Computer Security
[EN] securityvulns.ru no-pyccku


NView / XNView multimedia viewer / browser privilege escalation
updated since 30.12.2005
Published:03.01.2006
Source:
SecurityVulns ID:5586
Type:local
Threat Level:
5/10
Description:Dynamic libraries from current directory are loaded on startup.
Original documentdocumentGENTOO, [ GLSA 200512-18 ] XnView: Privilege escalation (03.01.2006)
 documentSECUNIA, [SA18235] XnView / NView Insecure RPATH Vulnerability (30.12.2005)

Dopewars format string vulnerability
Published:03.01.2006
Source:
SecurityVulns ID:5592
Type:remote
Threat Level:
5/10
Description:FOrmat string bug on file logging.
Affected:DOPEWARS : Dopewars 1.5
Original documentdocumentSECUNIA, [SA18246] Dopewars Server Message Logging Format String Vulnerability (03.01.2006)

eFileGo directory traversal
Published:03.01.2006
Source:
SecurityVulns ID:5594
Type:remote
Threat Level:
5/10
Description:Directory traversal in TCP/608 Web server.
Affected:EFILEGO : eFileGo 3.01
Original documentdocumentSECUNIA, [SA18279] eFileGo Multiple Vulnerabilities (03.01.2006)

Multiple AIX multiple vulnerabilities
updated since 16.12.2005
Published:03.01.2006
Source:
SecurityVulns ID:5537
Type:local
Threat Level:
6/10
Description:Buffer overflow in heap debugging, buffer overflows in muxatmd, slocal, file access privilege escalation in getShell and getCommand.
Affected:IBM : AIX 5.1
 IBM : AIX 5.2
 IBM : AIX 5.3
Original documentdocumentXFOCUS Security Team, [xfocus-SD-060101]AIX getCommand&getShell two vulnerabilities (03.01.2006)
 documentNGSSoftware Insight Security Research, Patches available for IBM AIX flaws (16.12.2005)

pinentry PIN entering dialogs application privilege escalation
Published:03.01.2006
Source:
SecurityVulns ID:5591
Type:local
Threat Level:
5/10
Description:sgid wheel is incorrectly set for application.
Affected:PINENTRY : pinentry 0.7
Original documentdocumentGENTOO, [ GLSA 200601-01 ] pinentry: Local privilege escalation (03.01.2006)

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
Published:03.01.2006
Source:
SecurityVulns ID:5590
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DRUPAL : Drupal 4.6
 JELSOFT : vBulletin 3.5
 PRIMOPLACE : Primo Cart 1.0
 OPENXCHANGE : Open Xchange 0.8
 VEGO : VEGO Links Builder 2.0
 VEGO : VEGO Web Forum 1.26
 CHIPMUNK : Chipmunk Guestbook 1.4
 PHPBOOK : phpBook 1.3
 PHPENPALS : PHPenpals
 PHPJOURNALER : PHPjournaler 1.0
 MYBB : MyBB 1.01
 DISCUS : Discus 3.10
 BNET : B-net Software 1.0
 PHANATIC : Chimera Web Portal System 0.2
Original documentdocumentAliaksandr Hartsuyeu, [eVuln] Chimera Web Portal System Multiple Vulnerabilities (03.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Chipmunk Guestbook XSS Vulnerability (03.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] PHPjournaler SQL Injection Vulnerability (03.01.2006)
 documentalireza hassani, [KAPDA::#19] - Html Injection in vBulletin 3.5.2 (03.01.2006)
 documentSECUNIA, [SA18271] B-net Software Script Insertion Vulnerabilities (03.01.2006)
 documentSECUNIA, [SA18283] Discus Error Message Cross-Site Scripting Vulnerability (03.01.2006)
 documentSECUNIA, [SA18281] MyBB Multiple Vulnerabilities (03.01.2006)
 documentSECUNIA, [SA18268] phpBook "email" PHP Code Injection Vulnerability (03.01.2006)
 documentSECUNIA, [SA18269] PHPenpals "personalID" SQL Injection Vulnerability (03.01.2006)
 documentSECUNIA, [SA18265] PHPjournaler "readold" SQL Injection Vulnerability (03.01.2006)
 documentSECUNIA, [SA18263] Web Wiz Products "txtUserName" SQL Injection Vulnerability (03.01.2006)
 documentSECUNIA, [SA18252] phpBB "url" bbcode Script Insertion Vulnerability (03.01.2006)
 documentSECUNIA, [SA18273] VEGO Web Forum "theme_id" SQL Injection Vulnerability (03.01.2006)
 documentSECUNIA, [SA18270] Chipmunk GuestBook Script Insertion Vulnerability (03.01.2006)
 documentSECUNIA, [SA18272] VEGO Links Builder "username" SQL Injection Vulnerability (03.01.2006)
 documentThomas Pollet, [Full-disclosure] Open Xchange XSS (03.01.2006)
 document:) :), drupal all versiyon xss (03.01.2006)
 documentr0t, Primo Cart SQL inj. (03.01.2006)

File::ExtAttr perl library buffer overflow
Published:03.01.2006
Source:
SecurityVulns ID:5593
Type:library
Threat Level:
5/10
Description:Off-by-one overflow on extended attributes reading.
Affected:FILEEXTATTR : File::ExtAttr 0.02
Original documentdocumentSECUNIA, [SA18253] File::ExtAttr "getfattr()" Off-By-One Vulnerability (03.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod