Secunia Research has discovered multiple vulnerabilities in the BookLibrary component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. BookLibrary version 1.5.3 Basic is affected.
79e62e777c42c0442c253d71a69a21bb09fee2f843737ff0ba50757ab43d1fe8Secunia Research has discovered a vulnerability in AOL, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "CDDBControlAOL.CDDBAOLControl" ActiveX control (cddbcontrol.dll) when processing "ClientId" arguments passed to the "SetClientInfo()" method. This can be exploited to cause a stack-based buffer overflow by passing an overly long string (more than 256 bytes). Successful exploitation allows execution of arbitrary code when a user visits a malicious website with Internet Explorer. In order to exploit the vulnerability, a certain registry value has to be set to "1111". This is not set by default, but can be set up automatically by first instantiating the bundled CerberusCDPlayer ActiveX control. Affected software includes America Online 7.0 revision 4114.563, AOL 8.0 revision 4129.230, and AOL 9.0 Security Edition revision 4156.910.
e3b72455fae8d556eade84f6b95183d9fb3856484b23d09de4ad46012248b887Secunia Research has discovered a vulnerability in Borland products, which can be exploited by malicious people to compromise a vulnerable system. Borland idsql32.dll versions 5.1.0.4 (as used by RevilloC MailServer) and 5.2.0.2 as included with Borland Developer Studio 2006 are affected. Other versions may also be affected. The vulnerability is caused due to a boundary error in idsql32.dll when processing SQL statements using the "DbiQExec()" function. This can be exploited to cause a heap-based buffer overflow via an overly long SQL statement (more than 4000 bytes).
09e6cf310cbb76af6a9fbf44ffae2569a37d8536a0df6dab6db3e695bd0abee8Secunia Research has discovered a security issue in AOL, which can be exploited by malicious, local users to manipulate arbitrary files. The problem is that AOL sets insecure default permissions (grants "Everyone" group "Full Control") on the "America Online 9.0" directory and all child objects. This can be exploited to remove, manipulate, and replace any of the application's files.
7be11af21a27703c6db82025cbfe982e4cd9379f5538e5cc9ebd858f45c303b2Secunia Research has discovered a vulnerability in AutoVue SolidModel Professional Desktop Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the handling of ARJ, RAR, and ZIP archives. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows execution of arbitrary code. AutoVue SolidModel Professional Desktop Edition version 19.1 Build 5993 is affected. Other versions may also be affected.
e93adff3a8f625d54d58dc9486926383f88de6f10f23d5b6f9a008feef926f49Secunia Research has discovered a vulnerability in BitZipper, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive. BitZipper version 4.1 SR-1 is affected.
7fdb872ca2833cabf09fea315d78509c20750c1c879788b34c7cc8be31075bedSecunia Research has discovered some vulnerabilities in DeluxeBB version 1.06, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
dabd3850dcb181b78f640f41286930158f735aa2641bb4e983e057e7c47f4b6bSecunia Research has discovered two vulnerabilities in CMS Mundo version 1.0 build 007, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
c01cb438a40a860be28eb49b660964a6dcff479b929e888513af815a54a05093Secunia Research has discovered a vulnerability in AutoMate version 6.1.0.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
52e044d4c6394bb5428d5aa19fb3a82863f00449b983f5a0bc10b0067841ca60Secunia Research has discovered a vulnerability in CAM UnZip versions 4.0 and 4.3, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened.
15e13f5a99e65b3adbc306a4ea2fa32d802e0121972b3078e9f2fecd56fb97b1Secunia Research has discovered a vulnerability in Eazel version 1.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in ztvunacev2.dll (UNACEV2.DLL) when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
6e456760da60d76c4f1ce8d66aef6fa2a1e5bf87c7d8f535aa769d262c1a5584Secunia Research has discovered a vulnerability in Abakt, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when listing the contents of a ZIP archive. This can be exploited to cause a stack-based buffer overflow when a malicious ZIP archive containing a file with an overly long filename is opened. Versions 0.9.2 and 0.9.3-beta1 are affected.
67471673445159616ecc2805692c08221a6e6eceb4b399e199f2b6db8e227996Secunia Research has discovered a vulnerability in Anti-Trojan version 5.5.421, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user scans a specially crafted ACE archive.
b004e09b97667279cf951bdcf7c770c81f941af8129fc0aa335826759577e51cSecunia Advisory 13/04/2006 - Adobe Document Server for Reader Extensions Multiple Vulnerabilities
a3337d74ce3e7f7d86956b521ab2ed6bba9f699ed9207943d08bfdd241f2ce26Secunia Research 03/04/2006 - AN HTTPD Script Source Disclosure Vulnerability - The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PL, CGI, and BAT) from the server via specially crafted requests containing dot and space characters.
3168e45f9455ce990326326f5827fc180003afd049d6d88213c158675d75fbe9Secunia Research has discovered a vulnerability in Blazix, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of JSP files from the server via specially crafted requests containing dot, space, and slash characters. Version 1.2.5 is affected.
3604e084018ebac5c828858ccaf9a13fdb6c16dd20d3d34b1392abab5ccb8b31Secunia Research 15/03/2006 - Adobe Document/Graphics Server File URI Resource Access - Secunia Research has discovered a vulnerability in Adobe Document Server and Adobe Graphics Server, which can be exploited by malicious people to gain knowledge of potentially sensitive information, overwrite arbitrary files, or compromise a vulnerable system.
f0e330f89ef6b6e06446d2c5d3d1e6a46994797ef6eeba88e2d2a73c0755ea67Secunia Research has discovered two vulnerabilities in Dwarf HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information and to conduct cross-site scripting attacks.
ae88c420d91c740fea3b205334cd447742a2fc54a2bdc918ff07f6418bc02894Secunia Research has discovered a vulnerability in ArGoSoft Mail Server Pro, which can be exploited by malicious people to conduct script insertion attacks. ArGoSoft Mail Server Pro version 1.8.8.5 is affected. Earlier versions may also be affected.
455394478eab464bfee5faea35ff3a9da617d60b91b89c9b5632c2ba4fcde5f7Secunia Research has discovered two security issues in ADOdb, which can be exploited by malicious people to disclose system information, execute arbitrary SQL code, and potentially compromise a vulnerable system. Details provided. ADOdb versions 4.66 and 4.68 for PHP are affected.
a212b5763393fa5ec35a8dfe35d726cc4f7c2a8000c581074fd8516fbf88411bSecunia Research has discovered some vulnerabilities in ATutor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system. The vulnerabilities have been confirmed in version 1.5.1-pl1. Other versions may also be affected.
ea4981890b687d4caff07c6b7157202c331ffe371d5cb42efe41a196ad0226d2Secunia Research has discovered a vulnerability in AhnLab V3 Antivirus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ, UUE or XXE archive. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (UUE/XXE), when a malicious ALZ/UUE/XXE archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled.
0bff14116cee96edd9a96cde5a18e497ac854da9b5c70332dd7da845b1b46b5dSecunia Research has discovered a vulnerability in ALZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to multiple boundary errors when reading the filename of a compressed file from ALZ, ARJ, ZIP, UUE or XXE archives. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (ARJ / ZIP / UUE / XXE). Successful exploitation allows execution of arbitrary code when a malicious ALZ / ARJ archive is opened, or when a ZIP / UUE / XXE archive is extracted.
bffe2f2d11e5e5ac7d2a13dfed0e4b832c4f3cf66166441b3fe900aaf6803f3aSecunia Research has discovered a vulnerability in 7-Zip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling an ARJ block that is larger than 2600 bytes. This can be exploited to cause a stack-based buffer overflow when a specially crafted ARJ file is opened. Successful exploitation allows arbitrary code execution. Affected versions are: 7-Zip Version 3.13, 4.23, and 4.26 BETA.
21f735293b5f28bb27d6b63dd540c87041eb152dc9e1fbffb657bd18d8139676Ahnlab V3 Antivirus suffers from multiple vulnerabilities including privilege escalation and security bypass.
2ae763edf25b4f62ff2f3ef50c76412d6dae1da0517c6a1e8125b2eeb7569a1bSecunia Security Advisory - b2evolution versions 0.8.2 and prior have been found vulnerable to cross site scripting and SQL injection attacks.
59a5b8a155051613d73dfe8647ac6f7c5dac547fe83ce6caad2ad5b13bf62dbf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed