Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.06.2007
Source:
SecurityVulns ID:7774
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MOVABLETYPE : Movable Type 3.16
 EQDKP : eqDKP 1.3
 COMDEV : Comdev Web Blogger 4.1
 COMDEVWEB : Comdev eCommerce 4.1
 CACTUSHOP : Cactushop 6
Original documentdocumentls_(at)_calima.serapis.net, My Datebook SQL Injection + XSS (04.06.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-035 (04.06.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-034 (04.06.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory - 06-033 (04.06.2007)
 documentadvisories_(at)_portcullis-security.com, Portcullis Security Advisory 06-038 (04.06.2007)
 documenth0tturk_(at)_h0tturk.com, CERN İmage Map Dispatcher (04.06.2007)
 documenth0tturk_(at)_h0tturk.com, Dansie Cart Script Exploit Reported (04.06.2007)
 documentglafkos_(at)_gmail.com, WebStudio Multiple XSS Vulnerabilities (04.06.2007)
 documentHackers Center Security Group, CACTUSHOP 6 Default Installation Allows Remote Database Disclosure (04.06.2007)
 documentjohnnytalker_(at)_hotmail.com, Comdev eCommerce 4.1 RFI Vulnerability (04.06.2007)
 documentjohnnytalker_(at)_hotmail.com, Comdev Web Blogger 4.1 RFI Vulnerability (04.06.2007)
 documentAditya K Sood, [Full-disclosure] Adverse Vectors of Coding in Wordpress : Post Modifications (04.06.2007)
 documentkefka, [Full-disclosure] Full Path Disclosure eqDKP 1.3.2c and prior (04.06.2007)

Microsoft Internet Explorer and Mozilla Firefox multiple security vulnerabilities
Published:04.06.2007
Source:
SecurityVulns ID:7772
Type:client
Threat Level:
7/10
Description:Internet Explorer race conditions allow cross domain access. Mozilla Firefox IFRAME cross domain access. Mozilla file download dialogs delay protection bypass. MSIE address bar spoofing.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MOZILLA : Firefox 2.0
Original documentdocumentMichal Zalewski, [Full-disclosure] Assorted browser vulnerabilities (04.06.2007)
Files:MSIE page update race condition (CRITICAL)
 Firefox Cross-site IFRAME hijacking (MAJOR)
 Firefox file prompt delay bypass (MEDIUM)
 MSIE6 URL bar spoofing (MEDIUM)

PvPGN Battle.NET game server DoS
Published:04.06.2007
Source:
SecurityVulns ID:7773
Type:remote
Threat Level:
3/10
Description:Commands ipban a 1.2.3.4/5 ipban del 1.2.3.4 cause server to crash.
Affected:PVPGN : PvPGN 1.8
Original documentdocumentхpeh, Уязвимость: DoS в PvPGN <= 1.8.0 (04.06.2007)

F5 Firepass SSL VPN unfiltered shell characters security vulnerabilities
Published:04.06.2007
Source:
SecurityVulns ID:7775
Type:remote
Threat Level:
6/10
Description:Shell characters problem via username parameter of my.activation.php3 script.
Affected:F5 : FirePass 4100
Original documentdocumentlabs_(at)_s21sec.com, S21Sec-035: F5 FirePass command execution vulnerability (04.06.2007)

PeerCast information leak
Published:04.06.2007
Source:
SecurityVulns ID:7777
Type:m-i-t-m
Threat Level:
5/10
Description:Username and password are present in request URI.
Original documentdocumentmpeg_(at)_freeshells.ch, 2007-06-03: PeerCast streaming server submits cleartext password (04.06.2007)

Vonage VoIP phones weak defaults
Published:04.06.2007
Source:
SecurityVulns ID:7778
Type:remote
Threat Level:
5/10
Description:Administrative interface in available via WAN connection with username/password of user/user.
Original documentdocumentjohn_(at)_martinelli.com, Redlevel Advisory #025 - Vonage VoIP Telephone Adapter Default Misconfiguration (04.06.2007)

µTorrent DoS
updated since 04.06.2007
Published:11.06.2007
Source:
SecurityVulns ID:7776
Type:remote
Threat Level:
5/10
Description:Large number of empty lines cause buffer overflow.
Affected:UTORRENT : µTorrent 1.6
Original documentdocumentDj.r4iDeN_(at)_gmail.com, uTorrent overflow (04.06.2007)
Files:utorrentex.sh

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod