Search:Vulnerability:05.05.2006 - security vulnerabilities database

[EN] securityvulns.ru no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 05.05.2006
Published:		05.05.2006
Source:
SecurityVulns ID:		6091
Type:		remote
Threat Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PUNBB : PunBB 1.2
		WEBCALENDAR : WebCalendar 1.0
		FASTCLICK : Fast Click 2.3
		BIGWEBMASTER : Bigwebmaster Guestbook 1.02
		UAPPLICATION : UBlog 1.6
		321SOFT : 321soft PhP Gallery 0.9

Original document		David Maciejak, [Full-disclosure] WebCalendar User Account Enumeration Weakness (05.05.2006)
		o.y.6_(at)_hotmail.com, PunBB 1.2.11 Cross-Site Scripting (05.05.2006)
		aminrayden_(at)_yahoo.com, Fast Click SQL Lite <= 1.1.3 Remote File Inclusion (05.05.2006)
		aminrayden_(at)_yahoo.com, Fast Click <= 2.3.8 Remote File Inclusion (05.05.2006)
		d4igoro_(at)_gmail.com, 321soft PhP Gallery 0.9 - directory travel & XSS (05.05.2006)
		Javor Ninov, bigwebmaster guestbook multiply XSS (05.05.2006)
		omnipresent_(at)_email.it, UBlog Remote XSS Exploit (05.05.2006)
		omnipresent_(at)_email.it, Cute Guestbook Remote XSS Exploit (05.05.2006)

[email protected] weak encryption
Published:		05.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6093
Type:		m-i-t-m
Threat Level:		6/10
Description:		Weak ecnryption algorithm (XOR) while transmitting on wire.

Affected:

ULTRAVNC : [email protected] 1.0

Original document

document

gdehanot_(at)_asia-global-risk.com, Vulnerability in the way [email protected] handles MS-Logon Authentication. (05.05.2006)

CA Common Services CAIRIM on z/OS LMP SVC privilege escalation
Published:		05.05.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6094
Type:		local
Threat Level:		5/10

Affected:

CA : CAIRIM 1.0

Original document

document

CA, [Full-disclosure] CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability (05.05.2006)

Multiple libtiff security vulnerabilities
Published:		05.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6095
Type:		library
Threat Level:		7/10
Description:		Denial of service via a TIFF image that triggers errors in the TIFFFetchAnyArray function in tif_dirread.c; certain "codec cleanup methods" in tif_lzw.c, tif_pixarlog.c, and tif_zip.c; and improper restoration of setfield and getfield methods in cleanup functions within tif_jpeg.c, tif_pixarlog.c, tif_fax3.c, and tif_zip.c, TIFFToRGB out-of-memory reference, tif_jpeg.c double free(), TIFFFetchData integer overflow.

Affected:

LIBTIFF : libtiff 3.8

Sami FTP Server buffer overflow updated since 25.01.2006
Published:		05.05.2006
Source:		CRITICAL
SecurityVulns ID:		5689
Type:		remote
Threat Level:		5/10
Description:		Buffer overflow on oversized FTP USER command.

Affected:

KRAJASOFT : Sami FTP 2.0

Original document		rewterz, [REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability (05.05.2006)
		mircia, samiftpd buffer overflow (25.01.2006)

Files:		Sami FTP Server v2.0.1 Remote notepad.exe execution PoC
		KarjaSoft Sami FTP Server 2.0.2 USER/PASS buffer overflow

XM Easy Personal FTP Server buffer overflow
Published:		05.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6092
Type:		remote
Threat Level:		5/10
Description:		Buffer overflow on oversized username.

Affected:		DXMSOFT : XM Easy Personal FTP Server 4.3
CVE:		CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.)
		CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.)

Original document

document

rewterz, [REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability (05.05.2006)

Files:

XM EASY PERSONAL FTP SERVER v4.3

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod