Section: .. / 0608-advisories /
| /// File Name: |
mambojoomlaSQL.txt |
Description:
|
Mambo 4.6 RC2 and Joomla 1.0.10 both suffer from SQL injection flaws.
| | Author: | Omid | | Homepage: | http://www.hackers.ir | | File Size: | 1966 | | Last Modified: | Aug 28 01:13:12 2006 |
| MD5 Checksum: | 5cb9da76d33775026da51c47f899db64 |
|
| /// File Name: |
firefox15.txt |
Description:
|
Stacking multiple CSS style attributes across span tags leads to a race condition which can result in denial of service or arbitrary code execution in Mozilla Firefox versions 1.5 and below.
| | Author: | Andrew A | | File Size: | 1962 | | Last Modified: | Aug 17 01:26:12 2006 |
| MD5 Checksum: | 6b4f736094545aa6899ccb46f6cfddc0 |
|
| /// File Name: |
ciscoNAC.txt |
Description:
|
The Cisco NAC appliance (formerly Cisco Clean Access) versions 3.6.4.1 and below suffer from an agent installation bypass vulnerability.
| | Author: | Andreas Gal, Joachim Feise | | Homepage: | http://www.andreasgal.com/ | | File Size: | 1949 | | Last Modified: | Aug 28 01:19:16 2006 |
| MD5 Checksum: | 8b5a155e79f4f94be717183e6022d671 |
|
| /// File Name: |
vnc412.txt |
Description:
|
RealVNC 4.1.2 appears susceptible to a denial of service condition due to an integer overflow.
| | Author: | Niall FitzGibbon | | File Size: | 1933 | | Last Modified: | Aug 27 16:46:02 2006 |
| MD5 Checksum: | 94909118dd3cbaa534653e4798a01ab0 |
|
| /// File Name: |
sa21599.txt |
Description:
|
Secunia Security Advisory - Gentoo has issued an update for fbida. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
| | Homepage: | http://secunia.com/advisories/21599/ | | File Size: | 1931 | | Last Modified: | Aug 26 20:18:48 2006 |
| MD5 Checksum: | 47838cb4706c75c03c05d653cfcba397 |
|
| /// File Name: |
imsgiheap.txt |
Description:
|
ImageMagick versions 6.2.8 and below suffer from a heap overflow in ReadSGIImage().
| | Author: | Damian Put | | Homepage: | http://www.overflow.pl/ | | File Size: | 1797 | | Last Modified: | Aug 27 00:44:38 2006 |
| MD5 Checksum: | 4543fb0874a95e128b1f8644b01981a3 |
|
| /// File Name: |
simpliciti.txt |
Description:
|
The Simpliciti Locked Browser interface jail can be broken out of using simple JavaScript.
| | Author: | Adam Baldwin | | File Size: | 1742 | | Last Modified: | Aug 17 03:46:01 2006 |
| MD5 Checksum: | 4d9ca9d16641499a22cd566d75ad69ee |
|
| /// File Name: |
matousec-2006-08-15.01.txt |
Description:
|
Norton protects its own registry keys against actions of other applications. This protection can be bypassed for registry key 'HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners' using API functions RegSaveKey and RegRestoreKey.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00010P002NF.zip | | File Size: | 1512 | | Last Modified: | Aug 27 01:49:02 2006 |
| MD5 Checksum: | 924649c96d9c7fba48c2884fbddd3474 |
|
| /// File Name: |
pandaXSS.txt |
Description:
|
Panda ActiveScan contains a flaw that allows for remote cross site scripting attacks. This flaw exists because the application does not validate the 'email' variable upon submission to the ascan_6.asp script. Version 5.53.00 is affected.
| | Author: | Lostmon | | Homepage: | http://lostmon.blogspot.com/ | | File Size: | 1497 | | Last Modified: | Aug 26 20:45:12 2006 |
| MD5 Checksum: | 6941389ffde83c99c29eea0ce3c5c542 |
|
| /// File Name: |
deluxeBBflaws.txt |
Description:
|
DeluxeBB version 1.08 suffers from cross site scripting, cookie manipulation, and login bypass flaws.
| | Author: | Attila Gerendi | | File Size: | 1488 | | Last Modified: | Aug 18 01:07:32 2006 |
| MD5 Checksum: | 34e20e55a51d927192d320ee3169c491 |
|
| /// File Name: |
DoS_ADV_2Wire.txt |
Description:
|
The 2wire Gateway User Interface suffers from a denial of service condition.
| | Author: | Preth00nker | | Homepage: | http://mexhackteam.org/ | | File Size: | 1486 | | Last Modified: | Aug 27 16:58:51 2006 |
| MD5 Checksum: | c0ad30f38e01bf57080f7cdf8f782d01 |
|
| /// File Name: |
matousec-2006-08-01.01.txt |
Description:
|
BlackICE does not protect pamversion.dll in its installation directory and because component protection fails to protect BlackICE processes this can be misused to inject a fake DLL into BlackICE service.
| | Author: | David Matousek | | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00022P003BI.zip | | File Size: | 1362 | | Last Modified: | Aug 17 02:52:10 2006 |
| MD5 Checksum: | fe3a3cd445bb27934c54e20e07762847 |
|
| /// File Name: |
adv06-chaosgb.txt |
Description:
|
GaesteChaos versions 0.2 and below suffer from SQL injection and cross site scripting vulnerabilities.
| | Author: | Tamriel | | File Size: | 1333 | | Last Modified: | Aug 17 05:09:47 2006 |
| MD5 Checksum: | 212e3fe99d5b78073086556f5b6bb59f |
|
| /// File Name: |
advisory-407.txt |
Description:
|
Joomla! CMS versions 1.0.10 suffers from a logic weakness that allows voting without restrictions.
| | Author: | trueend5 | | Homepage: | http://www.kapda.ir/ | | File Size: | 1332 | | Last Modified: | Aug 27 15:27:05 2006 |
| MD5 Checksum: | d0679238d8f16456dc4db5516b430bc5 |
|
| /// File Name: |
XSec-06-06.txt |
Description:
|
A vulnerability has been found in Internet Explorer 6.0 on Microsoft Windows 2003. When Internet Explorer tries to instantiate the tsuserex.dll (Terminal Services) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 1316 | | Last Modified: | Aug 27 14:41:16 2006 |
| MD5 Checksum: | 7784e51aae64059801302e2adbb43d2f |
|
| /// File Name: |
XSec-06-10.txt |
Description:
|
An invalid memory write in Internet Explorer may lead to a denial of service condition or execution of arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 1288 | | Last Modified: | Aug 28 23:03:33 2006 |
| MD5 Checksum: | d4f58ef069ccf8ef892bedfc0d937e92 |
|
| /// File Name: |
XSec-06-02.txt |
Description:
|
A vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the IMSKDIC.DLL (Microsoft IME) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 1272 | | Last Modified: | Aug 27 01:59:48 2006 |
| MD5 Checksum: | 1bab1fcfb3b939144ed6596c3d47df2f |
|
| /// File Name: |
mshelpExec.txt |
Description:
|
Multiple remote code execution and denial of service vulnerabilities exist in Microsoft Help (WINHLP32.EXE) due to a file handling issue.
| | Author: | Benjamin Tobias Franz | | File Size: | 1264 | | Last Modified: | Aug 26 23:05:52 2006 |
| MD5 Checksum: | ffe5b850b153c0a263d1d7d760c62c92 |
|
| /// File Name: |
XSec-06-04.txt |
Description:
|
A vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the msoe.dll (OutLook) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 1257 | | Last Modified: | Aug 27 02:02:10 2006 |
| MD5 Checksum: | 236056c5090e05a6af3d7adee638e683 |
|
| /// File Name: |
msterminal.txt |
Description:
|
There is a vulnerability in Microsoft Terminal Server when an application is specified for the user instead of a full Windows Desktop. It is possible to easily cause an error in explorer.exe and to gain access to a full Desktop. This is an issue for anyone publishing applications through TS to domain users who also logon to full desktops either on the TS or on another machine.
| | Author: | Bill Littlejohn | | File Size: | 1253 | | Last Modified: | Aug 27 13:45:19 2006 |
| MD5 Checksum: | 1fc1123097f5a7d14867a71a6c53b5a2 |
|
| /// File Name: |
sofgb10.txt |
Description:
|
Simple one-file Guestbook versions 1.0 and below suffer from an administrative bypass flaw.
| | Author: | omnipresent | | Homepage: | http://it.security.netsons.org | | File Size: | 1245 | | Last Modified: | Aug 26 20:34:27 2006 |
| MD5 Checksum: | b17ef43371f036598e89517fe136983b |
|
| /// File Name: |
XSec-06-03.txt |
Description:
|
A vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the CHTSKDIC.DLL (Microsoft IME) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may cause a denial of service and/or execute arbitrary code.
| | Author: | nop | | Homepage: | http://www.xsec.org/ | | File Size: | 1231 | | Last Modified: | Aug 27 02:01:15 2006 |
| MD5 Checksum: | 05bdcc8835a9059880ccc28ba3d3cf6e |
|
| /// File Name: |
adv07-chaoscount.txt |
Description:
|
CounterChaos versions 0.48c and below suffer from a SQL injection vulnerability.
| | Author: | Tamriel | | File Size: | 1174 | | Last Modified: | Aug 17 05:10:32 2006 |
| MD5 Checksum: | 2533d87d831531572d45c45c6f586087 |
|
| /// File Name: |
sscms10.txt |
Description:
|
SmartSiteCMS version 1.0 suffers from an authentication bypass flaw.
| | Author: | Paulino Calderon | | Homepage: | http://nah.suckea.com/ | | File Size: | 952 | | Last Modified: | Aug 26 20:22:49 2006 |
| MD5 Checksum: | 1dfefbaa3af69d1d877fe48a768e0cf1 |
|
| /// File Name: |
eichhorn.txt |
Description:
|
The Eichhorn Portal is susceptible to multiple SQL injection and cross site scripting flaws.
| | Author: | MC Iglo | | File Size: | 942 | | Last Modified: | Aug 27 17:07:21 2006 |
| MD5 Checksum: | fc03b07e74529f90c43393f47af989f4 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
