Intel® Security Vulnerabilities

wmp-dos.txt

...

Secunia Research: CUPS IPP Tags Memory Corruption Vulnerability

====================================================================== Secunia Research 31/10/2007 - CUPS IPP Tags Memory Corruption Vulnerability - ====================================================================== Table of Contents Affected...

InnovaShop™® (mgs.jps) Cross Siting Scripting

InnovaShop™® (mgs.jps) Cross Siting Scripting Download: http://www.innovaage.com/ http://www.innovaportal.com/ Bug found by JosS / Jose Luis Góngora Fernández Contact: sys-project[at]hotmail.com Spanish Hackers Team www.spanish-hackers.com /server irc.freenode.net /join #fullsecure d0rk: "Site...

innovashop-xss.txt

...

ipswitch80x-heap.txt

...

IPSwitch IMail Server 8.0x - Remote Heap Overflow

...

IPSwitch IMail Server 8.0x - Remote Heap Overflow

IPSwitch IMail Server 8.0x - Remote Heap...

IPSwitch IMail Server 8.0x Remote Heap Overflow Exploit

Exploit for unknown platform in category remote...

Mercury32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow

Mercury32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote...

Mercury/32 Mail SMTPD 4.51 - SMTPD CRAM-MD5 Remote Overflow

...

Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service

...

Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of Service

Microsoft Internet Explorer 6 - DirectX Media Remote Overflow Denial of...

Guidance Software response to iSEC report on EnCase

Guidance Software Response to iSEC Report Guidance Software received and reviewed the report drafted by two presenters at the upcoming Black Hat USA conference. We have also spoken to Alex Stamos, one of the testing leaders. The report authors disclose that they conducted, over a period of six...

vbulinclude-xss.txt

...

vbultop-xss.txt

...

New Include Redirect Bug XSS All vBulletin v 3.x.x

+-------------------------------------------------------------------- + + New Include Redirect Bug XSS All vBulletin® v 3.x.x + +-------------------------------------------------------------------- + vendor site........: http://www.vbulletin.com/ + Affected Software .: vbulletin + Class...

New post Topic Hijacking XSS All vBulletin v 3.x.x (2)

+-------------------------------------------------------------------- + + New post Topic Hijacking XSS All vBulletin® v 3.x.x + +-------------------------------------------------------------------- + vendor site........: http://www.vbulletin.com/ + Affected Software .: vbulletin + Class...

Monalbum 0.8.7 - Remote Code Execution

Monalbum 0.8.7 - Remote Code...

Monalbum 0.8.7 - Remote Code Execution

...

fenice-overflow.txt

...

Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow

Fenice Oms server 1.10 - exec-shield Remote Buffer...

Fenice OMS server 1.10 Remote Buffer Overflow Exploit (exec-shield)

Exploit for linux platform in category remote...

Fenice Oms server 1.10 - exec-shield Remote Buffer Overflow

...

Akamai Technologies Security Advisory 2007-0001

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Akamai Technologies Security Advisory 2007-0001 Akamai ID: 2007-0001 Date: 2007/04/16 Product Name: Download Manager Affected Versions: < 2.2.1.0 Fixed Version: 2.2.1.0 CVE IDs: CVE-2007-1891 CVE-2007-1892 ...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

Apache mod_rewrite (Windows x86) - Off-by-One Remote...

Apache mod_rewrite (Windows x86) - Off-by-One Remote Overflow

...

vbul365-rssxss.txt

...

vBulletin v3.6.5 admincp/index.php ( rss feed ) xss vuln.

vBulletin® v3.6.5 has an xss vuln in admincp/index.php in rss feed . exactlly in add rss url by adding : "><script>alert(document.cookie);</script> a cool messege box appear with cookies ;) earlier versions affected also . Discovered by...

Multiple IOS IPS Vulnerabilities

The Intrusion Prevention System (IPS) feature set of Cisco IOS® contains several vulnerabilities. These include: Fragmented IP packets may be used to evade signature inspection. IPS signatures utilizing the regular expression feature of the ATOMIC.TCP signature engine may cause a router to crash...

Wireshark: wnpa-sec-2007-01

Summary Name: Multiple problems in Wireshark (formerly Ethereal®) versions 0.10.14 to 0.99.4 Docid: wnpa-sec-2007-01 Date: February 1, 2007 Versions affected: 0.10.14 up to and including 0.99.4 Details Description Wireshark 0.99.5 fixes the following vulnerabilities: * The TCP dissector could hang....

MOAB-27-01-2007: Telestream Flip4Mac WMV Parsing Memory Corruption Vulnerability

Summary The vendor (Telestream) provides the following description of the software: Flip4Mac™ WMV is a collection of QuickTime components that allow you to play, import, and export Windows Media video and audio files on your Mac using your favorite QuickTime-based applications. WMV files use the...

[Full-disclosure] Cisco Security Advisory: Crafted IP Option Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Crafted IP Option Vulnerability Advisory ID: cisco-sa-20070124-crafted-ip-option http://www.cisco.com/warp/public/707/cisco-sa-20070124-crafted-ip-option.shtml Revision 1.0 For Public Release 2007 January 24 1600 UTC (GMT)...

Intel® Enterprise Southbridge 2 Baseboard Management Controller Denial of Service

**Summary: ** A denial of service vulnerability exists in the Intel® Enterprise Southbridge 2 Baseboard Management Controller which may allow malicious users to connect to a server system within a local area network and issue any Intelligent Platform Management Interface command. If proper...

Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation

**Summary: ** A security vulnerability exists in the Microsoft Windows drivers for the Intel® 2100 PRO/Wireless Network Connection Hardware because of the way that driver handles certain requests by applications. The vulnerability could potentially be exploited by injecting specially crafted...

Intel® PROSet/Wireless Software Local Information Disclosure

**Summary: ** A security vulnerability exists in the Intel® PROSet/Wireless Software (PROSet application) because of insecure usage of shared memory allowing a person having access to the user’s computer or malicious software installed on the user’s computer to obtain access to users’ wireless...

Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution

**Summary: ** Security vulnerabilities exist in the Microsoft Windows drivers for the Intel® 2200BG and 2915ABG PRO/Wireless Network Connection Hardware because of the way that they currently handle certain frames. An attacker could potentially exploit these vulnerabilities which could potentially....

ANDR : Windows NT stack overflow attacks

Stack overflow attacks on Windows NT ** Andrey Kolischak ** Stack Overflow Attacks in Windows NT ** Today, software vulnerabilities related to the so-called stack overflow are one of the main problems of system administrators. On the mailing lists and whistleblowers devoted to software security...

Novell NetWare Client for Windows OpenPrinter() function vulnerable to buffer overflow

Overview A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system. Description NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux...

Novell NetWare Client for Windows EnumPrinters() function vulnerable to buffer overflow

Overview A vulnerability exists in the Novell NetWare client that could allow a remote attacker to execute arbitrary code on an affected system. Description NetWare is a network operating system produced and maintained by Novell. Novell provides NetWare clients for Microsoft Windows and Linux...

DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms

A vulnerability exists in certain Cisco IOS ® software release trains running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community...

[Full-disclosure] DotNetNuke HTML Code Injection

Security Advisory: VULN20-09-2006 - http://www.secureshapes.com/advisories/vuln20-09-2006.htm Vendor Security Bulletin: http://dotnetnuke.com/About/WhatIsDotNetNuke/SecurityPolicy/SecurityBulletin no3/tabid/990/Default.aspx ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DotNetNuke - HTML...

IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability

Networksecurity.fi Security Advisory (06-09-2006) Title: IBM Lotus Notes DUNZIP32.dll buffer overflow vulnerability Criticality: High (3/3) Affected software: IBM Lotus Notes versions 6.5.4, 5.0.10 and prior Author: Juha-Matti Laurio juha-matti.laurio [at] netti.fi Date: 6th September, 2006...

Multiple problems in Wireshark (Ethereal®) versions 0.7.9 to 0.99.2

Summary Name: Multiple problems in Wireshark (Ethereal®) versions 0.7.9 to 0.99.2 Docid: wnpa-sec-2006-02 Date: August 23, 2006 Versions affected: 0.7.9 up to and including 0.99.2 Details Description Wireshark 0.99.3 fixes the following vulnerabilities: * The SCSI dissector could crash. Versions...

Linux Kernel SCTP Privilege Elevation Vulnerability

McAfee, Inc. McAfee® Avert® Labs Security Advisory Public Release Date: 2006-08-22 Linux Kernel SCTP Privilege Elevation Vulnerability CVE-2006-3745 • Synopsis The Linux kernel is susceptible to a locally exploitable flaw which may allow local users to gain root privileges and execute...

Symantec Enterprise Security Manager Denial-of-Service Vulnerability

McAfee, Inc. McAfee® Avert® Labs Security Advisory Public Release Date: 2006-08-22 Symantec Enterprise Security Manager Denial-of-Service Vulnerability CVE Number Pending • Synopsis The Symantec Enterprise Security Manager (ESM) platform and agent are susceptible to a race condition that...

BlackBerry Enterprise Server fails to properly handle Microsoft Word attachments

Overview A buffer overflow vulnerability in BlackBerry Enterprise Server may allow a remote attacker to execute arbitrary code. Description A buffer overflow vulnerability exists in the BlackBerry Attachment Service component of BlackBerry Enterprise Server. This vulnerability may allow a remote...

Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation

Intel® Centrino Wireless Driver Malformed Frame Privilege Escalation Summary: A security vulnerability exists in the Microsoft Windows drivers for the Intel® 2100 PRO/Wireless Network Connection Hardware because of the way that driver handles certain requests by applications. The vulnerability...

Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution

Intel® Centrino Wireless Driver Malformed Frame Remote Code Execution Summary: Security vulnerabilities exist in the Microsoft Windows drivers for the Intel® 2200BG and 2915ABG PRO/Wireless Network Connection Hardware because of the way that they currently handle certain frames. An attacker could.....

Intel® PROSet/Wireless Software Local Information Disclosure

Intel® PROSet/Wireless Software Local Information Disclosure Summary: A security vulnerability exists in the Intel® PROSet/Wireless Software (PROSet application) because of insecure usage of shared memory allowing a person having access to the user's computer or malicious software installed on the....

Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)

Microsoft Security Bulletin MS06-041 Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683) Published: August 8, 2006 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:.....