VARIoT IoT vulnerabilities database

VAR-200505-0355 | CVE-2005-1337 | Apple Mac OS X Code execution vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI. Apple Mac OS X is prone to a JavaScript execution vulnerability. This issue exists in the Help Viewer URI handler. A maliciously crafted JavaScript file loaded by the Help Viewer would be executed with local privileges.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have published advisories for 4 security vulnerabilities in Mac OS
X that were addressed by Apple Security Update 2005-005, released
today. <http://docs.info.apple.com/article.html?artnum=301528>.
This email contains brief summaries of the problems. Full details can
be found on my web site <http://remahl.se/david/vuln/>.
Description: help: URI handler execution of JavaScripts with known
paths vulnerability
My name: DR004 <http://remahl.se/david/vuln/004/>
CVE: CAN-2005-1337 [yes, cool, isn't it ;-)]
Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.
Description: Invisible characters in applescript: URL protocol
messaging vulnerability
My name: DR010 <http://remahl.se/david/vuln/010/>
CVE: CAN-2005-1331
Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed.
Description: Apple Terminal insufficient input sanitation of x-man-
path: URIs vulnerability
My name: DR011 <http://remahl.se/david/vuln/011/>
CVE: CAN-2005-1342
Summary: Apple Terminal fails to properly sanitize the contents of x-
man-path: URIs passed to it. This can lead to execution of arbitrary
commands, aided by some of the escape sequences that Terminal supports.
Description: Mac OS X terminal emulators allow reading and writing of
window title through escape sequences
My name: DR012 <http://remahl.se/david/vuln/012/>
CVE: CAN-2005-1341
Summary: Apple Terminal (often referred to as Terminal.app) and xterm
which both ship with current versions of Mac OS X are vulnerable to a
well-known type of attack when displaying untrusted content. Using
escape sequences and social engineering attacks it is in some cases
possible to trick the user into performing arbitrary commands.
I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful.
/ Regards, David Remahl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a
PJwheHWkjnBAG4kNnAa/6QE=
=iJNj
-----END PGP SIGNATURE-----
VAR-200505-0267 | CVE-2005-1385 | Safari Vulnerability |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference. Safari is prone to a denial-of-service vulnerability
VAR-200505-0310 | CVE-2005-1342 | Apple Terminal fails to properly sanitize input for "x-man-page" URI |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have published advisories for 4 security vulnerabilities in Mac OS
X that were addressed by Apple Security Update 2005-005, released
today. <http://docs.info.apple.com/article.html?artnum=301528>.
This email contains brief summaries of the problems. Full details can
be found on my web site <http://remahl.se/david/vuln/>.
Description: help: URI handler execution of JavaScripts with known
paths vulnerability
My name: DR004 <http://remahl.se/david/vuln/004/>
CVE: CAN-2005-1337 [yes, cool, isn't it ;-)]
Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.
Description: Invisible characters in applescript: URL protocol
messaging vulnerability
My name: DR010 <http://remahl.se/david/vuln/010/>
CVE: CAN-2005-1331
Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed. Using
escape sequences and social engineering attacks it is in some cases
possible to trick the user into performing arbitrary commands.
I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful.
/ Regards, David Remahl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFCd9mHFlFiDoclYIURAjgqAJ9mLbjrfJr17eenCK6qp5S6HXKzgACeIH+a
PJwheHWkjnBAG4kNnAa/6QE=
=iJNj
-----END PGP SIGNATURE-----
VAR-200505-0359 | CVE-2005-1341 | Apple Mac OS X AppleScript Editor code confusing vulnerability |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. Apple Mac OS X Terminal is reported prone to an input validation vulnerability. A vulnerability exists in Apple Mac OS X's handling of AppleScript links, which could be exploited by remote attackers to lure users into executing malicious code. <http://docs.info.apple.com/article.html?artnum=301528>.
This email contains brief summaries of the problems. Full details can
be found on my web site <http://remahl.se/david/vuln/>.
Description: help: URI handler execution of JavaScripts with known
paths vulnerability
My name: DR004 <http://remahl.se/david/vuln/004/>
CVE: CAN-2005-1337 [yes, cool, isn't it ;-)]
Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.
Description: Invisible characters in applescript: URL protocol
messaging vulnerability
My name: DR010 <http://remahl.se/david/vuln/010/>
CVE: CAN-2005-1331
Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed.
Description: Mac OS X terminal emulators allow reading and writing of
window title through escape sequences
My name: DR012 <http://remahl.se/david/vuln/012/>
CVE: CAN-2005-1341
Summary: Apple Terminal (often referred to as Terminal.app) and xterm
which both ship with current versions of Mac OS X are vulnerable to a
well-known type of attack when displaying untrusted content.
I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful. The most
serious of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities addressed by
the update include disclosure of information and denial of service.
I.
(CAN-2005-1342)
VU#882750 - libXpm image library vulnerable to buffer overflow
libXpm image parsing code contains a buffer-overflow vulnerability
that may allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0687)
VU#125598 - LibTIFF vulnerable to integer overflow via corrupted
directory entry count
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1308)
VU#539110 - LibTIFF vulnerable to integer overflow in the
TIFFFetchStrip() routine
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1307)
VU#537878 - libXpm library contains multiple integer overflow
vulnerabilities
libXpm contains multiple integer-overflow vulnerabilities that may
allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0688)
VU#331694 - Apple Mac OS X chpass/chfn/chsh utilities do not properly
validate external programs
Mac OS X Directory Service utilities do not properly validate code
paths to external programs, potentially allowing a local attacker to
execute arbitrary code.
(CAN-2004-1335)
VU#582934 - Apple Mac OS X Foundation framework vulnerable to buffer
overflow via incorrect handling of an environmental variable
A buffer overflow in Mac OS X's Foundation Framework's processing of
environment variables may lead to elevated privileges.
(CAN-2004-1332)
VU#354486 - Apple Mac OS X Server Netinfo Setup Tool fails to validate
command line parameters
Apple Mac OS X Server NeST tool contains a vulnerability in the
processing of command line arguments that could allow a local attacker
to execute arbitrary code.
(CAN-2004-0594)
Please note that Apple Security Update 2005-005 addresses additional
vulnerabilities not described above. As further information becomes
available, we will publish individual Vulnerability Notes.
II. Impact
The impacts of these vulnerabilities vary, for information about
specific impacts please see the Vulnerability Notes. Potential
consequences include remote execution of arbitrary code or commands,
disclosure of sensitive information, and denial of service.
III. Solution
Install an Update
Install the update as described in Apple Security Update 2005-005.
Appendix A. References
* US-CERT Vulnerability Note VU#582934 -
<http://www.kb.cert.org/vuls/id/582934>
* US-CERT Vulnerability Note VU#258390 -
<http://www.kb.cert.org/vuls/id/258390>
* US-CERT Vulnerability Note VU#331694 -
<http://www.kb.cert.org/vuls/id/331694>
* US-CERT Vulnerability Note VU#706838 -
<http://www.kb.cert.org/vuls/id/706838>
* US-CERT Vulnerability Note VU#539110 -
<http://www.kb.cert.org/vuls/id/539110>
* US-CERT Vulnerability Note VU#354486 -
<http://www.kb.cert.org/vuls/id/354486>
* US-CERT Vulnerability Note VU#882750 -
<http://www.kb.cert.org/vuls/id/882750>
* US-CERT Vulnerability Note VU#537878 -
<http://www.kb.cert.org/vuls/id/537878>
* US-CERT Vulnerability Note VU#125598 -
<http://www.kb.cert.org/vuls/id/125598>
* US-CERT Vulnerability Note VU#356070 -
<http://www.kb.cert.org/vuls/id/356070>
* Apple Security Update 2005-005 -
<http://docs.info.apple.com/article.html?artnum=301528>
_________________________________________________________________
These vulnerabilities were discovered by several people and reported
in Apple Security Update 2005-005. Please see the Vulnerability Notes
for individual reporter acknowledgements.
_________________________________________________________________
Feedback can be directed to the authors: Jeffrey Gennari and Jason
Rafail.
_________________________________________________________________
Copyright 2005 Carnegie Mellon University. Terms of use
Revision History
May 16, 2005: Initial release
Last updated May 16, 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQojwRBhoSezw4YfQAQKb1gf/a7XQAZQR+t5+FpzRoUrJyVIg3Mf1IISP
yS5GLgfwC+4GuDEd/BA51+591OhNAWa1hO2JAUQwJ799VL7vAY6vbDW84c+S0eQ+
J+FHgddUsuvRtmsXCg2Fin1JRG4hCqBQ9q2S0h4+fM7yWSdLOY7xeAAwPOwG+bsU
AVjDMNiPACHxw7CNQ8qpPXFfo3qrV+oj55F62TbR0fujtil6yQR3lE9wSeiuLs/i
KgQFZlHMEoAwQnghwLk7eQLkzGD9eAZ+pZ7Ny0AvF7avhGflh2nFNe2acFoJ2Iw7
/gMXj/uN/ZpDssS37y38LIvyA3kIQrSlEW7iKf1wi2eQ3ntjyv/9NA==
=uqBU
-----END PGP SIGNATURE-----
VAR-200505-0350 | CVE-2005-1331 | Apple Mac OS X AppleScript Editor code confusing vulnerability |
CVSS V2: 5.1 CVSS V3: - Severity: MEDIUM |
The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. Mac OS X AppleScript editor is prone to a code obfuscation vulnerability.
This issue was initially reported in BID 13480 (Apple Mac OS X Multiple Vulnerabilities). Due to the availability of more information, this issue is being assigned a new BID. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have published advisories for 4 security vulnerabilities in Mac OS
X that were addressed by Apple Security Update 2005-005, released
today. <http://docs.info.apple.com/article.html?artnum=301528>.
This email contains brief summaries of the problems. Full details can
be found on my web site <http://remahl.se/david/vuln/>.
Description: help: URI handler execution of JavaScripts with known
paths vulnerability
My name: DR004 <http://remahl.se/david/vuln/004/>
CVE: CAN-2005-1337 [yes, cool, isn't it ;-)]
Summary: The Help Viewer application allows JavaScript and is thus
vulnerable to having scripts with arbitrary paths run with the
privileges granted to file: protocol URIs. The files can be started
with a URI on the form of help:///path/to/file.html. Combined with
XMLHttpRequest's ability to disclose arbitrary files, this security
bug becomes critcal.
Description: Invisible characters in applescript: URL protocol
messaging vulnerability
My name: DR010 <http://remahl.se/david/vuln/010/>
CVE: CAN-2005-1331
Summary: URL Protocol Messaging is a technique used by Script Editor
to facilitate sharing of AppleScripts between users. By clicking a
link (for example in a web forum), a user can create a new Script
Editor document automatically, with text from the query string of the
URI. This avoids problems with copying text from the web or manually
typing code snippets. However, the technique can be used to trick
users into running dangerous code (with embedded control characters),
since insufficient input validation is performed.
Description: Apple Terminal insufficient input sanitation of x-man-
path: URIs vulnerability
My name: DR011 <http://remahl.se/david/vuln/011/>
CVE: CAN-2005-1342
Summary: Apple Terminal fails to properly sanitize the contents of x-
man-path: URIs passed to it. This can lead to execution of arbitrary
commands, aided by some of the escape sequences that Terminal supports.
Description: Mac OS X terminal emulators allow reading and writing of
window title through escape sequences
My name: DR012 <http://remahl.se/david/vuln/012/>
CVE: CAN-2005-1341
Summary: Apple Terminal (often referred to as Terminal.app) and xterm
which both ship with current versions of Mac OS X are vulnerable to a
well-known type of attack when displaying untrusted content. Using
escape sequences and social engineering attacks it is in some cases
possible to trick the user into performing arbitrary commands.
I would like to acknowledge the willingness of Apple's Product
Security team to cooperate with me in resolving these issues. CERT's
assistance has also been helpful. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c00600177
Version: 1
HPSBUX02119 SSRT4848 rev.1 - HP-UX Running Motif Applications Remote Arbitrary
Code Execution, Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2006-05-17
Last Updated: 2006-05-15
Potential Security Impact: Remote arbitrary code execution, Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with Motif applications running
on HP-UX. The potential vulnerabilities could be exploited to allow remote execution
of arbitrary code or Denial for Service (DoS).
References: CERT VU#537878, VU#882750
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP-UX B.11.00, B.11.11, B.11.23 running Motif applications.
BACKGROUND
Potential vulnerabilities have been reported with the handling of XPixMap format data:
http://www.kb.cert.org/vuls/id/882750
http://www.kb.cert.org/vuls/id/537878
AFFECTED VERSIONS
HP-UX B.11.00
=============
X11.MOTIF-SHLIB
action: install PHSS_33129 or subsequent
HP-UX B.11.11
=============
X11.MOTIF-SHLIB
action: install PHSS_33130 or subsequent
HP-UX B.11.23
=============
X11.MOTIF-SHLIB
action: install PHSS_33132 or subsequent
RESOLUTION
HP has made the following patches available to resolve the issue.
The patches can be downloaded from http://itrc.hp.com
HP-UX B.11.00 PHSS_33129 or subsequent
HP-UX B.11.11 PHSS_33130 or subsequent
HP-UX B.11.23 PHSS_33132 or subsequent
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Security Patch Check: Security Patch Check revision B.02.00 analyzes all
HP-issued Security Bulletins to provide a subset of recommended actions that
potentially affect a specific HP-UX system. For more information:
http://software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=B6834AA
HISTORY
Version:1 (rev.1) 17 May 2006 Initial release
Support: For further information, contact normal HP Services
support channel.
Report: To report a potential security vulnerability with any HP
supported product, send Email to: security-alert@hp.com. It is
strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit
information. To get the security-alert PGP key, please send an
e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP
Security Bulletins via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&
langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and
continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and
save.
To update an existing subscription:
http://h30046.www3.hp.com/subSignIn.php
Log in on the web page:
Subscriber's choice for Business: sign-in.
On the web page:
Subscriber's Choice: your profile summary
- use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin
relates to is represented by the 5th and 6th characters of the
Bulletin number in the title:
GN = HP General SW,
MA = HP Management Agents,
MI = Misc. 3rd party SW,
MP = HP MPE/iX,
NS = HP NonStop Servers,
OV = HP OpenVMS,
PI = HP Printing & Imaging,
ST = HP Storage SW,
TL = HP Trusted Linux,
TU = HP Tru64 UNIX,
UX = HP-UX,
VV = HP Virtual Vault
System management and security procedures must be reviewed
frequently to maintain system integrity. HP is continually
reviewing and enhancing the security features of software products
to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to
bring to the attention of users of the affected HP products the
important security information contained in this Bulletin. HP
recommends that all users determine the applicability of this
information to their individual situations and take appropriate
action. HP does not warrant that this information is necessarily
accurate or complete for all user situations and, consequently, HP
will not be responsible for any damages resulting from user's use
or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either
express or implied, including the warranties of merchantability
and fitness for a particular purpose, title and non-infringement."
(c)Copyright 2006 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or
editorial errors or omissions contained herein. The information
provided is provided "as is" without warranty of any kind. To the
extent permitted by law, neither HP nor its affiliates,
subcontractors or suppliers will be liable for incidental, special
or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration.
The information in this document is subject to change without
notice. Hewlett-Packard Company and the names of Hewlett-Packard
products referenced herein are trademarks of Hewlett-Packard
Company in the United States and other countries. Other product
and company names mentioned herein may be trademarks of their
respective owners.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRHGcseAfOvwtKn1ZEQLsCQCgsfBQfOCJ10fRkLsGaGyKFw52JnIAnj+C
6Kgv/Lr9cDfmSn3EfBJJW35+
=u3wT
-----END PGP SIGNATURE-----
VAR-200505-1008 | CVE-2005-1028 | PHP-Nuke Security hole |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability
VAR-200505-1002 | CVE-2005-1062 | [CAN-2005-1062] Management Protocol Allows Local Remote Password Cracking Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. Personal Firewall is prone to a remote security vulnerability
VAR-200505-1169 | CVE-2005-1180 | PHP-Nuke HTTP Response split vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. PHP-Nuke is prone to a remote security vulnerability.
----------------------------------------------------------------------
Want a new IT Security job?
Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
PHP-Nuke "forwarder" Parameter HTTP Response Splitting
SECUNIA ADVISORY ID:
SA14965
VERIFY ADVISORY:
http://secunia.com/advisories/14965/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
PHP-Nuke 7.x
http://secunia.com/product/2385/
DESCRIPTION:
Diabolic Crab has reported a vulnerability in PHP-Nuke, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "forwarder" parameter is not properly sanitised.
This can be exploited to inject malicious characters into HTTP
headers and may allow execution of arbitrary HTML and script code in
a user's browser session in context of an affected site.
The vulnerability has been confirmed in version 7.5. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
Diabolic Crab
ORIGINAL ADVISORY:
http://www.digitalparadox.org/advisories/pnuke.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
VAR-200505-0314 | CVE-2005-1346 | Symantec Antivirus product vulnerability |
CVSS V2: 2.6 CVSS V3: - Severity: LOW |
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file. Web Security is prone to a denial-of-service vulnerability
VAR-200505-0603 | CVE-2005-0328 | of netgear rt311 Vulnerabilities in products from multiple vendors such as |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. of netgear rt311 Unspecified vulnerabilities exist in products from multiple vendors.None. Rt311 is prone to a remote security vulnerability
VAR-200505-0687 | CVE-2005-0350 | Vulnerabilities in multiple F-Secure products |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive. f-secure anti-virus , F-Secure Internet Security , f-secure personal express There are unspecified vulnerabilities in multiple F-Secure products such asNone. F-Secure Anti-Virus is prone to a remote security vulnerability
VAR-200505-0655 | CVE-2005-0431 | Barracuda Spam Firewall Vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. Barracuda Spam Firewall is prone to a remote security vulnerability
VAR-200505-0203 | CVE-2005-0498 | Gigafast router Information disclosure vulnerability |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext. Gigafast Router is prone to a information disclosure vulnerability
VAR-200505-1049 | CVE-2005-0998 | PHP-Nuke Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. PHP-Nuke is prone to a information disclosure vulnerability
VAR-200505-1052 | CVE-2005-1001 | PHP-Nuke Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability. The full pathname of the server
VAR-200505-0002 | CVE-1999-1557 | Ipswitch IMail Buffer overflow vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password. IMail is prone to a denial-of-service vulnerability
VAR-200505-0979 | CVE-2005-1106 | QuickTime for Windows Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. Quicktime Pictureviewer is prone to a denial-of-service vulnerability
VAR-200505-0616 | CVE-2005-0341 | Apple Safari Vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. Safari is prone to a cross-site scripting vulnerability
VAR-200505-0527 | CVE-2005-0970 | Mac OS X Permissions and Access Control Vulnerability |
CVSS V2: 7.6 CVSS V3: - Severity: HIGH |
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts. Mac OS X is prone to a remote security vulnerability. An attacker could take advantage of elevated privileges to perform unauthorized actions through a vulnerable script
VAR-200504-0069 | CVE-2005-1063 | Kerio Management Port Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations.". Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port.
This issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data.
A remote attacker may leverage these issues, without requiring
authentication, to exhaust resources on an affected computer, effectively
denying service for legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio
WinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier
versions of these products are reported vulnerable. Kerio WinRoute Firewall is an enterprise-level firewall of American Kerio Company, which provides functions such as Internet sharing, virus protection and transparent proxy