Computer Security
[EN] securityvulns.ru no-pyccku


ISS RealSecure / BlackICE DoS
Published:28.07.2006
Source:
SecurityVulns ID:6419
Type:remote
Threat Level:
6/10
Description:Bug in SMB_MailSlot_Heap_Overflow (MS06-035/KB917159) vulnerability attack detection leads to 100% CPU usage.
Affected:ISS : RealSecure Server Sensor 7.0
 ISS : Proventia A
 ISS : Proventia G
 ISS : Proventia M
 ISS : BlackICE PC Protection 3.6
 ISS : RealSecure Desktop 7.0
 ISS : RealSecure Network 7.0
 ISS : Proventia Server 1.0
 ISS : Proventia Desktop 8.0
 ISS : BlackICE Server Protection 3.6
Original documentdocumentNSFOCUS, NSFOCUS SA2006-07 : ISS RealSecure/BlackICE MailSlot Heap Overflow Detection Remote DoS Vulnerability (28.07.2006)

Winlpd buffer overflow
Published:28.07.2006
Source:
SecurityVulns ID:6422
Type:remote
Threat Level:
5/10
Description:Buffer overflow on LPR (TCP/515) request handling.
Affected:WINLPD : Winlpd 1.26
Original documentdocumentMeftun_(at)_MeftunNet.Com, Buffer Overflow Vulnerability in Winlpd (28.07.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.07.2006
Source:
SecurityVulns ID:6423
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHORUM : Phorum 5.1
 MAMBO : a6mambohelpdesk 18
 GEOCLASSIFIEDS : GeoClassifieds Enterprise 2.0
 MTTKEPHP : MttKe-php 2.6
Original documentdocumentR0t-K33Y_(at)_hotmail.com, Xss in MttKe-php v2.6 (28.07.2006)
 documentMeftun_(at)_MeftunNet.Com, Cross-Site Scripting and Local File Inclusion in Phorum (28.07.2006)
 documentsecurityconnection_(at)_gmail.com, GeoClassifieds Enterprise <= 2.0.5.2 Cross Site Scripting (28.07.2006)
 documentdr.jr7_(at)_hotmail.com, a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability (28.07.2006)

InterActual Player ActiveX buffer overflow
Published:28.07.2006
Source:
SecurityVulns ID:6424
Type:client
Threat Level:
5/10
Description:Buffer overflow in ITIRecorder.MicRecorder control.
Affected:INTERACTUAL : InterActual Player 2.6
Original documentdocumentSECUNIA, [SA20845] InterActual Player ActiveX Control Buffer Overflow (28.07.2006)

Symantec Brightmail AntiSpam multiple security vulnerabilities
Published:28.07.2006
Source:
SecurityVulns ID:6425
Type:remote
Threat Level:
5/10
Description:It's possible to DoS system and access system files if control center access is enabled from any computer.
Affected:SYMANTEC : Brightmail AntiSpam 6.0
Original documentdocumentSECUNIA, [SA21223] Symantec Brightmail AntiSpam Multiple Vulnerabilities (28.07.2006)

Cisco VPN client for Windows privilege escalation
updated since 25.05.2006
Published:28.07.2006
Source:
SecurityVulns ID:6183
Type:local
Threat Level:
6/10
Description:Privilege escalation with help subsystem.
Affected:CISCO : Cisco VPN Client for Windows 4.8
 CISCO : Cisco VPN Client for Windows 4.7
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability (28.07.2006)
 documentCISCO, Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability (25.05.2006)

Yahoo Messenger instant messenger agent DoS
updated since 22.06.2006
Published:28.07.2006
Source:
SecurityVulns ID:6281
Type:remote
Threat Level:
6/10
Description:Application crashes on message with malformed link. Vulnerability is known to be used in-the-wild.
Affected:YAHOO : Yahoo Messenger 7.0
 YAHOO : Yahoo Messenger 7.5
Original documentdocumentIvan Ivan, Yahoo messenger bug (28.07.2006)
 documentIvan Ivan, Yahoo messenger bug (28.07.2006)
 documentIvan Ivan, Yahoo messenger bug (22.06.2006)

Apache mod_rewrite buffer overflow
updated since 28.07.2006
Published:21.08.2006
Source:
SecurityVulns ID:6420
Type:remote
Threat Level:
5/10
Description:Off-by-one overflow on mod_rewrite LDAP schema if "RewriteEngine on".
Affected:APACHE : Apache 2.0
Original documentdocumentJacobo Avariento, POC & exploit for Apache mod_rewrite off-by-one (21.08.2006)
 documentAPACHE, [Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released (28.07.2006)
 documentUBUNTU, [Full-disclosure] [USN-328-1] Apache vulnerability (28.07.2006)
Files:Exploit for Apache mod_rewrite off-by-one
 Exploit for Apache mod_rewrite off-by-one(Win32)
 apache mod rewrite exploit (win32)

Heartbeat claster software multiple DoS conditions
updated since 28.07.2006
Published:31.07.2007
Source:
SecurityVulns ID:6421
Type:remote
Threat Level:
5/10
Description:shmget shared memory section call weak permissions. remote DoS on heartbeat network messages parsing.
Affected:HEARTBEAT : Heartbeat 1.2
 HEARTBEAT : Heartbeat 2.0
 BLUECATNETWORKS : Adonis 5.0
CVE:CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.)
 CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.)
Original documentdocumentanonymous.c7ffa4057a_(at)_anonymousspeech.com, TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability (31.07.2007)
 documentNash Leon, [Full-disclosure] Heartbeat Shared Memory - Local Denial of Service Exploit (28.07.2006)
Files:Exploits Heartbeat < 2.0.6 Insecure Shared Memory - Local Denial of Service

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod