Computer Security
[EN] securityvulns.ru no-pyccku


Jetty directory traversal
updated since 03.10.2002
Published:04.10.2006
Source:
SecurityVulns ID:2321
Type:remote
Threat Level:
5/10
Description:Directory traversal on CGI apllications access.
Affected:MORTBAY : Jetty 4.0
 IBM : IBM Trading Partner Interchange 4.2
 MORTBAY : Jetty 4.1
 JETTY : Jetty 4.2
 CA : Unicenter WSDM 3.1
Original documentdocumentCA, [CAID 34661]: CA Unicenter WSDM File System Read Access Vulnerability (04.10.2006)
 documentSECUNIA, [SA12703] IBM Trading Partner Interchange Arbitrary File Access Vulnerability (06.10.2004)
 documentMatt Moore, wp-02-0011: Jetty CGIServlet Arbitrary Command Execution (03.10.2002)

HP Ignite-UX Server unauthorized access
Published:04.10.2006
Source:
SecurityVulns ID:6678
Type:remote
Threat Level:
6/10
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02157 SSRT061220 rev.1 HP-UX Running Ignite-UX Server, Remote Unauthorized Access and Privilege Elevation (04.10.2006)

HP-UX SLP unauthorized access
Published:04.10.2006
Source:
SecurityVulns ID:6679
Type:remote
Threat Level:
5/10
Description:Unauthorized Service Locator Protocol access.
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02129 SSRT061149 rev.1 - HP-UX running SLP, Remote Unauthorized Access (04.10.2006)

IBM Client Security passwords manager unauthroized access
Published:04.10.2006
Source:
SecurityVulns ID:6680
Type:client
Threat Level:
5/10
Description:Password for site is stored based on site's title instead of URL.
Original documentdocumentLuís Miguel Silva, Security flaw in IBM Client Security Password Manager (04.10.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:04.10.2006
Source:
SecurityVulns ID:6682
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GOOP : Goop Gallery 2.0
 YENERHABER : Yener Haber 2.0
Original documentdocumentDj_ReMix_20_(at)_hotmail.com, Yener Haber Script v2.0 SQL injection (04.10.2006)
 documentsecurity_(at)_armorize.com, Directory Traversal Vulnerability in Goop Gallery 2.0.2 (04.10.2006)
 documentmozi, phpMyProfiler remote file include (04.10.2006)

PHP open_basedir protection bypass
updated since 04.10.2006
Published:09.10.2006
Source:
SecurityVulns ID:6681
Type:local
Threat Level:
5/10
Description:By using symbolic links in race period of time it's possible to bypass open_basedir protection.
Affected:PHP : PHP 4.4
 PHP : PHP 5.2
Original documentdocumentpaisterist.nst_(at)_gmail.com, PHP open_basedir with symlink() function Race Condition PoC exploit (09.10.2006)
 documentStefan Esser, Advisory 08/2006: PHP open_basedir Race Condition Vulnerability (04.10.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod