• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Microsoft Windows UMPNPMGR wsprintfW Local overflow

Network Security News – Friday, October 14, 2005 Events

Microsoft Windows UMPNPMGR wsprintfW Local overflow

A remote overflow exists in Microsoft Windows NT, 2000 & XP. The Microsoft Windows MSRPC Plug and Play service fails to validate user supplied data to the wsprintfW call within the code for UMPNPMGR, resulting in a stack buffer overflow. With a specially crafted request, a remote authenticated attacker can execute arbitrary code with SYSTEM privileges on a remote Windows 2000 or XP SP1 system. On Windows XP SP2, this vulnerability could also be exploited by an unprivileged user to gain full privileges on a system to which he is logged in interactively. Both resulting in a loss of integrity to the system.. Read more at osvdb.org/18830

Oracle9i Database Server Multiple Unspecified SQL Related Issues

Oracled9i Database Server contains multiple vulnerabilities that could lead to SQL injection, buffer overflows, denial of service, trigger abuse, or character set conversion bugs. This could result in a loss of integrity.. Read more at osvdb.org/19853

versatileBulletinBoard (vBB) getversions.php Information Disclosure

versatileBulletinBoard (vBB) contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker calls the getversions.php script, which will disclose detailed file and version information resulting in a loss of confidentiality.. Read more at osvdb.org/19973

versatileBulletinBoard (vBB) userlistpre.php list Variable XSS

versatileBulletinBoard (vBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list' variable upon submission to the userlistpre.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19972

versatileBulletinBoard (vBB) imagewin.php file Variable XSS

versatileBulletinBoard (vBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' variable upon submission to the imagewin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19971

versatileBulletinBoard (vBB) dereferrer.php url Variable XSS

versatileBulletinBoard (vBB) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the dereferrer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19970

versatileBulletinBoard (vBB) dereferrer.php Arbitrary External Site Redirection

versatileBulletinBoard (vBB) contains a flaw that may allow a malicious user to adversely affect a user's browsing. The issue is triggered when an attacker uses the dereferrer.php script to redirect a person to an arbitrary site. It is possible that the flaw may allow the attacker to trick a user into executing arbitrary scripts on a malicious site.. Read more at osvdb.org/19969

versatileBulletinBoard (vBB) Forgot Password Feature email Field SQL Injection

versatileBulletinBoard (vBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'Forgot Password' feature not properly sanitizing user-supplied input to the 'email' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19968

versatileBulletinBoard (vBB) userlistpre.php list Variable SQL Injection

versatileBulletinBoard (vBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the userlistpre.php script not properly sanitizing user-supplied input to the 'list' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19967

versatileBulletinBoard (vBB) Search For Posts Feature SQL Injection

versatileBulletinBoard (vBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'Search for Posts' feature not properly sanitizing user-supplied input to the search query. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19966

Vuln: Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability

Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability. Read more at securityfocus.com/bid/14260

Vuln: Microsoft Windows FTP Client Directory Traversal Vulnerability

Microsoft Windows FTP Client Directory Traversal Vulnerability. Read more at securityfocus.com/bid/12160

Vuln: TYPSoft FTP Server RETR Denial Of Service Vulnerability

TYPSoft FTP Server RETR Denial Of Service Vulnerability

. Read more at securityfocus.com/bid/15104

Vuln: XMail Local Buffer Overflow Vulnerability

XMail Local Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15103

[security bulletin] SSRT051041 rev.1 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)

[security bulletin] SSRT051041 rev.1 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS). Read more at securityfocus.com/archive/1/413288

[security bulletin] SSRT5975 HP-UX Running on Itanium Platforms Local Denial of Service (DoS)

[security bulletin] SSRT5975 HP-UX Running on Itanium Platforms Local Denial of Service (DoS). Read more at securityfocus.com/archive/1/413298

iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.13.05: Multiple Vendor wget/curl NTLM Username Buffer Overflow Vulnerability

. Read more at securityfocus.com/archive/1/413305

iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail ‘sendmail’ Recipient Buffer Overflow Vulnerability

iDEFENSE Security Advisory 10.13.05: Multiple Vendor XMail ‘sendmail’ Recipient Buffer Overflow Vulnerability. Read more at securityfocus.com/archive/1/413301

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software