

3COM 2848-SFP switch DoS
Published:		26.04.2006
Source:		SECUNIA
SecurityVulns ID:		6060
Type:		remote
Level:		5/10
Description:		Device crash on long DHCP packet.

Affected:

3COM : 3COM 2848-SFP

Original document

SECUNIA, [SA19756] 3Com Baseline Switch 2848-SFP DHCP Potential Denial of Service (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple DNS servers different security vulnerabilities
Published:		26.04.2006
Source:		NISCC
SecurityVulns ID:		6053
Type:		remote
Level:		6/10
Description:		Multiple vulnerabilities were discovered with automated testing tool.

Affected:		ISC : bind 9.2
		BIND : bind 8.4
		BIND : bind 9.3
		MYDNS : MyDNS 1.0
		PDNSD : pdnsd 1.2
		POWERDNS : RECURSOR 3.0
		DELEGATE : DeleGate 8.11
		DELEGATE : DeleGate 9.0
		FITELNET : FITELnet-F40
		FITELNET : FITELnet-F80
		FITELNET : FITELnet-F100
		FITELNET : FITELnet-F120
		FITELNET : FITELnet-F1000
		FITELNET : FITELnet-E20
		FITELNET : FITELnet-E30
		FITELNET : MUCHO-EV/PK
		FUJITSU : NetShelter/FW
		FUJITSU : NetShelter/FW-P
		FUJITSU : NetShelter/FW-L
		FUJITSU : NetShelter/FW-M

Original document		POWERDNS, Recursor version 3.0.1 (26.04.2006)
		NISCC, NISCC - Vulnerability Issues in Implementations of the DNS Protocol (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

beagle file indexing tool code execution
Published:		26.04.2006
Source:		SECUNIA
SecurityVulns ID:		6058
Type:		client
Level:		5/10

Original document

Chris Evans, beagle insecure command line construction (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple IP3 Networks NetAccess security vulnerabilities
Published:		26.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6057
Type:		remote
Level:		5/10
Description:		SQL injections, unfiltered shell characters, etc.

Affected:

IP3NETWORKS : NA75

Original document

Moonen, Ralph, Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		26.04.2006
Source:
SecurityVulns ID:		6055
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CARTWEAVER : Cartweaver ColdFusion 2.16
		QUICKESTORE : QuickEStore 7.9
		WSNLINKS : WSN Links 2.56
		TRINETCMS : Trinet CMS 2006.04.17
		DCFORUMLITE : DCForumLite 3.0
CVE:		CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.)

Original document		qex_(at)_bsdmail.org, DCForumLite V 3.0<--XSS/SQL Injection (26.04.2006)
		qex_(at)_bsdmail.org, Instant Photo Gallery <= Multiple XSS (26.04.2006)
		qex_(at)_bsdmail.org, Instant Photo Gallery <= Multiple XSS (26.04.2006)
		Elmago Elmago, уязвимость в trinet cms (26.04.2006)
		Cyber Lords, XSS in WSN Links 2.56 (26.04.2006)
		r0t, QuickEStore 7.9 vuln. (26.04.2006)
		r0t, Cartweaver ColdFusion vuln. (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Outlook information leak
Published:		26.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6056
Type:		client
Level:		6/10
Description:		mailto: command processor allow outlook.exe command line modification to include any system file.

Affected:

MICROSOFT : Outlook 2003

Original document

inge.henriksen_(at)_booleansoft.com, Multiple browsers Windows mailto protocol Office 2003 file attachment exploit (26.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Cisco VPN 3000 VPN Concentrator Denial of Service updated since 26.01.2006
Published:		26.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		5700
Type:		remote
Level:		6/10
Description:		HTTP traffic parsing DoS.

Affected:

CISCO : Cisco VPN 3000

Original document		CISCO, Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.04.2006)
		Eldon Sprickerhoff, Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (01.02.2006)
		CISCO, [Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)