Secunia Research has discovered a vulnerability in WinHKI versions 1.66 and 1.67, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in ztvunacev2.dll (UNACEV2.DLL) when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
8d19c5c9543405f65e77f191242b6bcd10493614ad39c78d692b3fb58dd0ea1aSecunia Research has discovered a vulnerability in Blazix, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of JSP files from the server via specially crafted requests containing dot, space, and slash characters. Version 1.2.5 is affected.
3604e084018ebac5c828858ccaf9a13fdb6c16dd20d3d34b1392abab5ccb8b31Secunia Research has discovered a vulnerability in Quick 'n Easy/Baby Web Server, which can be exploited by malicious people to disclose potentially sensitive information.
a4646bf09910c4c5191f80718f1eda87923398b1f7af7ff7fd3ef391e20c87d6Secunia Research has discovered a vulnerability in NetworkActiv Web Server, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing the forward slash character. Version affected: NetworkActiv Web Server 3.5.15. Other versions may also be affected.
52e88db2fb22c4e141e5ac87318e8208574eeb0aa901289e10c84b42977dfb96Secunia Research has discovered a vulnerability in Lighttpd, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of script files (e.g. PHP) from the server via specially-crafted requests containing dot and space characters. Version affected: Lighttpd version 1.4.10 for Windows. Other versions may also be affected.
f541f5d5728b7ae7a29ce41a78bd2c56a5c35ff8240f2378ff1d1465c65dc7b6Secunia Research has discovered a vulnerability in WinACE, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading an overly large ARJ header block into a fixed-sized heap buffer. This can be exploited to cause a heap-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious ARJ archive is opened. WinACE version 2.60 is affected. Earlier versions may also be susceptible.
2bc58b470920ea0971ae09b25bd4b75948eee79271c3c6fe7f2cc91ae220dc28Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in kvarcve.dll when constructing the full pathname of a compressed file to check for its existence before extracting it from a ZIP archive. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when the user extracts a compressed file with a long filename from within the Notes attachment viewer. Affected versions is Lotus Notes 6.5.4.
29ad1e0fb254d307e5c210c27de6309dbcbeec3d980b62f37a53ae596b9a9d23Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in uudrdr.dll when handling an UUE file containing an encoded file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code when a malicious UUE file is opened in the Notes attachment viewer. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
a512a74bf2eb5426a6ef1b0505c9c30d26592de02c1368592f882f68346bf269Secunia Research has discovered a vulnerability in Lotus Notes, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to directory traversal errors in kvarcve.dll when generating the preview of a compressed file from ZIP, UUE and TAR archives. This can be exploited to delete arbitrary files that are accessible to the Notes user. Affected versions are Lotus Notes 6.5.4 and Lotus Notes 7.0.
a9bc2a3a0141f79688e6b766ca98f395753401a2d0e8795deb887ac34da40f1fSecunia Research has discovered some vulnerabilities in Lotus Domino iNotes Client, which can be exploited by malicious people to conduct script insertion attacks. Affected versions include IBM Lotus Domino Web Access 7.x, IBM Lotus Domino Web Access (iNotes) 6.x, IBM Lotus Domino 6.x, and IBM Lotus Domino 7.x.
b55a4f37f4611abd8cbe649bb902701992e861abc861f2023115d74fa75039f7Secunia Research has discovered a vulnerability in TUGZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling an ARJ archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow. Successful exploitation allows arbitrary code execution when a malicious ARJ file is opened. The vulnerability has been confirmed in version 3.4.0.0. Other versions may also be affected.
90fe454dcc4e972332b2273b3e29b2723f41e8dc0a3162a8d3b8c341ab5f210fSecunia Research has discovered two boundary error vulnerabilities in various SpeedProject products, which can be exploited by malicious people to compromise a user's system.
40fcd4925c69b8512716ccb146a61281115a9d0d9c4924ad8db2a33fbfbe07b6Secunia Research has discovered some vulnerabilities in Mail Enable Professional/Enterprise, which can be exploited by malicious users to cause a DoS (Denial of Service) and to compromise a vulnerable system. Affected Software: MailEnable Professional version 1.6 with Hotfix MEIMAPS-UPD0511010000.zip applied. MailEnable Enterprise version 1.1 with Hotfix MEIMAPS-UPD0511010000.zip applied. Prior versions may also be affected.
a41e13f40a8136993edd20a8f6b3d9a6e59403bff26a194c137c66898da4cf47Secunia Research has discovered a vulnerability in AhnLab V3 Antivirus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ, UUE or XXE archive. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (UUE/XXE), when a malicious ALZ/UUE/XXE archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled.
0bff14116cee96edd9a96cde5a18e497ac854da9b5c70332dd7da845b1b46b5dSecunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive. This can be exploited to cause a stack-based buffer overflow when a malicious ALZ archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled.
489b4afab8998969fcacaff4c83d1dba4d3e66031f4ae0f13efa2d002e506f70Secunia Research has discovered two vulnerabilities in Webroot Desktop Firewall, which can be exploited by malicious, local users to gain escalated privileges or bypass certain security restrictions. Versions below 1.3.0 build 52 are affected.
44776478f3f35e220289ae51e1435d6ca495abe53dfeee3b6d9fd31adabeb0f8Secunia Research has discovered a vulnerability in ALZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to multiple boundary errors when reading the filename of a compressed file from ALZ, ARJ, ZIP, UUE or XXE archives. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (ARJ / ZIP / UUE / XXE). Successful exploitation allows execution of arbitrary code when a malicious ALZ / ARJ archive is opened, or when a ZIP / UUE / XXE archive is extracted.
bffe2f2d11e5e5ac7d2a13dfed0e4b832c4f3cf66166441b3fe900aaf6803f3aSecunia Research has discovered a vulnerability in PowerArchiver, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when reading the filename of a compressed file from an ACE/ARJ archive. This can be exploited to cause a stack-based buffer overflow when a malicious archive containing a file with an overly long filename is opened. Successful exploitation allows arbitrary code execution. Versions affected: PowerArchiver 2006 version 9.5 Beta 4/Beta 5, PowerArchiver 2004 version 9.25, PowerArchiver 2003 version 8.60, PowerArchiver 2002 version 8.10.
d91f317dc4dfa469154642413a7d8614b4d771da4b5bc132088b13598dfad62dSecunia Research has discovered a vulnerability in 7-Zip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling an ARJ block that is larger than 2600 bytes. This can be exploited to cause a stack-based buffer overflow when a specially crafted ARJ file is opened. Successful exploitation allows arbitrary code execution. Affected versions are: 7-Zip Version 3.13, 4.23, and 4.26 BETA.
21f735293b5f28bb27d6b63dd540c87041eb152dc9e1fbffb657bd18d8139676Secunia Research has discovered a vulnerability in AVIRA Desktop for Windows antivirus, which can be exploited by malicious people to compromise a vulnerable system. Affected are AVIRA Desktop for Windows version 1.00.00.68 with AVPACK32.DLL version 6.31.0.3. Prior versions may also be affected.
ac1b4b3aac838810702e5f9ffd20fdea08830ff1e8b53aa53898cc0be30eec53Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to write files to arbitrary directories. Affected versions: ViRobot Expert 4.0, ViRobot Advanced Server, ViRobot Linux Server 2.0, HAURI LiveCall.
54f7332ae5674ac7c9ad8cc8d1584cf53cec751854734aab799ee6e2323ba4e3SurgeFTP is susceptible to a LEAK command denial of service vulnerability. Tested versions include SurgeFTP versions 2.2m1 and 2.2k3 Windows on English Win2K SP4, WinXP SP2.
870f7f9a0e500e8dfffd3386dd856ff95f0c6018ebb9e1b154f414caa090d494A vulnerability was found in SurgeMail's Webmail file attachment upload feature. This vulnerability may be exploited by a malicious Webmail user to upload files to certain locations on the server, obtain file listings of certain directories, and/or send certain files on the server to him/herself. Two XSS vulnerabilities were also found.
bc8b30081d411a63cbb46392a69ad71e4bd6cf541f5daa935b7d38c891ea4700RaidenHTTPD server version 1.1.32 is susceptible to buffer overflow and CGI source disclosure vulnerabilities.
d2408ee1ff18446cf63b8d9a8520baa45564e5d5ef31391519cfc4f71f2eb461A directory traversal vulnerability was found in 602LAN SUITE's Web Mail file attachment upload feature that may be exploited to upload files to arbitrary locations on the server.
d1e62e37804a53dc78c20de47ee46e113a4de98ba83f5baabc71e5e4e2eee35c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed