Lotus Domino DoS
Published:		28.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6308
Type:		remote
Level:		6/10
Description:		Invalid vCal meeting request causes 100% CPU utilization.

Original document

SYMANTEC, SYMSA-2006-006: Lotus Domino SMTP Based Denial of Service (28.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		28.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6309
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MYBB : MyBB 1.1
		CRISOFT : CrisoftRicette 1.0
		MFPIADAS : MF Piadas 1.0

Original document		CrAzY.CrAcKeR_(at)_hotmail.com, vCard PRO SQL Injection (28.06.2006)
		imei, [KAPDA]MyBB 1.1.4~function_post.php~XSS Attack In URL tag (28.06.2006)
		SECUNIA, [SA20781] GL-SH Deaf Forum show.php Cross-Site Scripting (28.06.2006)
		mac68k_(at)_gmail.com, [Kil13r-SA-20060628] Hanaro Search Cross-Site Scripting Vulnerability (28.06.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 10 ] MF Piadas 1.0 Remote File Include Vulnerability (28.06.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 11] SiteBar Cross-Site Scripting (28.06.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, phpvillage "funshow.php" SQL Injection (28.06.2006)
		CrAzY.CrAcKeR_(at)_hotmail.com, CrisoftRicette<<--1.0pre15b Remote File Inclusion (28.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

MailEnable DoS
Published:		28.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6312
Type:		remote
Level:		5/10
Description:		SMTP HELO command with non-ASCII character causes service to crash.

Files:		Mailenable SMTP DoS exploit
Discuss:		Read or add your comments to this news (0 comments)

Multiple Wireless Control System vulnerabilities
Published:		28.06.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6316
Type:		remote
Level:		6/10
Description:		Configuration access, unauthorized device access, crossite scripting.

Affected:		CISCO : WCS 3.2
		CISCO : WCS 4.0

Original document

CISCO, [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in Wireless Control System (28.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

libgd /libwmf graphics library infinite loop
Published:		28.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6313
Type:		library
Level:		5/10
Description:		Infinite loop in GIF data LZW decoding.

Affected:		GD : libgd 2.0
		TETEX : tetex 3.0
		LIBWMF : libwmf 0.2

Original document		MANDRIVA, [Full-disclosure] [ MDKSA-2006:114 ] - Updated libwmf packages fixes embedded GD vulnerability (28.06.2006)
		MANDRIVA, [Full-disclosure] [ MDKSA-2006:113 ] - Updated tetex packages fix embedded GD vulnerabilities (28.06.2006)
		MANDRIVA, [Full-disclosure] [ MDKSA-2006:112 ] - Updated gd packages fix DoS vulnerability. (28.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

Opera SSL certificate spofing
Published:		28.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6315
Type:		client
Level:		5/10
Description:		After file download dialog for SSL enabled site page is incorrectly shown as SSL protected with SSL certificate of downloaded file.

Affected:

OPERA : Opera 8.54

Original document

SECUNIA, [SA19480] Opera SSL Certificate "Stealing" Weakness (28.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

Quake 3 multiple vulnerabilities
Published:		28.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6310
Type:		client
Level:		5/10
Description:		Server can upload any file to client's home directory bypassing file sxtension limitations if Automatic Downalods function enable. Buffer overflow.

Affected:

IDSOFTWARE : Quake 3 1.32

Original document

Luigi Auriemma, Files and cvars overwriting in Quake 3 engine (1.32c / rev 803 / ...) (28.06.2006)

Files:		Exploits Files and cvars overwriting in Quake 3 engine (patch to sv_client)
		Exploits Files and cvars overwriting in Quake 3 engine (patch to sv_init)
		Quake 3 Engine Client CS_ITEM Remote Stack Overflow Exploit
Discuss:		Read or add your comments to this news (0 comments)

CA Integrated Threat Management, eTrust Antivirus, eTrust PestPatrol format string vulnerability updated since 28.06.2006
Published:		29.06.2006
Source:		BUGTRAQ
SecurityVulns ID:		6311
Type:		local
Level:		5/10
Description:		Format string bug in job description field.

Affected:		CA : Integrated Threat Management 8
		CA : eTrust Antivirus 8
		CA : eTrust PestPatrol Anti-spyware 8

Original document		Deral Heiland, Layered Defense Advisory: Format String Vuln in CA eTrust (29.06.2006)
		Deral Heiland, [Full-disclosure] Layered Defense Advisory: Format String Vuln in CA eTrust (28.06.2006)
		CA, CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability (28.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Microsoft Internet Explorer and Windows security vulnerabilities updated since 28.06.2006
Published:		09.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6314
Type:		client
Level:		7/10
Description:		Cross-domain page content access, MSHTA code execution.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Internet Explorer 6.0
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server
		GOSURF : GoSuRF Browser 2.62
		FASTBROWSER : Fast Browser Pro 8.1
		ENIGMA : Enigma Browser 3.8
		NETCAPTOR : NetCaptor 4.5
		SLIMBROWSER : Slim Browser 4.07
		FINEBROWSER : FineBrowser 3.2
		PHASEOUT : PhaseOut 5.4
		MAXTHON : Maxthon 1.5
		GREENBROWSER : GreenBrowser 3.4
		MYWEB4NET : MYweb4net Browser 3.8
CVE:		CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.)
		CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, aka "Redirect Cross-Domain Information Disclosure Vulnerability.")

Original document		MICROSOFT, Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398) (08.08.2006)
		Plebo Aesdi Nael, IE_ONE_MINOR_ONE_MAJOR (28.06.2006)

Files:		Microsoft Security Bulletin MS06-045 Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
Discuss:		Read or add your comments to this news (0 comments)