Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Internet Explorer memory corruption
updated since 23.04.2006
Published:28.04.2006
Source:
SecurityVulns ID:6039
Type:client
Threat Level:
8/10
Description:Uninitialized pointer dereference on OBJECT tag processing. Can be used for hidden malware installation.
Affected:MICROSOFT : Internet Explorer 6.0
Original documentdocumentSECUNIA, [Full-disclosure] MSIE Nested Object Vulnerability Is Exploitable (28.04.2006)
 documentMatthew Murphy, Re: [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability (23.04.2006)
 documentMichal Zalewski, [Full-disclosure] MSIE (mshtml.dll) OBJECT tag vulnerability (23.04.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.04.2006
Source:
SecurityVulns ID:6065
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Power Board 2.1
 KMAIL : Kmail 2.3
 OPENWEBMAIL : Open WebMail 2.51
 NEOCROME : Land Down Under 802
 JAX : Jax Guestbook 3.41
 PHEX : Phex 2.8
 NETWORKADMINISTR : Network Administration Visualized 3.0
 TRAC : Trac Wiki 0.9
CVE:CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message.)
Original documentdocumentoutlaw_(at)_aria-security.net, Cireos Portal Cross Site Scripting (28.04.2006)
 documentSECUNIA, [SA19870] Trac Wiki Macro Script Insertion Vulnerability (28.04.2006)
 documentSECUNIA, [SA19849] Network Administration Visualized SQL Injection Vulnerability (28.04.2006)
 documentSECUNIA, [SA19824] Phex Chat Request Handling Weakness (28.04.2006)
 documentSECUNIA, [SA19843] Jax Guestbook "page" Cross-Site Scripting Vulnerability (28.04.2006)
 documentAdvisory_(at)_Aria-Security.net, Land Down Under 802 and below version Path Disclosure Vulnerability (28.04.2006)
 documentsatanchild123_(at)_hotmail.com, SQL injection exploit IPB <= 2.1.4 (28.04.2006)
 documentr0t, Kmail <=2.3 vuln. (28.04.2006)
 documentr0t, Open WebMail <=2.51 XSS vuln. (28.04.2006)
Files:Invision Power Board 2.* commands execution exploit
 Invision Power Board 2.1.5 POC

BL4 SMTP server buffer overflow
Published:28.04.2006
Source:
SecurityVulns ID:6067
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized command.
Affected:BL4 : BL4 SMTP server 0.1
Original documentdocumentdedi dwianto, BL4's SMTP server BufferOverflow Vulnerable (28.04.2006)
Files:Exploits BL4's SMTP server Remote DOS

Océ 3121 printer DoS
Published:28.04.2006
Source:
SecurityVulns ID:6068
Type:remote
Threat Level:
5/10
Affected:OCE : Oce 3121
 OCE : Oce 3122
Files:OCE 3121/3122 Printer DoS Exploit

SWS web server format string security vulnerability
Published:28.04.2006
Source:
SecurityVulns ID:6069
Type:remote
Threat Level:
5/10
Description:Few different format string bugs.
Affected:SWSWEBSERVER : Sws Web Server 0.1
Original documentdocumentdedi dwianto, [ECHO_ADV_31$2006] Sws Web Server 0.1.7 Strcpy() & Syslog() Format String Vulnerability (28.04.2006)

WinAgents FTFP Server directory traversal
Published:28.04.2006
Source:
SecurityVulns ID:6070
Type:remote
Threat Level:
5/10
Description:Directory traversal on GET command processing.
Affected:WINAGENTS : WinAgents TFTP Server 3.1
Original documentdocumentSECUNIA, [SA19844] WinAgents TFTP Server Directory Traversal Vulnerability (28.04.2006)

Linux / FreeBSD kernel SMBFS/CIFSFS chroot restriction bypass
updated since 28.04.2006
Published:02.06.2006
Source:
SecurityVulns ID:6071
Type:local
Threat Level:
6/10
Description:It's possible to traverse chroot directory.
Affected:LINUX : kernel 2.6
 FREEBSD : FreeBSD 4.10
 FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 4.11
 FREEBSD : FreeBSD 6.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs (02.06.2006)
 documentSECUNIA, [SA19868] Linux Kernel CIFS chroot Directory Traversal Vulnerability (28.04.2006)
 documentSECUNIA, [SA19869] Linux Kernel SMBFS chroot Directory Traversal Vulnerability (28.04.2006)

ISO images extracting software directory traversal
updated since 28.04.2006
Published:19.09.2007
Source:
SecurityVulns ID:6066
Type:local
Threat Level:
5/10
Description:Directory traversal whiel extracting directory from ISO image.
Affected:WINISO : WinISO 5.3
 ULTRAISO : UltraISO 8.0
 MAGICISO : Magic ISO 5.0
 POWERISO : PowerISO 2.9
 WINIMAGE : WinImage 8.10
Original documentdocumentj00ru.vx_(at)_gmail.com, WinImage 8.10 vulnerabilities (19.09.2007)
 documentSowhat ., [Full-disclosure] WinISO/UltraISO/MagicISO/PowerISO Directory Traversal Vulnerability (28.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod