Description

Download Security Update 28 Release Notes (PDF)

Use the LiveUpdate feature of Symantec NetRecon 3.6 to download the security update.

Symantec NetRecon 3.6 Security Update 28 (SU 28) detects and reports 147 new vulnerabilities.

New vulnerabilities

ID	Vulnerability name
15834	Apache Mod_IMAP Referer Cross-Site Scripting Vulnerability
16152	Apache Mod_SSL Custom Error Document Remote Denial Of Service Vulnerability
15762	Apache MPM Worker.C Denial Of Service Vulnerability
16291	Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
15602	Cisco IOS HTTP Service HTML Injection Vulnerability
16303	Cisco IOS SGBP Remote Denial of Service Vulnerability
12307	Cisco IOS Skinny Call Control Protocol Handler Remote Denial Of Service Vulnerability
16383	Cisco IOS TCLSH AAA Command Authorization Bypass Vulnerability
1161	Cisco Router Online Help Vulnerability
13767	GNU SHTool Insecure Temporary File Deletion Vulnerability
10118	Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
11173	Microsoft GDI+ Library JPEG Segment Length Integer Underflow Vulnerability
3546	Microsoft Internet Explorer Cookie Disclosure Vulnerability
3513	Microsoft Internet Explorer Cookie Disclosure/Modification Vulnerability
3556	Microsoft Internet Explorer Patch Q312461 Existence Vulnerability
10113	Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
1882	Microsoft Network Monitor Multiple Buffer Overflow Vulnerabilities
11379	Microsoft NNTP Component Heap Overflow Vulnerability
2048	Microsoft PhoneBook Server Buffer Overflow
4387	Microsoft Temporary Internet File Execution Vulnerability
3724	Microsoft Universal Plug and Play Simple Service Discovery Protocol Denial of Service Vulnerability
3723	Microsoft UPnP NOTIFY Buffer Overflow Vulnerability
10117	Microsoft Virtual DOS Machine Local Privilege Escalation Vulnerability
10114	Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
16194	Microsoft Windows Embedded Web Font Buffer Overflow Vulnerability
16074	Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability
10111	Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
5872	Microsoft Windows Help Facilities Vulnerabilities
5874	Microsoft Windows Help Facility ActiveX Control Buffer Overflow Vulnerability
16645	Microsoft Windows IGMPv3 Denial of Service Vulnerability
12481	Microsoft Windows License Logging Service Buffer Overflow Vulnerability
10122	Microsoft Windows Local Descriptor Table Local Privilege Escalation Vulnerability
16484	Microsoft Windows Multiple Local Privilege Escalation Vulnerabilities
10116	Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
12484	Microsoft Windows Server Message Block Handlers Remote Buffer Overflow Vulnerability
10115	Microsoft Windows SSL Library Denial of Service Vulnerability
3997	Microsoft Windows Trusted Domain Privilege Escalation Vulnerability
10124	Microsoft Windows Utility Manager Local Privilege Escalation Vulnerability
16636	Microsoft Windows Web Client Buffer Overflow Vulnerability
11763	Microsoft Windows WINS Association Context Data Remote Memory Corruption Vulnerability
11922	Microsoft Windows WINS Name Value Handling Remote Buffer Overflow Vulnerability
10120	Microsoft Windows WMF/EMF Image Formats Remote Buffer Overflow Vulnerability
2906	MS Visual Studio RAD Support Buffer Overflow Vulnerability
2022	Multiple Vendor TCP/IP Resource Exhaustion Vulnerability
12781	MySQL AB MySQL Multiple Remote Vulnerabilities
9976	MySQL Aborted Bug Report Insecure Temporary File Creation Vulnerability
10654	MySQL Authentication Bypass Vulnerability
11261	MySQL Bounded Parameter Statement Execution Remote Buffer Overflow Vulnerability
12277	MySQL Database MySQLAccess Local Insecure Temporary File Creation Vulnerability
11435	MySQL Database Unauthorized GRANT Privilege Vulnerability
11357	MySQL Multiple Local Vulnerabilities
13660	MySQL mysql_install_db Insecure Temporary File Creation Vulnerability
10142	MySQL MYSQLD_Multi Insecure Temporary File Creation Vulnerability
10969	MySQL Mysqlhotcopy Script Insecure Temporary File Creation Vulnerability
10655	MySQL Password Length Remote Buffer Overflow Vulnerability
16850	MySQL Query Logging Bypass Vulnerability
11432	MySQL Remote FULLTEXT Search Denial Of Service Vulnerability
11291	MySQL Unspecified Insecure Temporary File Creation Vulnerability
14509	MySQL User-Defined Function Buffer Overflow Vulnerability
3135	Oracle /tmp Race Condition Vulnerability
170	Oracle 8 File Access Vulnerabilities
159	Oracle 8 oratclsh Suid Vulnerability
3903	Oracle 8i dbsnmp Command Remote Denial of Service Vulnerability
6733	Oracle 8i Listener Remote Redirect Denial of Service Vulnerability
2941	Oracle 8i TNS Listener Buffer Overflow Vulnerability
4413	Oracle 8i TNS Listener Local Command Parameter Buffer Overflow Vulnerability
4290	Oracle 9i Default Configuration File Information Disclosure Vulnerability
4037	Oracle 9iAS Apache PL/SQL Module Denial of Service Vulnerability
4032	Oracle 9iAS Apache PL/SQL Module Multiple Buffer Overflows Vulnerability
4292	Oracle 9iAS Apache PL/SQL Module Web Administration Access Vulnerability
1968	Oracle cmctl Buffer Overflow Vulnerability
12749	Oracle Database 8i/9i Multiple Remote Directory Traversal Vulnerabilities
3902	Oracle Database Auditing Insecure Default Configuration Vulnerability
10829	Oracle Database Default Library Directory Privilege Escalation Vulnerability
13144	Oracle Database Multiple SQL Injection Vulnerabilities
12301	Oracle Database Multiple Vulnerabilities
11099	Oracle Database Server ctxsys.driload Access Validation Vulnerability
11100	Oracle Database Server dbms_system.ksdwrt Remote Buffer Overflow Vulnerability
6850	Oracle Database Server DIRECTORY Buffer Overflow Vulnerability
8267	Oracle Database Server EXTPROC Buffer Overflow Vulnerability
6847	Oracle Database Server TO_TIMESTAMP_TZ Buffer Overflow Vulnerability
6848	Oracle Database Server TZ_OFFSET Buffer Overflow Vulnerability
15450	Oracle Database Windows XP Simple File Sharing Authentication Bypass Vulnerability
1035	Oracle for Linux Installer Vulnerability
1828	Oracle Internet Directory 2.0.6 oidldap Vulnerability
14238	Oracle July Security Update Multiple Vulnerabilities
5457	Oracle Listener Malformed Debugging Command Denial Of Service Vulnerability
10871	Oracle Multiple Unspecified Vulnerabilities
13139	Oracle Multiple Vulnerabilities
5460	Oracle Net Listener Format String Vulnerability
7453	Oracle Net Services Link Buffer Overflow Vulnerability
15134	Oracle October Security Update Multiple Vulnerabilities
3139	Oracle OTRCREP Oracle Home Environment Variable Buffer Overflow Vulnerability
3899	Oracle RDBMS Server Default Account Vulnerability
3900	Oracle SQL*Plus Unauthorized Shell Command Execution Vulnerability
5678	Oracle TNS Listener Service_CurLoad Remote Denial Of Service Vulnerability
2295	Oracle XSQL Servlet Arbitrary Java Code Vulnerability
2206	PHP .htaccess Attribute Transfer Vulnerability
16220	PHP 5 User-Supplied Session ID Input Validation Vulnerability
15177	PHP Apache 2 Local Denial of Service Vulnerability
15413	PHP Apache 2 Virtual() Safe_Mode and Open_Basedir Restriction Bypass Vulnerability
15411	PHP cURL and GD Multiple Safe_Mode and Open_Basedir Restriction Bypass Vulnerabilities
11557	PHP cURL Open_Basedir Restriction Bypass Vulnerability
8405	PHP DLOpen Memory Disclosure Vulnerability
2205	PHP Engine Disable Source Viewing Vulnerability
1786	PHP Error Logging Format String Vulnerability
15250	PHP File Upload GLOBAL Variable Overwrite Vulnerability
5681	PHP Function CRLF Injection Vulnerability
1270	1PHP Glob Function Local Information Disclosure Vulnerability
13164	PHP Group Exif Module IFD Nesting Denial Of Service Vulnerability
13163	PHP Group Exif Module IFD Tag Integer Overflow Vulnerability
15358	PHP Group Exif Module Infinite Recursion Denial Of Service Vulnerability
12962	PHP Group PHP Image File Format Remote Denial Of Service Vulnerability
13143	PHP Group PHP Multiple Unspecified Vulnerabilities
12963	PHP Group PHP Remote JPEG File Format Remote Denial Of Service Vulnerability
5669	PHP Header Function Script Injection Vulnerability
4063	PHP Include File Relative Directory Information Disclosure Vulnerability
10427	PHP Input/Output Wrapper Remote Include Function Command Execution Weakness
5280	PHP Interpreter Direct Invocation Denial Of Service Vulnerability
11992	PHP JPEG Image Buffer Overflow Vulnerability
15571	PHP MB_Send_Mail TO Argument Header Injection Vulnerability
10471	PHP Microsoft Windows Shell Escape Functions Command Execution Vulnerability
4325	PHP Move_Uploaded_File Open_Basedir Circumvention Vulnerability
11964	PHP Multiple Local And Remote Vulnerabilities
11981	PHP Multiple Remote Vulnerabilities
16145	PHP MySQL_Connect Remote Buffer Overflow Vulnerability
16219	PHP MySQLI Error Logging Remote Format String Vulnerability
14957	PHP Open_BaseDir Security Restriction Bypass Vulnerability
15249	PHP Parse_Str Register_Globals Activation Weakness
11334	PHP PHP_Variables Remote Memory Disclosure Vulnerability
15248	PHP PHPInfo Cross-Site Scripting Vulnerability
4606	PHP posix_getpwnam / posix_getpwuid safe_mode Circumvention Vulnerability
11190	PHP Remote Arbitrary Location File Upload Vulnerability
15119	PHP Safedir Restriction Bypass Vulnerabilities
14858	PHP Session Handling Local Session Hijacking Vulnerability
12045	PHP Shared Memory Module Offset Memory Corruption Vulnerability
8201	PHP Undefined Safe_Mode_Include_Dir Safemode Bypass Vulnerability
911	PHP3 'safe_mode' Failure Vulnerability
8693	PHP4 Base64_Encode() Integer Overflow Vulnerability
8696	PHP4 Multiple Vulnerabilities
12665	PHP4 Readfile Denial Of Service Vulnerability
3873	PHP4 Session Files Local Information Disclosure Vulnerability
11726	Sun Java Runtime Environment Java Plug-in JavaScript Security Restriction Bypass Vulnerability
4410	Windows 2000 DCOM Client Memory Disclosure Vulnerability
3381	WinMySQLadmin Plain Text Password Storage Vulnerability
14088	XML-RPC for PHP Remote Code Injection Vulnerability
14162	Zlib Compression Library Buffer Overflow Vulnerability

For vulnerability details, download the Security Update 28 Release Notes (PDF).