Computer Security
[EN] securityvulns.ru no-pyccku


Lotus Domino DoS
Published:28.06.2006
Source:
SecurityVulns ID:6308
Type:remote
Threat Level:
6/10
Description:Invalid vCal meeting request causes 100% CPU utilization.
Original documentdocumentSYMANTEC, SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service (28.06.2006)

Quake 3 multiple vulnerabilities
Published:28.06.2006
Source:
SecurityVulns ID:6310
Type:client
Threat Level:
5/10
Description:Server can upload any file to client's home directory bypassing file sxtension limitations if Automatic Downalods function enable. Buffer overflow.
Affected:IDSOFTWARE : Quake 3 1.32
Original documentdocumentLuigi Auriemma, Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) (28.06.2006)
Files:Exploits Files and cvars overwriting in Quake 3 engine (patch to sv_client)
 Exploits Files and cvars overwriting in Quake 3 engine (patch to sv_init)
 Quake 3 Engine Client CS_ITEM Remote Stack Overflow Exploit

MailEnable DoS
Published:28.06.2006
Source:
SecurityVulns ID:6312
Type:remote
Threat Level:
5/10
Description:SMTP HELO command with non-ASCII character causes service to crash.
Files:Mailenable SMTP DoS exploit

libgd /libwmf graphics library infinite loop
Published:28.06.2006
Source:
SecurityVulns ID:6313
Type:library
Threat Level:
5/10
Description:Infinite loop in GIF data LZW decoding.
Affected:GD : libgd 2.0
 TETEX : tetex 3.0
 LIBWMF : libwmf 0.2
Original documentdocumentMANDRIVA, [Full-disclosure] [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability (28.06.2006)
 documentMANDRIVA, [Full-disclosure] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities (28.06.2006)
 documentMANDRIVA, [Full-disclosure] [ MDKSA-2006:112 ] - Updated gd packages fix DoS vulnerability. (28.06.2006)

Opera SSL certificate spofing
Published:28.06.2006
Source:
SecurityVulns ID:6315
Type:client
Threat Level:
5/10
Description:After file download dialog for SSL enabled site page is incorrectly shown as SSL protected with SSL certificate of downloaded file.
Affected:OPERA : Opera 8.54
Original documentdocumentSECUNIA, [SA19480] Opera SSL Certificate "Stealing" Weakness (28.06.2006)

Multiple Wireless Control System vulnerabilities
Published:28.06.2006
Source:
SecurityVulns ID:6316
Type:remote
Threat Level:
6/10
Description:Configuration access, unauthorized device access, crossite scripting.
Affected:CISCO : WCS 3.2
 CISCO : WCS 4.0
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System (28.06.2006)

CA Integrated Threat Management, eTrust Antivirus, eTrust PestPatrol format string vulnerability
updated since 28.06.2006
Published:29.06.2006
Source:
SecurityVulns ID:6311
Type:local
Threat Level:
5/10
Description:Format string bug in job description field.
Affected:CA : Integrated Threat Management 8
 CA : eTrust Antivirus 8
 CA : eTrust PestPatrol Anti-spyware 8
Original documentdocumentDeral Heiland, Layered Defense Advisory: Format String Vuln in CA eTrust (29.06.2006)
 documentDeral Heiland, [Full-disclosure] Layered Defense Advisory: Format String Vuln in CA eTrust (28.06.2006)
 documentCA, CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability (28.06.2006)

Multiple Microsoft Internet Explorer and Windows security vulnerabilities
updated since 28.06.2006
Published:09.08.2006
Source:
SecurityVulns ID:6314
Type:client
Threat Level:
7/10
Description:Cross-domain page content access, MSHTA code execution.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Internet Explorer 6.0
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 GOSURF : GoSuRF Browser 2.62
 FASTBROWSER : Fast Browser Pro 8.1
 ENIGMA : Enigma Browser 3.8
 NETCAPTOR : NetCaptor 4.5
 SLIMBROWSER : Slim Browser 4.07
 FINEBROWSER : FineBrowser 3.2
 PHASEOUT : PhaseOut 5.4
 MAXTHON : Maxthon 1.5
 GREENBROWSER : GreenBrowser 3.4
 MYWEB4NET : MYweb4net Browser 3.8
CVE:CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
 CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability.")
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) (08.08.2006)
 documentPlebo Aesdi Nael, IE_ONE_MINOR_ONE_MAJOR (28.06.2006)
Files:Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod