Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 02.10.2006
Published:02.10.2006
Source:
SecurityVulns ID:6667
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BASILIX : BasiliX 1.1
 PHPMYADMIN : phpmyadmin 2.9
 PHPBB : phpBB XS 0.58
 OLATE : OlateDownload 3.4
 GOOGLE : Google Mini Search Appliance 4.4
 DELUXEBB : DeluxeBB 1.09
 WWWTHREADS : WWWthreads 5.4
Original documentdocumentDavid Matousek, Kerio Multiple insufficient argument validation of hooked SSDT function Vulnerability (03.10.2006)
 documentMILW0RM, VAMP Webmail <= 2.0beta1 (yesno.phtml) Remote Include Vulnerability (02.10.2006)
 documentlas_kid_(at)_yahoo.com, EasyBannerFree (functions.php) Remote File Include Exploit (02.10.2006)
 documentSECUNIA, [SA22211] WWWthreads "Cat" Cross-Site Scripting Vulnerabilities (02.10.2006)
 documentSECUNIA, [SA22176] DeluxeBB "templatefolder" File Inclusion Vulnerability (02.10.2006)
 documentSECUNIA, [SA22059] Google Mini Search Appliance Path Disclosure Weakness (02.10.2006)
 documentStefan Esser, [Full-disclosure] Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities (02.10.2006)
 documentx0r0n_(at)_hotmail.com, phpBB XS <= 0.58 (phpbb_root_path) Remote File Include Vulnerability(2) (02.10.2006)
 documenth4ck3riran_(at)_yahoo.com, Yblog => Cross Site Scripting (02.10.2006)
 documentHessam Salehi, OlateDownload 3.4.0 Multiple Vulnerabilities (02.10.2006)
Files:local cPanel <= 10.8.x cpwrap root exploit via mysqladmin
 BasiliX <= 1.1.1 Remote File Include Exploit

Multiple MailEnable Mail server vulnerabilities
Published:02.10.2006
Source:
SecurityVulns ID:6669
Type:remote
Threat Level:
7/10
Description:Multiple buffer overflows and DoS conditions on SMTP NTLM authentication.
CVE:CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.)
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200609-01] Multiple Pre-Authentication Vulnerabilities in MailEnable SMTP (02.10.2006)

migrationtools symbolic links problem
Published:02.10.2006
Source:
SecurityVulns ID:6670
Type:remote
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation.
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1187-1] New migrationtools packages fix denial of service (02.10.2006)

0-day Mozilla Firefox code execution security vulnerability
Published:02.10.2006
Source:
SecurityVulns ID:6671
Type:client
Threat Level:
8/10
Description:Vulnerability with javascript processing allows code execution.
Affected:MOZILLA : Firefox 1.5
Original documentdocumentThor Larholm, [Full-disclosure] 0day in Firefox from ToorCon '06 (02.10.2006)

IBM Informix symbolic links security vulnerability
Published:02.10.2006
Source:
SecurityVulns ID:6672
Type:local
Threat Level:
5/10
Description:On installation /tmp/installserver.txt file is insecurely created.
Affected:IBM : Informix Dynamic Server 10.0
Original documentdocumentLarry Cashdollar, [Full-disclosure] IBM Informix Dynamic Server V10.0 File Clobbering during Install (02.10.2006)

McAfee ePolicy Orchestrator buffer overflow
Published:02.10.2006
Source:
SecurityVulns ID:6673
Type:remote
Threat Level:
6/10
Description:Buffer overflow in NAISERV.exe service.
Affected:MCAFEE : ePolicy Orchestrator 3.5
 MCAFEE : Protection Pilot 1.1
Original documentdocumentmuts, [Full-disclosure] McAfee EPO Buffer Overflow (02.10.2006)
Files:Exploits McAfee ePolicy Orchestrator / ProtPilot Source Overflow (metasploit)

TrendMicro OfficeScan ActiveX format string
Published:02.10.2006
Source:
SecurityVulns ID:6674
Type:client
Threat Level:
6/10
Description:Format string vulnerability in ATXCONSOLE.OCX control library.
Affected:TM : OfficeScan Corporate Edition 7.3
Original documentdocumentDeral Heiland, [Full-disclosure] Layered Defense Advisory: TrendMicro OfficesScan Corporate Edition Format String Vulnerability (02.10.2006)

Multiple MacOS X security vulnerabilities
updated since 02.10.2006
Published:03.10.2006
Source:
SecurityVulns ID:6668
Type:remote
Threat Level:
8/10
Description:Multiple local and client vulneragbilities in different subcomponents.
Affected:APPLE : Mac OS X 10.4
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-275A -- Multiple Vulnerabilities in Apple and Adobe Products (03.10.2006)
 documentadvisories_(at)_matasano.com, Matasano Advisory: MacOS X Mach Exception Server Privilege Escalation (02.10.2006)
 documentSECUNIA, [SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities (02.10.2006)
Files:Exploits Mac OS X Mach Exception Handling

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod