Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.06.2006
Source:
SecurityVulns ID:6209
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SADRAVEN : Sad Raven's guestbook 1.1
 SQUIRRELMAIL : squirrelmail 1.4
 DRUPAL : Drupal 4.6
 DRUPAL : Drupal 4.7
 CODEAVALANCHE : CodeAvalanche Forum 1.0
 OVIDENTIA : OVidentia 5.8
 TAL : TAL RateMyPic 1.0
 SIMPLEBOARD : SimpleBoard 1.1
 ABARCAR : Realty Portal 5.1
Original documentdocumentDimonelite, уязвимость в Sad Raven's guestbook (02.06.2006)
 documentSECUNIA, [SA20408] REDAXO "REX[INCLUDE_PATH]" File Inclusion Vulnerabilities (02.06.2006)
 documentSECUNIA, [SA20372] Goss iCM "keyword" Cross-Site Scripting Vulnerability (02.06.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, northstudio Cross Site Scripting Vulnerability (02.06.2006)
 documentbrokejunker_(at)_yahoo.com, Squirrelmail local file inclusion (02.06.2006)
 documentYannick von Arx, Joomla/Mambo CMS Component SimpleBoard 1.1 XSS-Vulnerabilities (02.06.2006)
 documentluny_(at)_youfucktard.com, TAL RateMyPic v1.0 (02.06.2006)
 documentbugtraq_(at)_fbi.gov, ishopcart cgi 0day and multiple vulnerabilities (02.06.2006)
 documentblack-cod3_(at)_hotmail.com, multiple file inclusion exploits in ovidentia v5.8.0 (02.06.2006)
 documentomnipresent_(at)_email.it, ASP Discussion Forum Like the one on FreeVBCode.com Remote XSS Exploit (02.06.2006)
 documentomnipresent_(at)_email.it, ASP Discussion Forum Remote XSS Attack (02.06.2006)
 documentSpC-x, abarcar Realty Portal SQL Injection Vulnerability (02.06.2006)
Files:Exploits ishopcard buffer overflow

FreeBSD ypserv NIS access protection bypass
Published:02.06.2006
Source:
SecurityVulns ID:6210
Type:remote
Threat Level:
6/10
Description:/var/yp/securenets access control restrictions do not work.
Affected:FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 6.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:15.ypserv (02.06.2006)

Weak xmcd security permissions
Published:02.06.2006
Source:
SecurityVulns ID:6213
Type:local
Threat Level:
5/10
Description:xmcdconfig creates workd-writable file allowing DoS attacks to fill file system.
Affected:XMCD : xmcd 2.6
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1086-1] New xmcd packages fix denial of service (02.06.2006)

IBM DCE Kerberos DoS
Published:02.06.2006
Source:
SecurityVulns ID:6214
Type:remote
Threat Level:
5/10
Original documentdocumentSECUNIA, [SA20364] IBM DCE Two Kerberos Vulnerabilities (02.06.2006)

F-Secure antiviruses Web console buffer overflow
Published:02.06.2006
Source:
SecurityVulns ID:6215
Type:remote
Threat Level:
5/10
Affected:F-SECURE : F-Secure Anti-Virus for Microsoft Exchange 6.40
 F-SECURE : F-Secure Internet Gatekeeper 6.50
Original documentdocumentSECUNIA, [SA20407] F-Secure Products Web Console Buffer Overflow Vulnerability (02.06.2006)

Avast! antivirus code execution
Published:02.06.2006
Source:
SecurityVulns ID:6217
Type:remote
Threat Level:
5/10
Affected:ALWIL : avast! Antivirus 4.7
Original documentdocumentSECUNIA, [SA20387] avast! Unspecified CHM Unpacker Vulnerability (02.06.2006)

Linux / FreeBSD kernel SMBFS/CIFSFS chroot restriction bypass
updated since 28.04.2006
Published:02.06.2006
Source:
SecurityVulns ID:6071
Type:local
Threat Level:
6/10
Description:It's possible to traverse chroot directory.
Affected:LINUX : kernel 2.6
 FREEBSD : FreeBSD 4.10
 FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 4.11
 FREEBSD : FreeBSD 6.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:16.smbfs (02.06.2006)
 documentSECUNIA, [SA19868] Linux Kernel CIFS chroot Directory Traversal Vulnerability (28.04.2006)
 documentSECUNIA, [SA19869] Linux Kernel SMBFS chroot Directory Traversal Vulnerability (28.04.2006)

SNORT HTTP request rules bypass
updated since 02.06.2006
Published:03.06.2006
Source:
SecurityVulns ID:6211
Type:remote
Threat Level:
5/10
Description:It's possible to traverse all HTTP rules by using CR ('\r') as a space characters in requests.
Affected:SNORT : snort 2.4
Original documentdocumentSigint Consulting, New Snort Bypass - Patch - Bypass of Patch (03.06.2006)
 documentChristian Swartzbaugh, Snort HTTP Inspect Pre-Processor Uricontent Bypass (02.06.2006)

Multiple Mozilla / Firefox / Thunderbird / Netscape / Seamonkey security vulnerabilities
updated since 02.06.2006
Published:03.06.2006
Source:
SecurityVulns ID:6216
Type:client
Threat Level:
9/10
Description:Localzone scripting with code execution, memory corruption, HTTP response splitting, array overflow, javascript filtering bypass.
Affected:MOZILLA : Firefox 1.0
 MOZILLA : Thunderbird 1.0
 MOZILLA : Thunderbird 1.5
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-153A -- Mozilla Products Contain Multiple Vulnerabilities (03.06.2006)
 documentSECUNIA, [SA20394] SeaMonkey VCard Double-Free and "addSelectionListener" Vulnerabilities (02.06.2006)
 documentSECUNIA, [SA20382] Thunderbird Multiple Vulnerabilities (02.06.2006)
 documentSECUNIA, [SA20376] Firefox Multiple Vulnerabilities (02.06.2006)

VMWare ESX Server crossite scripting and password leak
updated since 02.06.2006
Published:02.08.2006
Source:
SecurityVulns ID:6212
Type:remote
Threat Level:
6/10
Description:Management Interface crossite scripting. Additionally, cleartext password is contained in session cookie and server log files.
Affected:VMWARE : VMware ESX Server 2.0
 VMWARE : VMware ESX Server 2.1
 VMWARE : VMware ESX Server 2.5
Original documentdocumentVMWARE, VMSA-2006-0004 Cross site scripting vulnerability and other fixes (02.08.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Password Disclosure in Log issue (02.08.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Password Disclosure in Cookie issue (02.08.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Password Cross Site Request Forgery issue (02.08.2006)
 documentVMWARE, VMSA-2006-0002 - VMware Server sensitive information lifetime issue (03.06.2006)
 documentadvisories, Corsaire Security Advisory - VMware ESX Server Cross Site Scripting issue (02.06.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod