Section: .. / 0605-advisories /
| /// File Name: |
042006-001-ISA-LM.txt |
Description:
|
There is a log manipulation vulnerability in Microsoft ISA Server 2004, which when exploited will enable a malicious user to manipulate the Destination Host parameter of the log file.
| | Author: | Noam Rathaus | | Homepage: | http://www.beyondsecurity.com/ | | File Size: | 1527 | | Last Modified: | May 6 17:13:44 2006 |
| MD5 Checksum: | 9ad61be6d42463284ad103337f60d21b |
|
| /// File Name: |
AD20060509a.txt |
Description:
|
eEye Digital Security has discovered a second vulnerability in the Microsoft Distributed Transaction Coordinator that could allow an attacker to take complete control over a vulnerable system to which he has network or local access. The vulnerable MSDTC component is an RPC server which is network accessible by default on Windows NT 4.0 Server and Windows 2000 Server systems, over a dynamic high TCP port.
| | Author: | Derek Soeder | | Homepage: | http://www.eeye.com | | File Size: | 4012 | | Last Modified: | May 21 13:51:29 2006 |
| MD5 Checksum: | 0cacde8e729b39afddc354aea2ed008a |
|
| /// File Name: |
AD20060509b.txt |
Description:
|
In July 2005, eEye Digital Security notified Microsoft of a critical vulnerability in the Distributed Transaction Coordinator service included with Windows, a report which culminated in the release of the MS05-051 hotfix on October 11th. Following its release, we observed that the hotfix only mitigated the vulnerability, reducing its maximum potential to a denial-of-service attack against the MSDTC service but failing to treat the underlying flaw, and we again reported the finding to Microsoft.
| | Homepage: | http://www.eeye.com/ | | File Size: | 3179 | | Related CVE(s): | CVE-2006-1184 | | Last Modified: | May 21 13:50:28 2006 |
| MD5 Checksum: | 80dc51612a1d5b26a73e441aa5290ad2 |
|
| /// File Name: |
AD20060512.txt |
Description:
|
A vulnerability that allows for arbitrary code execution in Apple QuickTime versions below 7.1 can be exploited by persuading a user to open a carefully crafted .mov files or visit a website embedding the malicious .mov file.
| | Author: | Sowhat | | Homepage: | http://www.nevisnetworks.com/ | | File Size: | 2163 | | Last Modified: | May 21 15:19:11 2006 |
| MD5 Checksum: | a6b5418a2c7a31e937c6b5f0b7a8686b |
|
| /// File Name: |
AGR-ADV-2006-01.txt |
Description:
|
A vulnerability exists in the way Ultr@VNC-1.0.1 handles MS-Login authentication.
| | Author: | Deon Force | | Homepage: | http://www.asia-global-risk.com | | File Size: | 3828 | | Last Modified: | May 6 16:35:02 2006 |
| MD5 Checksum: | 0fd4cd520e71691a5ce7367ea57c6352 |
|
| /// File Name: |
AGTC-Membership-1.1a.tzt |
Description:
|
PHP AGTC-Membership system versions less than or equal to v1.1a suffers from XSS.
| | Author: | zerogue | | File Size: | 375 | | Last Modified: | May 29 03:01:39 2006 |
| MD5 Checksum: | 2a4135f91245b0d1e8c1b572de3fd3dc |
|
| /// File Name: |
AlstraSoftE-Friends.txt |
Description:
|
Alstrasoft E-friends suffers from XSS in index.php.
| | Author: | luny | | File Size: | 441 | | Last Modified: | May 26 18:10:51 2006 |
| MD5 Checksum: | 8fabe870ca72379110a29888f08b445e |
|
| /// File Name: |
applesafari203.txt |
Description:
|
A vulnerability exists in Apple Safari 2.0.3 (417.9.3) and perhaps in prior versions which shows up the SRCOD (Spinning Rainbow Cursor Of Death).
| | Author: | Yannick von Arx | | File Size: | 1158 | | Last Modified: | May 22 02:56:11 2006 |
| MD5 Checksum: | 6604f4348ea6f9ac439211f69d37901b |
|
| /// File Name: |
ArticleManager-1.6.txt |
Description:
|
Alstrasoft Article Manager Pro v1.6 suffers from XSS and full path disclosure vulnerabilities.
| | Author: | luny | | File Size: | 1853 | | Last Modified: | May 26 18:11:33 2006 |
| MD5 Checksum: | 6b8362340d998e742df2f165ce6121e7 |
|
| /// File Name: |
ASPBB-0.52.txt |
Description:
|
ASPBB versions 0.52 and prior suffer from XSS.
| | Homepage: | http://www.nukedx.com | | File Size: | 1046 | | Last Modified: | May 29 04:04:27 2006 |
| MD5 Checksum: | f8c664427c8244d8c5af61095f5a4ac7 |
|
| /// File Name: |
ASPR-2006-05-17-1.txt |
Description:
|
ACROS Security Problem Report #2006-05-17-1 - A buffer overflow vulnerability in Retroclient service can be exploited to crash Retrospect clients in the network. This enables an attacker to easily disable the backup process throughout an organization. Affected is the Retrospect 7.5 client for Windows.
| | Homepage: | http://www.acrossecurity.com/ | | File Size: | 4439 | | Last Modified: | May 24 05:01:44 2006 |
| MD5 Checksum: | 1f9e18c5fbdebdd46a9ad0e699722ebf |
|
| /// File Name: |
ASPSitem-2.0.txt |
Description:
|
ASPSitem 2.0 and prior suffer from SQL injection in Anket.asp
| | Author: | nukedx | | Homepage: | http://www.nukedx.com | | File Size: | 1654 | | Last Modified: | May 29 19:14:33 2006 |
| MD5 Checksum: | 8ce38235ce36cca193feada615925d70 |
|
| /// File Name: |
Assetman-2.4a.txt |
Description:
|
Assetman versions less than or equal to 2.4a suffer from XSS
| | Author: | Nomenumbra | | File Size: | 239 | | Last Modified: | May 29 03:03:34 2006 |
| MD5 Checksum: | 301f6a049643055f1cf669415643e7f0 |
|
| /// File Name: |
azboard_advisory.txt |
Description:
|
Azboard versions 1.0 and below suffer from multiple SQL injection flaws.
| | Author: | Blu3h4t Team | | File Size: | 2223 | | Last Modified: | May 21 23:44:14 2006 |
| MD5 Checksum: | 50eaddc0235b986f4363e6a9a2f41318 |
|
| /// File Name: |
AZPhotoAlbum.txt |
Description:
|
AZ Photo Album Script Pro is vulnerable to XSS
| | Author: | luny | | File Size: | 857 | | Last Modified: | May 26 19:09:07 2006 |
| MD5 Checksum: | 1afea1dd147a5fdcb8fdb07793ae41c5 |
|
| /// File Name: |
banktown.txt |
Description:
|
BankTown Client Control 1,4,2,51817 suffers from a buffer overflow related to ActiveX.
| | Author: | Gyu Tae Park | | File Size: | 2348 | | Last Modified: | May 6 16:38:53 2006 |
| MD5 Checksum: | 544276ab2b71d05f3581d61c3759b02c |
|
| /// File Name: |
BeoPortal.txt |
Description:
|
BeoPed Portal is susceptible to cross site scripting.
| | Author: | Outlaw | | File Size: | 680 | | Last Modified: | May 23 03:57:30 2006 |
| MD5 Checksum: | 205a53afe934d81cb462fcc22c1aad10 |
|
| /// File Name: |
bitrixXSS.txt |
Description:
|
Bitrix CMS version 4.1.x suffers from cross site scripting flaws.
| | Author: | Gogi The Georgian | | File Size: | 1344 | | Last Modified: | May 22 01:58:51 2006 |
| MD5 Checksum: | 216b94b353385b193e1fbc1e0f116b09 |
|
| /// File Name: |
bitzipper.txt |
Description:
|
BitZipper versions 4.1.2 and below suffer from a directory traversal flaw.
| | Author: | Hamid Ebadi | | Homepage: | http://hamid.ir/security | | File Size: | 1381 | | Last Modified: | May 24 04:53:46 2006 |
| MD5 Checksum: | 8a9a1395d858403669df9a550b401a04 |
|
| /// File Name: |
BlendPortal-1.2.0.txt |
Description:
|
The Blend Portal for phpBB 2.x versions 1.2.0 and prior suffer from a remote file inclusion vulnerability in blend_data/blend_common.php.
| | Homepage: | http://www.nukedx.com | | File Size: | 1655 | | Last Modified: | May 29 19:16:40 2006 |
| MD5 Checksum: | d078d404e0573d11aeb13eea46f1189e |
|
| /// File Name: |
BuHa-12.txt |
Description:
|
BuHa Security-Advisory #12 - Denial of Service bug in Internet Explorer: #7d6d2db
| | Homepage: | http://buha.info/board/ | | File Size: | 4726 | | Last Modified: | May 29 03:35:34 2006 |
| MD5 Checksum: | 503fb1340d56ce3ab67b5c62f50aea61 |
|
| /// File Name: |
BuHa-13.txt |
Description:
|
BuHa Security-Advisory #13 - Memory Corruption Vulnerability in Internet Explorer: #7d519030
| | Homepage: | http://buha.info/board/ | | File Size: | 7462 | | Last Modified: | May 29 03:36:29 2006 |
| MD5 Checksum: | ca5cdd39bfd6713472e9611d50abef1d |
|
| /// File Name: |
ByteHoard-2.1.txt |
Description:
|
ByteHoard versions less than or equal to 2.1 suffers from directory transversal and XSS vulnerabilities.
| | Author: | Nomenumbra | | File Size: | 1116 | | Last Modified: | May 29 03:02:51 2006 |
| MD5 Checksum: | 1e8ab96e21863358d141774ce0050f29 |
|
| /// File Name: |
CAID-34013.txt |
Description:
|
CAID 34013 - A potential vulnerability issue exists in our CAIRIM LMP solution for z/OS. CAIRIM is delivered as part of CA's z/OS Common Services, and the LMP component provides licensing services to many of CA's z/OS solutions. IBM Global Services discovered an integrity problem, which could be exploited by an expert user of a z/OS system that utilizes CA's CAIRIM LMP component. We worked with IBM Global Services to understand the nature of the problem and to make certain that the remedy we have now provided addresses the problem completely.
| | Author: | Ken Williams | | Homepage: | http://ca.com/ | | File Size: | 9599 | | Last Modified: | May 6 17:50:18 2006 |
| MD5 Checksum: | 9ab24c9ae1d5ec47ce2be89ca9649849 |
|
| /// File Name: |
cfxss5.txt |
Description:
|
ColdFusion versions 5 and below suffer from cross site scripting issues.
| | Author: | zuxncwaruio | | File Size: | 1953 | | Last Modified: | May 21 14:37:59 2006 |
| MD5 Checksum: | 800db59394b8216e3dee1ad7a36e0347 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
