|
|
Colapse all |
Post message
SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata 2006-03-14 CS_Advisories Mailbox (CS_Advisories_Mailbox symantec com) High Risk Vulnerability in Microsoft Excel 2006-03-14 NGSSoftware Insight Security Research (nisr ngssoftware com) Peter Winter-Smith of NGSSoftware has discovered a high risk vulnerability in Microsoft Excel which may allow an remote attacker to execute arbitrary code on a user's system via the Internet Explorer Excel plugin. This issue has been resolved in the Microsoft bulletin MS06-012, which may be downloa [ more ] [ reply ] ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability 2006-03-14 zdi-disclosures 3com com ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-004.html March 14, 2006 -- CVE ID: CVE-2006-0028 -- Affected Vendor: Microsoft -- Affected Products: Office 2000 Office XP Office 2003 -- TippingPoint(TM) IPS Customer Protection: Tip [ more ] [ reply ] Re: histhost v1.0.0 xss and possible rmdir 2006-03-14 Steven M. Christey (coley mitre org) retard said: >as you see line 19 raises suspision of the possibility of rming 0777 >dirs i've tried it on on my personal server with no sucess, if someone >knows of a way let me know. According to the PHP manual, rmdir only works on empty directories. Did you try to remove an empty directory? - [ more ] [ reply ] [eVuln] CyBoards PHP Lite SQL Injection Vulnerability 2006-03-14 alex evuln com New eVuln Advisory: CyBoards PHP Lite SQL Injection Vulnerability http://evuln.com/vulns/91/summary.html --------------------Summary---------------- eVuln ID: EV0091 CVE: CVE-2006-1134 Software: CyBoards PHP Lite Sowtware's Web Site: http://www.gold-sonata.com/index.phtml?content=script/forums&menu [ more ] [ reply ] Linux zero IP ID vulnerability? 2006-03-14 Marco Ivaldi (raptor 0xdeadbeef info) Hello Bugtraq, I've recently stumbled upon an interesting behaviour of some Linux kernels that may be exploited by a remote attacker to abuse the ID field of IP packets, effectively bypassing the zero IP ID in DF packets countermeasure implemented since 2.4.8 (IIRC). This is the correct behaviour: [ more ] [ reply ] [SECURITY] [DSA 1000-1] New Apache2::Request packages fix denial of service 2006-03-14 joey infodrom org (Martin Schulze) [SECURITY] [DSA 1001-1] New crossfire packages fix arbitrary code execution 2006-03-14 Moritz Muehlenhoff (jmm inutil org) DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow' 2006-03-14 KF (lists) (kf_lists digitalmunition com) DMA[2006-0313a] - 'Apple OSX Mail.app RFC1740 Real Name Buffer Overflow' Author: Kevin Finisterre Vendor: http://www.apple.com/macosx/ Product: 'Mac OSX 10.4.5 with Security Update 2006-001' References: http://www.digitalmunition.com/DMA[2006-0313a].txt http://rfc.net/rfc1740.html http://cve.mitre [ more ] [ reply ] [SECURITY] [DSA 998-1] New libextractor packages fix several vulnerabilities 2006-03-14 joey infodrom org (Martin Schulze) [SECURITY] [DSA 999-1] New lurker packages fix several vulnerabilities 2006-03-14 joey infodrom org (Martin Schulze) [DRUPAL-SA-2006-004] Drupal 4.6.6 / 4.5.8 fixes mail header injection issue 2006-03-14 Uwe Hermann (uwe hermann-uwe de) [DRUPAL-SA-2006-003] Drupal 4.6.6 / 4.5.8 fixes session fixation issue 2006-03-14 Uwe Hermann (uwe hermann-uwe de) [DRUPAL-SA-2006-002] Drupal 4.6.6 / 4.5.8 fixes XSS issue 2006-03-14 Uwe Hermann (uwe hermann-uwe de) [DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue 2006-03-14 Uwe Hermann (uwe hermann-uwe de) [ MDKSA-2006:055 ] - Updated gnupg packages fix signature file verification vulnerability 2006-03-13 security mandriva com [SECURITY] [DSA 997-1] New bomberclone packages fix arbitrary code execution 2006-03-13 joey infodrom org (Martin Schulze) ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability 2006-03-13 zdi-disclosures 3com com ZDI-06-003: Ipswitch Collaboration Suite Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-06-003.html March 13, 2006 -- CVE ID: CVE-2005-3526 -- Affected Vendor: Ipswitch -- Affected Products: Ipswitch Collaboration Suite 2006.02 and below -- TippingPoint(TM) IPS Cust [ more ] [ reply ] Buffer Overflow and Installation Script Error in Firebird 1.5.3 2006-03-12 Joxean Koret (joxeankoret yahoo es) Hi to all! In the latest Firebird release (1.5.3) various security problems has been fixed. Attached goes an advisory about 2 of these. --- Joxean Koret ------------------------------------------------------------------------ --- Buffer Overflow and Installation Script Error in Firebird 1. [ more ] [ reply ] WMNews Cross Site Scripting 2006-03-12 exalibur33 gmail com ------------------------------------------------------------------------ ------------- WMNews Cross Site Scripting Site:http://wartamikael.org/PHPScripts/ Demo:http://www.scriptevi.com/files/demo/news/wmnews/ --------------------------------------------------- Credit : R00T3RR0R webpage:www.biyose [ more ] [ reply ] Secunia Research: Dwarf HTTP Server Source Disclosure andCross-Site Scripting 2006-03-13 Secunia Research (remove-vuln secunia com) Secunia Research: unalz Filename Handling Directory TraversalVulnerability 2006-03-13 Secunia Research (remove-vuln secunia com) [SECURITY] [DSA 993-2] New GnuPG packages fix broken signature check 2006-03-13 joey infodrom org (Martin Schulze) [SECURITY] [DSA 996-1] New Crypt::CBC packages fix cryptographic weakness 2006-03-13 joey infodrom org (Martin Schulze) Kerio MailServer bugfun 2006-03-13 Evgeny Legerov (research gleg net) Hi, It should be noted that ProtoVer Sample IMAP testsuite has been released with 3 unpublished bugs. Now it looks like that Kerio MailServer preauth bug has been fixed. Kerio MailServer 6.1.3 changelog: """ Version 6.1.3 Patch 1 - March 9, 2006 - Fixed possible crash when handling special craft [ more ] [ reply ] [eVuln] Vegas Forum SQL Injection Vulnerability 2006-03-13 alex evuln com New eVuln Advisory: Vegas Forum SQL Injection Vulnerability http://evuln.com/vulns/90/summary.html --------------------Summary---------------- eVuln ID: EV0090 CVE: CVE-2006-1020 Software: Vegas Forum Sowtware's Web Site: http://www.battlereports.com/downloads.php Versions: 1.0 Critical Level: Mode [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
Microsoft Excel Named Range Arbitrary Code Execution
Classification:
===============
Level: low-med-[HIGH]-crit
ID: HEXVIEW*2006*03*14*1
URL: http://www.hexview.com/docs/20060314-1.txt
References:
===============
[Originally published by fearwall on e
[ more ] [ reply ]