Cisco VPN client for Windows privilege escalation updated since 25.05.2006
Published:		28.07.2006
Source:		BUGTRAQ
SecurityVulns ID:		6183
Type:		local
Level:		6/10
Description:		Privilege escalation with help subsystem.

Affected:		CISCO : Cisco VPN Client for Windows 4.8
		CISCO : Cisco VPN Client for Windows 4.7

Original document		CISCO, [Full-disclosure] Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability (28.07.2006)
		CISCO, Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability (25.05.2006)

Discuss:

Read or add your comments to this news (0 comments)

ISS RealSecure / BlackICE DoS
Published:		28.07.2006
Source:		BUGTRAQ
SecurityVulns ID:		6419
Type:		remote
Level:		6/10
Description:		Bug in SMB_MailSlot_Heap_Overflow (MS06-035/KB917159) vulnerability attack detection leads to 100% CPU usage.

Affected:		ISS : RealSecure Server Sensor 7.0
		ISS : Proventia A
		ISS : Proventia G
		ISS : Proventia M
		ISS : BlackICE PC Protection 3.6
		ISS : RealSecure Desktop 7.0
		ISS : RealSecure Network 7.0
		ISS : Proventia Server 1.0
		ISS : Proventia Desktop 8.0
		ISS : BlackICE Server Protection 3.6

Original document

NSFOCUS, NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability (28.07.2006)

Discuss:

Read or add your comments to this news (0 comments)

InterActual Player ActiveX buffer overflow
Published:		28.07.2006
Source:		SECUNIA
SecurityVulns ID:		6424
Type:		client
Level:		5/10
Description:		Buffer overflow in ITIRecorder.MicRecorder control.

Affected:

INTERACTUAL : InterActual Player 2.6

Original document

SECUNIA, [SA20845] InterActual Player ActiveX Control Buffer Overflow (28.07.2006)

Discuss:

Read or add your comments to this news (0 comments)

Symantec Brightmail AntiSpam multiple security vulnerabilities
Published:		28.07.2006
Source:		SECUNIA
SecurityVulns ID:		6425
Type:		remote
Level:		5/10
Description:		It's possible to DoS system and access system files if control center access is enabled from any computer.

Affected:

SYMANTEC : Brightmail AntiSpam 6.0

Original document

SECUNIA, [SA21223] Symantec Brightmail AntiSpam Multiple Vulnerabilities (28.07.2006)

Discuss:

Read or add your comments to this news (0 comments)

Yahoo Messenger instant messenger agent DoS updated since 22.06.2006
Published:		28.07.2006
Source:		IVANIVAN
SecurityVulns ID:		6281
Type:		remote
Level:		6/10
Description:		Application crashes on message with malformed link. Vulnerability is known to be used in-the-wild.

Affected:		YAHOO : Yahoo Messenger 7.0
		YAHOO : Yahoo Messenger 7.5

Original document		Ivan Ivan, Yahoo messenger bug (28.07.2006)
		Ivan Ivan, Yahoo messenger bug (28.07.2006)
		Ivan Ivan, Yahoo messenger bug (22.06.2006)

Discuss:

Read or add your comments to this news (0 comments)

Winlpd buffer overflow
Published:		28.07.2006
Source:		BUGTRAQ
SecurityVulns ID:		6422
Type:		remote
Level:		5/10
Description:		Buffer overflow on LPR (TCP/515) request handling.

Affected:

WINLPD : Winlpd 1.26

Original document

Meftun_(at)_MeftunNet.Com, Buffer Overflow Vulnerability in Winlpd (28.07.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		28.07.2006
Source:
SecurityVulns ID:		6423
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHORUM : Phorum 5.1
		MAMBO : a6mambohelpdesk 18
		GEOCLASSIFIEDS : GeoClassifieds Enterprise 2.0
		MTTKEPHP : MttKe-php 2.6

Original document		R0t-K33Y_(at)_hotmail.com, Xss in MttKe-php v2.6 (28.07.2006)
		Meftun_(at)_MeftunNet.Com, Cross-Site Scripting and Local File Inclusion in Phorum (28.07.2006)
		securityconnection_(at)_gmail.com, GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting (28.07.2006)
		dr.jr7_(at)_hotmail.com, a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability (28.07.2006)

Discuss:

Read or add your comments to this news (0 comments)

Apache mod_rewrite buffer overflow updated since 28.07.2006
Published:		21.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6420
Type:		remote
Level:		5/10
Description:		Off-by-one overflow on mod_rewrite LDAP schema if "RewriteEngine on".

Affected:

APACHE : Apache 2.0

Original document		Jacobo Avariento, POC & exploit for Apache mod_rewrite off-by-one (21.08.2006)
		APACHE, [Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released (28.07.2006)
		UBUNTU, [Full-disclosure] [USN-328-1] Apache vulnerability (28.07.2006)

Files:		Exploit for Apache mod_rewrite off-by-one(Win32)
		apache mod rewrite exploit (win32)
		Exploit for Apache mod_rewrite off-by-one
Discuss:		Read or add your comments to this news (0 comments)

Heartbeat claster software multiple DoS conditions updated since 28.07.2006
Published:		31.07.2007
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6421
Type:		remote
Level:		5/10
Description:		shmget shared memory section call weak permissions. remote DoS on heartbeat network messages parsing.

Affected:		HEARTBEAT : Heartbeat 1.2
		HEARTBEAT : Heartbeat 2.0
		BLUECATNETWORKS : Adonis 5.0
CVE:		CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.)
		CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.)

Original document		anonymous.c7ffa4057a_(at)_anonymousspeech.com, TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability (31.07.2007)
		Nash Leon, [Full-disclosure] Heartbeat Shared Memory - Local Denial of Service Exploit (28.07.2006)

Files:		Exploits Heartbeat < 2.0.6 Insecure Shared Memory - Local Denial of Service
Discuss:		Read or add your comments to this news (0 comments)