Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.07.2006
Source:
SecurityVulns ID:6328
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 PHPMYADMIN : phpmyadmin 2.8
 EZWAITER : ezWaiter 3.0
 ZENCART : Zen-Cart 1.3
 MONIWIKI : MoniWiki 1.1
 MYNEWSGROUPS : MyNewsGroups 0.6
 NEWS : news 5.2
 VASTAL : Buddy Zone 1.0
 STURGEON : SturGeoN Upload 1
 PHPFORMGENERATOR : phpFormGenerator 2.09
Original documentdocumentmorning_wood, [Full-disclosure] phpFormGenerator (02.07.2006)
 documentbug_(at)_securitynews.ir, phpMyAdmin : Cross-Site Scripting Vulnerability (02.07.2006)
 documentluny_(at)_youfucktard.com, Buddy Zone Version 1.0.1 - XSS (02.07.2006)
 documentxzerox_(at)_linuxmail.org, phpBB 2.0.21 Full Path Disclosure (02.07.2006)
 documentsecurityconnection_(at)_gmail.com, NewsPHP 2006 PRO XSS SQL injection Vulnerability (02.07.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, MyNewsGroups<<--v. 0.6 "tree.php" SQL Injection (02.07.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, FreeHost "misc.php & news.php" SQL Injection (02.07.2006)
 documentmac68k_(at)_gmail.com, [Kil13r-SA-20060701-2] MoniWiki 1.1.1 Cross-Site Scripting Vulnerability (02.07.2006)
 documento.y.6_(at)_hotmail.com, Zen-Cart 1.3.0.2 Full Path Disclosure (02.07.2006)
 documentluny_(at)_youfucktard.com, ezWaiter v3.0 - XSS (02.07.2006)
Files:PhpBB Exploit: All Topics Hack Sql injection
 PhpBB Exploit: User Class Mod Sql injection ( Level list)
 PhpBB Exploit: Most Used Languages Module Sql injection
 Exploits News <= 5.2 SQL Injection (cmd exec)
 SturGeoN Upload Remote Command Execution Exploit

libwmf integer overflow
Published:02.07.2006
Source:
SecurityVulns ID:6329
Type:library
Threat Level:
6/10
Description:Integer overflow causes heap overflow.
Affected:LIBWMF : libwmf 0.2
Original documentdocumentinfamous41md_(at)_hotpop.com, libwmf integer/heap overflow (02.07.2006)

Apple iTunes integer overflow
Published:02.07.2006
Source:
SecurityVulns ID:6330
Type:client
Threat Level:
6/10
Description:Inter overflow on AAC files parsing (.M4A, .M4P) with invalid sample_size_table value.
Affected:APPLE : iTunes 6.0
Original documentdocumentZDI, ZDI-06-020: Apple iTunes AAC File Parsing Integer Overflow Vulnerability (02.07.2006)

Hobbit client unauthorized files access
Published:02.07.2006
Source:
SecurityVulns ID:6331
Type:local
Threat Level:
5/10
Description:logfecth suid utiliy allows local files access.
Affected:HOBBITMONITOR : Hobbit Monitor 4.2
Original documentdocumentHenrik Stoerner, Hobbit monitor: Security issue with Hobbit 4.2-beta client (02.07.2006)

Multiple HP-UX utilities security vulnerabilities
Published:02.07.2006
Source:
SecurityVulns ID:6332
Type:local
Threat Level:
6/10
Description:'mkdir' privilege escalation, 'passwd' DoS.
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02103 SSRT5953 rev.3 - HP-UX passwd(1) Local Denial of Service (DoS) (02.07.2006)
 documentHP, [security bulletin] HPSBUX02128 SSRT5996 - rev.1 HP-UX mkdir(1) Local Unauthorized Access (02.07.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod