Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:03.05.2006
Source:
SecurityVulns ID:6082
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPNUKE : PHP-Nuke 7.9
 BITDAMAGED : geoBlog 1.0
 MYNEWS : MyNews 1.6
 ZENPHOTO : zenphoto 1.0
 SBLOG : sBlog 0.7
 CMSCOUT : Cmscout 1.10
 SFUSERS : SF-Users 1.0
 FILEPROTECTION : FileProtection Express 1.0
 TYROCMS : TyroCms 1.0
 INVISION : Invision Gallery 2.0
 ALBINATOR : Albinator 2.0
 PHPKB : phpkb Knowledge Base 1.0
 FASTCLICK : Fast Click 2.3
Original documentdocumentSECUNIA, [SA19913] phpkb Knowledge Base "searchkeyword" Cross-Site Scripting (03.05.2006)
 documentr0t, albinator <= 2.0.8 Remote File Inclusion Vuln and XSS (03.05.2006)
 documento.y.6_(at)_hotmail.com, Invision Gallery 2.0.6 ( SQL Injection ) (03.05.2006)
 documentzerogue_(at)_gmail.com, Cmscout <= V1.10 multiple XSS attack vectors (03.05.2006)
 documentzerogue_(at)_gmail.com, SF-Users V1.0 XSS injection (03.05.2006)
 documentzerogue_(at)_gmail.com, FileProtection Express <= 1.0.1 authentification bypass (03.05.2006)
 documentzerogue_(at)_gmail.com, Russcom.net Loginphp multiple vulnerabilties (03.05.2006)
 documentzerogue_(at)_gmail.com, TyroCms beta V1.0 multiple XSS injections (03.05.2006)
 documentadmin_(at)_subjectzero.net, sBlog SQL Injection and Path Disclosure Vulnerability (03.05.2006)
 documentadmin_(at)_subjectzero.net, geoBlog Mutiple XSS Vulnerability (03.05.2006)
 documentraphael.huck_(at)_free.fr, zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities (03.05.2006)
 documentyavuz sahin, MyNews 1.6.2 Cross Site Scripting (03.05.2006)
 documentPrivate Private, PHP-Nuke <= All Version Administrator SQL Injection Exploit / By WiLdBoY (03.05.2006)
Files:Fast Click <= 2.3.8 Remote File Inclusion exploit

Multiple MySQL security vulnerabilities
Published:03.05.2006
Source:
SecurityVulns ID:6083
Type:remote
Threat Level:
7/10
Description:Memory content leak during authentication, memory content leak and code execution with COM_TABLE_DUMP packets.
Affected:MYSQL : MySQL 4.0
 MYSQL : MySQL 4.1
 ORACLE : MySQL 5.0
 ORACLE : MySQL 5.1
Original documentdocumentStefano Di Paola, MySQL Anonymous Login Handshake - Information Leakage. (03.05.2006)
 documentStefano Di Paola, MySQL COM_TABLE_DUMP Information Leakage and Arbitrary command execution. (03.05.2006)
Files:Exploits MySql Anonimous Login Memory Leak
 Exploits MySql COM_TABLE_DUMP Memory Leak & MySql remote B0f

X.Org X Server bufer overflow
Published:03.05.2006
Source:
SecurityVulns ID:6084
Type:local
Threat Level:
7/10
Description:Buffer overflow in XRender extension.
Affected:X.ORG : X.org 6.8
Original documentdocumentGENTOO, [ GLSA 200605-02 ] X.Org: Buffer overflow in XRender extension (03.05.2006)

ejabberd installation script symbolic links problem
Published:03.05.2006
Source:
SecurityVulns ID:6085
Type:local
Threat Level:
5/10
Description:Insecure /tmp files creations.
Affected:EJABBERD : ejabberd 1.1
Original documentdocumentJulien L., Ejabberd : Symlink vulnerability during installation process (03.05.2006)

Quagga ripd multiple vulnerabilities
Published:03.05.2006
Source:
SecurityVulns ID:6086
Type:remote
Threat Level:
5/10
Description:RIPv1 downgrade attack is possible even if RIPv2 is only configured protocol. RIPv1 protocol is insecure by design.
Affected:QUAGGA : Quagga 0.98
 QUAGGA : quagga 0.99
Original documentdocumentKonstantin Gavrilenko, [Full-disclosure] Quagga RIPD unauthenticated route table broadcast (03.05.2006)
 documentKonstantin Gavrilenko, [Full-disclosure] Quagga RIPD unauthenticated route injection (03.05.2006)

BankTown Client Control buffer overflow
Published:03.05.2006
Source:
SecurityVulns ID:6087
Type:client
Threat Level:
5/10
Description:Buffer overflow in ActiveX control.
Affected:BANKTOWN : BankTown Client Control 1.4
Original documentdocumentAlex Park, [Full-disclosure] BankTown's ActiveX Buffer Overflow Vulnerability (03.05.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod