Computer Security
[EN] securityvulns.ru no-pyccku


Apple MacOS X passwd privilege escalation
updated since 02.03.2006
Published:03.03.2006
Source:
SecurityVulns ID:5847
Type:local
Threat Level:
6/10
Description:Few vulnerabilities (symbolic links, race conditions) allow any system files editing.
Affected:APPLE : MacOS X 10.3
 APPLE : Mac OS X 10.4
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.02.06: Apple Mac OS X passwd Arbitrary Binary File Creation/Modification (03.03.2006)
 documentVade 79, [OSX]: /usr/bin/passwd local root exploit. (02.03.2006)
Files:/usr/bin/passwd[OSX]: local root exploit

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.03.2006
Source:
SecurityVulns ID:5851
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GALLERY : Gallery 2.0
 MYBB : MyBB 1.0
 JOOMLA : Joomla! 1.0
 PLUGGEDOUT : Nexus 0.1
 EBLAH : E-Blah 9.7
 WBBCODERFORUM : Datenbank MOD 2.7
 DAWAWEEN : Dawaween 1.03
 GREGARIOUS : Gregarius 0.5
 SKATEBOARD : Skate Board 0.9
 FUSIONPHP : FusionPHP 1.0
 VUBB : VUBB 0.2
 AZTEK : Aztek Forum 4.0
Original documentdocumentbilly_(at)_hotmail.com, AZTEK forums 4.0 multiple vulnerabilities (PoC) (03.03.2006)
 documentSECUNIA, [SA19096] Aztek Forum Message Body Script Insertion Vulnerability (03.03.2006)
 documentSECUNIA, [SA19084] VUBB "pass" SQL Injection Vulnerability (03.03.2006)
 documentzeus olimpusklan, [Full-disclosure] FusionPHP Multiple Vulnerabilities (03.03.2006)
 documentzeus olimpusklan, [Full-disclosure] PHP-NUKE Submit_News Cross-Site Scripting Vulnerability (03.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Skate Board Multimple Vulnerabilities (03.03.2006)
 documenttzitaroth_(at)_gmail.com, Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities (03.03.2006)
 documentJeiAr, Gallery 2 Multiple Vulnerabilities (03.03.2006)
 documentshereba_2007_(at)_hotmail.com, sql in Dawaween V 1.03 (03.03.2006)
 documento.y.6_(at)_hotmail.com, MyBB 1.0.4 New SQL Injection (03.03.2006)
 documentMustafa Can Bjorn IPEKCI, Woltlab Burning Board 2.x (Datenbank MOD fileid) Multiple Vulnerabilities. (03.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] E-Blah Platinum 'Referer' XSS Vulnerability (03.03.2006)
 documenth e, PluggedOut Nexus SQL injection (03.03.2006)
 documentghc_(at)_ghc.ru, JOOMLA CMS 1.0.7 DoS & path disclosing (03.03.2006)
 document:) :), PHP Upload Center Download users password hashes And phpshell Upload (03.03.2006)
Files:MyBB <= 1.04 (misc.php COMMA) Remote SQL Injection Exploit 2

MacOS X Safari web browser component directory traversal
Published:03.03.2006
Source:
SecurityVulns ID:5852
Type:client
Threat Level:
6/10
Description:BOMArchiveHelper component directory traversal.
Affected:APPLE : Mac OS X 10.4
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability (03.03.2006)

EMC Dantz Retrospect backup agent DoS
Published:03.03.2006
Source:
SecurityVulns ID:5853
Type:remote
Threat Level:
5/10
Description:Invalid packet to TCP/497 port causes service to fail.
Affected:EMC : Dantz Retrospect 7
Original documentdocumentIDEFENSE, iDefense Security Advisory 03.02.06: EMC Dantz Retrospect 7 Backup client DoS Vulnerability (03.03.2006)

Oreka RTP packets parsing DoS
Published:03.03.2006
Source:
SecurityVulns ID:5854
Type:remote
Threat Level:
5/10
Affected:OREKA : Oreka 0.4
Original documentdocumentSECUNIA, [SA19095] Oreka RTP Handling Denial of Service Vulnerability (03.03.2006)

Multiple STLport vulnerabilities
Published:03.03.2006
Source:
SecurityVulns ID:5856
Type:library
Threat Level:
5/10
Description:Few buffer overflows.
Affected:STLPORT : STLport 5.0
CVE:CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor.")
Original documentdocumentSECUNIA, [SA19051] STLport Two String Handling Weaknesses (03.03.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod