Computer Security
[EN] securityvulns.ru no-pyccku


eXchangepop3 POP3 gateway for Microsoft Eschange buffer overflow
Published:03.02.2006
Source:
SecurityVulns ID:5727
Type:remote
Threat Level:
5/10
Description:RCPT TO: command stack overflow.
Affected:EXCHANGEPOP3 : Exchangepop3 5.0
Original documentdocumentsecurma massine, Exchangepop3 v5 rcpt buffer overflow vulnerability (03.02.2006)
Files:Exchangepop3 v5.0 remote exploit by securma massine

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.02.2006
Source:
SecurityVulns ID:5728
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 ODFAQ : ODFaq 2.1
 PHPLINKDIRECTORY : PHPLD 2.0
 ASHNEWS : ashnews 0.83
 ATMAIL : @Mail 4.3
 DAFFODIL : Daffodil CRM 1.0
 PHPGEN : PHP GEN 1.3
Original documentdocumentSECUNIA, [SA18715] PHP GEN Unspecified Cross-Site Scripting and SQL Injection (03.02.2006)
 documentSECUNIA, [SA18683] SoftMaker Shop resultat.asp Cross-Site Scripting (03.02.2006)
 documentSECUNIA, [SA18685] Daffodil CRM Login SQL Injection Vulnerability (03.02.2006)
 documentSECUNIA, [SA18646] @Mail Webmail Attachment Upload Directory Traversal (03.02.2006)
 documentMaksymilian Arciemowicz, [Full-disclosure] phpBB 2.0.19 Cross Site Request Forgeries and XSS Admin (03.02.2006)
 documentsimo_(at)_morx.org, [Full-disclosure] cPanel Multiple Cross Site Scripting Vulnerability (03.02.2006)
 documentsimo_(at)_morx.org, [Full-disclosure] Outblaze Cross Site Scripting Vulnerability (03.02.2006)
 documentsimo_(at)_morx.org, [Full-disclosure] Neomail Cross Site Scripting Vulnerability (03.02.2006)
 documentzeus olimpusklan, [Full-disclosure] AshWebStudio AshNews Multiple Vulnerabilities (03.02.2006)
 documentfireboy fireboy, Database Manager Default pass (03.02.2006)
 documentPreben Nylokken, SoftMaker Shop is vulnerable to XSS (03.02.2006)
 documentMario Oyorzabal Salgado, Bug for libs in php link directory 2.0 (03.02.2006)
 documentB3g0k_(at)_hackermail.com, CyberShop Ultimate E-commerce Script Cross Site Scripting (03.02.2006)
 documentStanislav Reshetnev, чтение произвольного файла в ODFaq 2.1.0 (03.02.2006)

IronMail Synflood DoS
Published:03.02.2006
Source:
SecurityVulns ID:5729
Type:remote
Threat Level:
5/10
Affected:IRONMAIL : IronMail 5.0
Original documentdocumentMark Sec, IronMail 5.0.1 Vulnerable to SYN Attack (DoS) (03.02.2006)

Powersave privilege escalation
Published:03.02.2006
Source:
SecurityVulns ID:5731
Type:local
Threat Level:
5/10
Affected:POWERSAVE : powersave 0.10
 POWERSAVE : powersave 0.11
Original documentdocumentSECUNIA, [SA18651] Powersave Privilege Escalation Vulnerability (03.02.2006)

Symantec Sygate Secure SQL injection
Published:03.02.2006
Source:
SecurityVulns ID:5732
Type:remote
Threat Level:
6/10
Description:SQL injection in administration console.
Affected:SYMANTEC : Sygate Secure Enterprise 4.1
Original documentdocumentSECUNIA, [SA18689] Symantec Sygate Management Server SQL Injection (03.02.2006)
Files:Exploits Sygate Management Server SQL Injection

Multiple Adobe applications weak file permissions
Published:03.02.2006
Source:
SecurityVulns ID:5733
Type:remote
Threat Level:
5/10
Affected:ADOBE : Photoshop CS2
 ADOBE : Illustrator CS2
 ADOBE : Creative Suite 2
Original documentdocumentSECUNIA, [SA18698] Adobe Products Insecure Default File Permissions (03.02.2006)

NetBSD kernfs kernel memory information leak
updated since 10.01.2006
Published:03.02.2006
Source:
SecurityVulns ID:5612
Type:local
Threat Level:
5/10
Description:It's possible to lseek behind file boundary to read arbitrary memory.
Affected:NETBSD : 2.1
 NETBSD : 2.0
 NETBSD : 1.6
Original documentdocumentSecurityLab Research, [SLAB] NetBSD / OpenBSD kernfs_xread patch evasion (03.02.2006)
 documentNETBSD, NetBSD Security Advisory 2006-001: Kernfs kernel memory disclosure (10.01.2006)

Multiple Mozilla / Firefox / Thinderbird vulnerabilities
updated since 03.02.2006
Published:08.02.2006
Source:
SecurityVulns ID:5730
Type:client
Threat Level:
8/10
Description:Javascript code execution, heap memory corruption with styles, memory corruption with QueryInterface, code execution with XULDocument.persist(), multiple integer overflows, information leak from nsExpatDriver::ParseBuffer(). Silen trojan code installation is potentially possible.
Affected:MOZILLA : Mozilla 1.7
 MOZILLA : Firefox 1.5
 MOZILLA : Thunderbird 1.7
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-038A -- Multiple Vulnerabilities in Mozilla Products (08.02.2006)
 documentSECUNIA, [SA18700] Firefox Multiple Vulnerabilities (03.02.2006)
Files: Mozilla Firefox "location.QueryInterface()" Remote Command Execution Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod