|
|
Colapse all |
Post message
[USN-257-1] tar vulnerability 2006-02-23 Martin Pitt (martin pitt canonical com) =========================================================== Ubuntu Security Notice USN-257-1 February 23, 2006 tar vulnerability CVE-2006-0300 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5 [ more ] [ reply ] Secunia Research: WinACE ARJ Archive Handling Buffer Overflow 2006-02-23 Secunia Research (remove-vuln secunia com) [eVuln] Teca Diary PE SQL Injection Vulnerability 2006-02-23 alex evuln com New eVuln Advisory: Teca Diary PE SQL Injection Vulnerability http://evuln.com/vulns/75/summary.html --------------------Summary---------------- eVuln ID: EV0075 CVE: CVE-2006-0729 Software: Teca Diary PE Sowtware's Web Site: http://www.teca-scripts.com Versions: 1.0 Critical Level: Moderate Type: [ more ] [ reply ] Secunia Research: Visnetic AntiVirus Plug-in for MailServerPrivilege Escalation 2006-02-23 Secunia Research (remove-vuln secunia com) NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability 2006-02-23 NSFOCUS Security Team (security nsfocus com) NSFOCUS Security Advisory (SA2006-01) Winamp m3u File Processing Buffer Overflow Vulnerability Release Date: 2006-02-23 CVE ID: CVE-2006-0720 http://www.nsfocus.com/english/homepage/research/0601.htm Affected systems & software =========================== Nullsoft Winamp 5.12 Nullsoft Winamp 5 [ more ] [ reply ] zoo contains exploitable buffer overflows 2006-02-23 Jean-Sébastien Guay-Leroux (jean-sebastien guay-leroux com) Re: Internet Explorer Phishing mouseover issue 2006-02-23 Steven M. Christey (coley mitre org) The "http-equiv" and "Gandalf" examples are very similar, but I think there might be some important distinctions. 1) The http-equiv example (CVE-2004-1104) uses a BASE tag with an href attribute. In the form, the A tag has an "href=" without a value. The value of the BASE HREF is displayed [ more ] [ reply ] DEF CON 14 is now in effect! The Call for Papers is open. 2006-02-23 The Dark Tangent (dtangent defcon org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 W00t! DEF CON 14 is now in effect! The Call for Papers is open. This is a short announcement to let everyone know that we are opening the call for papers for DEFCON 14 - the annual gathering of subversive computer folks. Earlier submissions are given [ more ] [ reply ] [ MDKSA-2006:045 ] - Updated MySQL packages fix temporary file vulnerability 2006-02-22 security mandriva com Re: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module 2006-02-22 Matt Van Gundy (matt shekinahstudios com) -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Benjamin R. Ginter wrote: > Just out of curiosity, is there a reason why you did not specify which > backends are vulnerable? My apologies... The advisory specifically applies to the DB and LDAP Auth Containers. Both of which are exploitable. No [ more ] [ reply ] Multiple Injection Vulnerabilities in PHP PEAR::Auth Module 2006-02-22 Matt Van Gundy (matt shekinahstudios com) (1 replies) PRODUCT: PEAR::Auth Authentication Module Package http://pear.php.net/package/Auth VERSIONS AFFECTED: All versions < 1.2.4 1.3 series < 1.3.0r4 DESCRIPTION: Multiple injection vulnerabilities exist in the PEAR::Auth module. Some of the PEAR::Auth Container back ends do not [ more ] [ reply ] Re: Multiple Injection Vulnerabilities in PHP PEAR::Auth Module 2006-02-22 Benjamin R. Ginter (bginter ndevtech net) [SECURITY] [DSA 980-1] New tutos packages fix multiple vulnerabilities 2006-02-22 Michael Stone (mstone klecker debian org) [INetCop Security Advisory] Global Hauri Virobot cookie exploit 2006-02-22 dong-hun you (xploit hackermail com) ======================================== INetCop Security Advisory #2006-0x82-028 ======================================== * Title: Global Hauri Virobot cookie exploit 0x01. Description Virobot Unix/Linux Server is anti virus program that develop in Global Hauri. (Product in Unix of SUN Sp [ more ] [ reply ] Mozilla Thunderbird : Remote Code Execution & Denial of Service 2006-02-22 Renaud Lifchitz (r lifchitz sysdream com) South River WebDrive Buffer Overflow Vulnerability 2006-02-22 Adrian Castro (acastro linuxquestions net) [KAPDA::#29]Noah's classifieds multiple vulnerabilities 2006-02-22 alireza hassani (trueend5 yahoo com) KAPDA New advisory Vendor: http://classifieds.phpoutsourcing.com Vulnerable: Noah`s classifieds 1.3 and below (classifieds component for mambo also may be affected) Bug: Path Disclosure,Sql Injection,XSS,Local file inclusion,Remote code execution Exploitation: Remote with browser Exploit:avail [ more ] [ reply ] IpSwitch WhatsUp Professional 2006 DoS 2006-02-22 Josh Zlatin (jzlatin ramat cc) Synopsis: IPSwitch WhatsUp Professional 2006 DoS Flaw Product: IPSwitch WhatsUp http://www.ipswitch.com Version: Confirmed on WhatsUp Professional 2006 Author: Josh Zlatin-Amishav Date: February 22, 2006 Background: WhatsUp Professional 2006 is application and network management that [ more ] [ reply ] IRM 017: Multiple Vulnerabilities in Infovista Portal SE 2006-02-22 Advisories (advisories irmplc com) ---------------------------------------------------------------------- IRM Security Advisory No. 017 Multiple Vulnerabilities in Infovista Portal SE Vulnerability Type / Importance: Directory Traversal / High Information Leakage / Low Problem Discovered: January 20th 2006 Vendor Contacted: [ more ] [ reply ] |
|
Privacy Statement |
http://www.zerodayinitiative.com/advisories/ZDI-06-002.html
February 23, 2006
-- CVE ID:
CVE-2005-3525
-- Affected Vendor:
Adobe Macromedia
-- Affected Products:
Macromedia Shockwave Installer
-- TippingPoint(TM) IPS Customer Protection:
Tipp
[ more ] [ reply ]