Computer Security
[EN] securityvulns.ru no-pyccku


SpeedProject multiple archiver buffer overflow
updated since 26.11.2005
Published:27.04.2006
Source:
SecurityVulns ID:5481
Type:client
Threat Level:
5/10
Description:Buffer overflows on ZIP, ACE and UUEncode formats parsing.
Affected:SPEEDPROJECT : ZipStar 5.0
 SPEEDPROJECT : Squeez 5.0
 SPEEDCOMMANDER : SpeedCommander 11.0
 SPEEDPROJECT : SpeedCommander 10.51
 SPEEDPROJECT : Squeez 5.10
 SPEEDPROJECT : SpeedCommander 10.52
Original documentdocumentSECUNIA, Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow (27.04.2006)
 documentSECUNIA, [SA19473] SpeedProject Products ACE Archive Handling Buffer Overflow (26.04.2006)
 documentSECUNIA, Secunia Research: SpeedProject Products ZIP/UUE File Extraction Buffer Overflow (26.11.2005)

Microsoft Internet Explorer modial dialogs spoofing
Published:27.04.2006
Source:
SecurityVulns ID:6061
Type:client
Threat Level:
5/10
Description:It's possible to spoof modal dialog content. This problem is only significant for Windows proir to Windows XP SP2 / Windows 2003 SP1.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentMatthew Murphy, [Full-disclosure] Internet Explorer User Interface Races, Redeux (27.04.2006)
Files:PoC for Internet Explorer Modal Dialog Issue

Juniper SSL-VPN JuniperSetup client component buffer overflow
Published:27.04.2006
Source:
SecurityVulns ID:6062
Type:client
Threat Level:
6/10
Description:Buffer overflow in JuniperSetup.ocx ActiveX element.
Original documentdocumentEEYE, [EEYEB-20060227] Juniper Networks SSL-VPN Client Buffer Overflow (27.04.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.04.2006
Source:
SecurityVulns ID:6063
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DEVBB : DevBB 1.0
 OPENBB : OpenBB 1.0
 PHPNUKE : PHP-Nuke 7.9
 MYBB : MyBB 1.1
 WARFORGE : warforge.NEWS 1.0
 MYSMARTBB : MySmartBB 1.1
CVE:CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary HTML and web script via the (1) title and (2) newspost parameters to (a) newsadd.php, and the (3) name, title, and (4) comment parameters to (b) news.php, a different set of vectors than CVE-2006-1818. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumento.y.6_(at)_hotmail.com, MyBB 1.1.1 Local SQL Injections (27.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] warforge.NEWS SQL Injection and Multiple XSS Vulnerabilities (27.04.2006)
 documentoutlaw_(at)_aria-security.net, SQL Injection On DUportal (27.04.2006)
 documentoutlaw_(at)_aria-security.net, XXS Attack On FarsiNews (27.04.2006)
 documentoutlaw_(at)_aria-security.net, Local XXS Attack On CuteNews (27.04.2006)
 documentqex_(at)_bsdmail.org, Open Bulletin Board < Multiple Vulnerability (27.04.2006)
 documentqex_(at)_bsdmail.com, DevBB <= 1.0.0 XSS (27.04.2006)
 documentBoNy-m_(at)_hotmail.com, MySmartBB<---v 1.1.x SQL Injection/XSS (27.04.2006)
 documentPrivate Private, PHPNuke All Version EnhancedSearch Module SQL Injection Exploit {!} (27.04.2006)
 documentyamcho_(at)_email.it, warforge.NEWS (27.04.2006)

Microsoft Internet Explorer crossite access
Published:27.04.2006
Source:
SecurityVulns ID:6064
Type:client
Threat Level:
7/10
Description:Script from one site can access content of the page from different site with mhtml: URI handler.
Affected:MICROSOFT : Internet Explorer 6.0
Original documentdocumentSECUNIA, [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information (27.04.2006)
Files:Internet Explorer Arbitrary Content Disclosure Vulnerability Test

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod