Computer Security
[EN] no-pyccku

Multiple Microsoft Internet Explorer security vulnerabilities
updated since 22.03.2006
SecurityVulns ID:5923
Threat Level:
Description:Jump to ininitialized function pointer by referencing unspupported object's method (createTextRange() for checkbox). Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM objects memory corruption. Crossite scripting.
Affected:MICROSOFT : Internet Explorer 6.0
Original documentdocumentThomas Waldegger, [BuHa-Security] DoS Vulnerability in MS IE 6 SP2 (27.05.2006)
 documentThomas Waldegger, [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2 (27.05.2006)
 documentThomas Waldegger, [BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 (13.04.2006)
 documentSowhat ., [Full-disclosure] Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability (12.04.2006)
 documentX-FORCE, ISS Protection Bried: ie_patch_ms_06-13 (12.04.2006)
 documentSowhat ., Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability (12.04.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-101A -- Microsoft Windows and Internet Explorer Vulnerabilities (12.04.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) (11.04.2006)
 documentDetermina Secure, Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution) (29.03.2006)
 documentEEYE, [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerability (28.03.2006)
 documentH D Moore, [Full-disclosure] Fun with DHTML (23.03.2006)
 documentSECUNIA, [SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution (22.03.2006)
 documentComputer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution (22.03.2006)
 documentStelian Ene, [Full-disclosure] IE crash (22.03.2006)
Files:Exploits Internet Explorer uninitialized object action function pointer vulnerability (crash)
 Common DHTML implementation flaws via method and property fuzzing
 Internet Explorer Remote Code Execution Exploit v 0.1
 Internet Explorer "createTextRang" Download Shellcoded Exploit
 This module exploits a vulnerability in Internet Explorer's setTextRange on a checkbox
 Exploits HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2
 Temporary workaround for IE createTextRange vulnerability
 Determina Fix for CVE-2006-1359
 Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:6194
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TIKIWIKI : tikiwiki 1.9
 PLUMECMS : Plume CMS 1.0
 VWEBMAIL : V-Webmail 1.6
 TOASTFORUMS : Toast Forums 1.6
 EVAWEB : EVA-Web 2.1
 DOCEBO : Docebo LMS 2.05
 MONSTERTOPLIST : Monster Top List 1.4
 EASYCONTENT : Easy-Content Forums 1.0
 SOCKETMAIL : Socketmail 2.2
 TAMBER : Tamber Forum 1.9
 PHPRESIDENCE : PHPResidence 0.6
 AGTC : PHP AGTC-Membership system 1.1
 BYTEHOARD : bytehoard 2.1
 ASSETMAN : AssetMan 2.4
 SUPERLINKEXCHANG : Super Link Exchange 1.0
 VACATIONRETAL : Vacation Retal Script 1.0
 PRETTYGUESTBOOK : Pretty Guestbook 1
 SMILEGUESTBOOK : Smile Guestbook 1
 MORRISGUESTBOOK : Morris Guestbook 1
CVE:CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.)
Original documentdocumentVympel, [Full-disclosure] ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities (27.05.2006)
 documentluny_(at), Morris Guestbook v1 (27.05.2006)
 documentluny_(at), Smile Guestbook v1 (27.05.2006)
 documentluny_(at), Pretty Guestbook v1 (27.05.2006)
 documentluny_(at), Vacation Retal Script v1.0 (27.05.2006)
 documentluny_(at), Super Link Exchange Script v1.0 (27.05.2006)
 documentluny_(at), PHPSimple Choose v0.3 (27.05.2006)
 documentluny_(at), iBoutique.MALL - Directory Traversal (27.05.2006)
 documentmail_(at), Seditio Cross Site Scripting Vulnerability (27.05.2006)
 documentajannhwt_(at), Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities (27.05.2006)
 documentzerogue_(at), Assetman <= 2.4a XSS (27.05.2006)
 documentzerogue_(at), ByteHoard <= 2.1 multiple vulnerabilities (27.05.2006)
 documentzerogue_(at), PHP AGTC-Membership system <= v1.1a XSS (27.05.2006)
 documentzerogue_(at), PHPResidence <= 0.6 XSS (27.05.2006)
 documentbeford, Plume CMS Remote File Include (27.05.2006)
 documentblwood_(at), Multiple XSS Vulnerabilities in Tikiwiki 1.9.x (27.05.2006)
 documentajannhwt_(at), Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities (27.05.2006)
 documentAesthetico, [MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability (27.05.2006)
 documentajannhwt_(at), qjForum(member.asp) SQL Injection Vulnerability (27.05.2006)
 documentalp_eren_(at), phpjobboard Authecnical admin byPass (27.05.2006)
 documentajannhwt_(at), Toasts Forums 1.6.44 in Xss (27.05.2006)
 documentajannhwt_(at), Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities (27.05.2006)
 documentV8f3_(at), XSS in Monster Top List | MTL 1.4 (27.05.2006)
 documentbeford, Docebo LMS 2.05 Remote File Include (27.05.2006)
 documentSome One, XSS in Omegasoft's Insel (27.05.2006)
 documentbeford, V-Webmail 1.6.4 Remote File Include (27.05.2006)
 documentr0t, EVA-Web <=2.1.2 vuln. (27.05.2006)

GNU binutils libbfd buffer overflow
SecurityVulns ID:6195
Threat Level:
Description:Buffer overflow on TekHex (Tektronix Hex Format) parsing.
Affected:BINUTILS : binutils 2.16
Original documentdocumentOPENPKG, [OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils) (27.05.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod