Computer Security
[EN] securityvulns.ru
no-pyccku



Multiple Microsoft Internet Explorer security vulnerabilities
updated since 22.03.2006
Published:27.05.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:5923
Type:client
Level:9/10
Description:Jump to ininitialized function pointer by referencing unspupported object's method (createTextRange() for checkbox). Potentially can be used for code execution and hidden malware installation. Memory corruption on uninitialized event handlers. HTA code execution. HTML parsing memory corrution. COM objects memory corruption. Crossite scripting.
Affected:MICROSOFT : Internet Explorer 6.0
Original documentdocumentThomas Waldegger, [BuHa-Security] DoS Vulnerability in MS IE 6 SP2 (27.05.2006)
 documentThomas Waldegger, [BuHa-Security] MS06-013: HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2 (27.05.2006)
 documentThomas Waldegger, [BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 (13.04.2006)
 documentSowhat ., [Full-disclosure] Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability (12.04.2006)
 documentX-FORCE, ISS Protection Bried: ie_patch_ms_06-13 (12.04.2006)
 documentSowhat ., Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability (12.04.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-101A -- Microsoft Windows and Internet Explorer Vulnerabilities (12.04.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812) (11.04.2006)
 documentDetermina Secure, Determina Fix for CVE-2006-1359 (Zero Day MS Internet Explorer Remote "CreateTextRange()" Code Execution) (29.03.2006)
 documentEEYE, [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerability (28.03.2006)
 documentH D Moore, [Full-disclosure] Fun with DHTML (23.03.2006)
 documentSECUNIA, [SA18680] Microsoft Internet Explorer "createTextRange()" Code Execution (22.03.2006)
 documentComputer Terrorism (UK) :: Incident Response Centre, [Full-disclosure] Microsoft Internet Explorer (mshtml.dll) - Remote Code Execution (22.03.2006)
 documentStelian Ene, [Full-disclosure] IE crash (22.03.2006)
Files:Exploits Internet Explorer uninitialized object action function pointer vulnerability (crash)
 This module exploits a vulnerability in Internet Explorer's setTextRange on a checkbox
 Internet Explorer Remote Code Execution Exploit v 0.1
 Internet Explorer "createTextRang" Download Shellcoded Exploit
 Exploits HTML Tag Memory Corruption Vulnerability in MS IE 6 SP2
 Common DHTML implementation flaws via method and property fuzzing
 Microsoft Security Bulletin MS06-013 Cumulative Security Update for Internet Explorer (912812)
 Temporary workaround for IE createTextRange vulnerability
 Determina Fix for CVE-2006-1359
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.05.2006
Source:
SecurityVulns ID:6194
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:TIKIWIKI : tikiwiki 1.9
 PLUMECMS : Plume CMS 1.0
 VWEBMAIL : V-Webmail 1.6
 TOASTFORUMS : Toast Forums 1.6
 EVAWEB : EVA-Web 2.1
 DOCEBO : Docebo LMS 2.05
 MONSTERTOPLIST : Monster Top List 1.4
 EASYCONTENT : Easy-Content Forums 1.0
 SOCKETMAIL : Socketmail 2.2
 TAMBER : Tamber Forum 1.9
 PHPRESIDENCE : PHPResidence 0.6
 AGTC : PHP AGTC-Membership system 1.1
 BYTEHOARD : bytehoard 2.1
 ASSETMAN : AssetMan 2.4
 PHPSIMPLECHOOSE : PHPSimple Choose 0.3
 SUPERLINKEXCHANG : Super Link Exchange 1.0
 VACATIONRETAL : Vacation Retal Script 1.0
 PRETTYGUESTBOOK : Pretty Guestbook 1
 SMILEGUESTBOOK : Smile Guestbook 1
 MORRISGUESTBOOK : Morris Guestbook 1
CVE:CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin.php with adminop=job-edit.)
Original documentdocumentVympel, [Full-disclosure] ZH2006-20 SA: CosmicShoppingCart Multiple Vulnerabilities (27.05.2006)
 documentluny_(at)_youfucktard.com, Morris Guestbook v1 (27.05.2006)
 documentluny_(at)_youfucktard.com, Smile Guestbook v1 (27.05.2006)
 documentluny_(at)_youfucktard.com, Pretty Guestbook v1 (27.05.2006)
 documentluny_(at)_youfucktard.com, Vacation Retal Script v1.0 (27.05.2006)
 documentluny_(at)_youfucktard.com, Super Link Exchange Script v1.0 (27.05.2006)
 documentluny_(at)_youfucktard.com, PHPSimple Choose v0.3 (27.05.2006)
 documentluny_(at)_youfucktard.com, iBoutique.MALL - Directory Traversal (27.05.2006)
 documentmail_(at)_yunusemreyilmaz.com, Seditio Cross Site Scripting Vulnerability (27.05.2006)
 documentajannhwt_(at)_hotmail.com, Easy-Content Forums 1.0 Multiple [SQL/XSS] Vulnerabilities (27.05.2006)
 documentzerogue_(at)_gmail.com, Assetman <= 2.4a XSS (27.05.2006)
 documentzerogue_(at)_gmail.com, ByteHoard <= 2.1 multiple vulnerabilities (27.05.2006)
 documentzerogue_(at)_gmail.com, PHP AGTC-Membership system <= v1.1a XSS (27.05.2006)
 documentzerogue_(at)_gmail.com, PHPResidence <= 0.6 XSS (27.05.2006)
 documentbeford, Plume CMS Remote File Include (27.05.2006)
 documentblwood_(at)_skynet.be, Multiple XSS Vulnerabilities in Tikiwiki 1.9.x (27.05.2006)
 documentajannhwt_(at)_hotmail.com, Tamber Forum <= 1.9.13 Multiple SQL Injection Vulnerabilities (27.05.2006)
 documentAesthetico, [MajorSecurity #6]Socketmail <= 2.2.6 - Remote File Include Vulnerability (27.05.2006)
 documentajannhwt_(at)_hotmail.com, qjForum(member.asp) SQL Injection Vulnerability (27.05.2006)
 documentalp_eren_(at)_ayyildiz.org, phpjobboard Authecnical admin byPass (27.05.2006)
 documentajannhwt_(at)_hotmail.com, Toasts Forums 1.6.44 in Xss (27.05.2006)
 documentajannhwt_(at)_hotmail.com, Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities (27.05.2006)
 documentV8f3_(at)_hotmail.com, XSS in Monster Top List | MTL 1.4 (27.05.2006)
 documentbeford, Docebo LMS 2.05 Remote File Include (27.05.2006)
 documentSome One, XSS in Omegasoft's Insel (27.05.2006)
 documentbeford, V-Webmail 1.6.4 Remote File Include (27.05.2006)
 documentr0t, EVA-Web <=2.1.2 vuln. (27.05.2006)
Discuss:Read or add your comments to this news (0 comments)

GNU binutils libbfd buffer overflow
Published:27.05.2006
Source:BUGTRAQ
SecurityVulns ID:6195
Type:library
Level:5/10
Description:Buffer overflow on TekHex (Tektronix Hex Format) parsing.
Affected:BINUTILS : binutils 2.16
Original documentdocumentOPENPKG, [OpenPKG-SA-2006.009] OpenPKG Security Advisory (binutils) (27.05.2006)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru