Computer Security
[EN] securityvulns.ru no-pyccku


Multiple tor security vulnerabilities
updated since 31.08.2006
Published:04.09.2006
Source:
SecurityVulns ID:6561
Type:client
Threat Level:
5/10
Description:Maliscious server can cause DoS condition for client or may force client to route traffic to tor network.
Affected:TOR : tor 0.1
 SCATTERCHAT : ScatterChat 1.0
Original documentdocumentScatterChat Advisories, [Full-disclosure] ScatterChat Advisory 2006-02: Win32 Tor Client Routing and Denial of Service Vulnerabilities (04.09.2006)
 documentSECUNIA, [SA21708] Tor Denial of Service and Traffic Routing (31.08.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.09.2006
Source:
SecurityVulns ID:6571
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:YAPPANG : yappa-ng 2.3
 E107 : e107 0.7
 VTIGER : Vtiger CRM 4.2
 PMWIKI : PmWiki 2.1
 ANNUAIRE : Annuaire 1Two 2.2
 SMF : SMF 1.1
 MUFORUM : Āµforum 0.4
 DYNCMS : Dyn CMS 6
 MURATSOFT : Muratsoft Haber Portal 3.6
 FLASHCHAT : FlashChat 4.5
 INPORTAL : in-link 2.3
 MICROFORUM : microforum 0.4
 PHPNUKE : PHP-Nuke MyHeadlines 4.3
 PHPIADDRESSBOOK : PHP iAddressbook 0.95
 TRFORUM : Tr Forum 2.0
 SIMPLEBLOG : SimpleBlog 2.3
Original documentdocumentMILW0RM, SimpleBlog <= 2.3 (id) Remote SQL Injection Vulnerability (04.09.2006)
 documenttugra_(at)_local-root.org, The Amazing Little Poll Admin Pwd (04.09.2006)
 documentSECUNIA, [SA21653] PHP-Nuke MyHeadlines Module "myh_op" Cross-Site Scripting (04.09.2006)
 documentSECUNIA, [SA21742] microforum "members.dat" Exposure of User Credentials (04.09.2006)
 documentSaudi Hackrz, in-link <=2.3.4 (adodb-postgres7.inc.php) Remote File Inclusion Exploit (04.09.2006)
 documentSHiKaA-_(at)_hotmail.com, yappa-ng <= v2.3.1 (admin_modules) Remote File Inclusion Exploit (04.09.2006)
 documentNeXtMaN, FlashChat &lt;= 4.5.7 (aedating4CMS.php) Remote File Include Vulnerability (04.09.2006)
 documentadmin_(at)_asianeagle.org, Muratsoft Haber Portal v3.6 (tr) SQL Injection Vulnerability (04.09.2006)
 documentSECUNIA, [SA21728] vtiger CRM Script Insertion and Administrative Modules Access (04.09.2006)
 documentSHiKaA-_(at)_hotmail.com, Dyn CMS <= REleased (x_admindir) Remote File Inclusion Exploit (04.09.2006)
 documentOmid, Sql injections in e107 [Admin section] (04.09.2006)
 documentOmid, Sql injections in e107 [Admin section] (04.09.2006)
 documentexe_crack_(at)_hotmail.com, XXS in Powered by vbzoom (04.09.2006)
 documentPeko Takov, XSS in Web Wiz Forums (04.09.2006)
Files:Annuaire 1Two 2.2 Remote SQL Injection Exploit
 muforumex.pl
 PmWiki <= 2.1.19 Zend_Hash_Del_Key_Or_Index/remote commands execution exploit
 Exploits Tr Forum V2.0 Admin MD5 Passwd Hash Disclosure

OpenLDAP privilege escalation
Published:04.09.2006
Source:
SecurityVulns ID:6572
Type:remote
Threat Level:
4/10
Description:User with 'selfwrite' ACL parameter can modify any attributes.
Affected:OPENLDAP : OpenLDAP 2.3
Original documentdocumentSECUNIA, [SA21721] OpenLDAP slapd "selfwrite" Security Issue (04.09.2006)

Multiple Mailman mail lists manager security vulnerabilities
updated since 04.09.2006
Published:14.09.2006
Source:
SecurityVulns ID:6573
Type:remote
Threat Level:
5/10
Description:Crossite scripting, DoS, log entris spoofing.
Affected:MAILMAN : mailman 2.1
Original documentdocumentMoritz Naumann, Mailman 2.1.8 Multiple Security Issues (14.09.2006)
 documentSECUNIA, [SA21732] Mailman Multiple Vulnerabilities (04.09.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod