Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.05.2006
Published:05.05.2006
Source:
SecurityVulns ID:6091
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PUNBB : PunBB 1.2
 WEBCALENDAR : WebCalendar 1.0
 FASTCLICK : Fast Click 2.3
 BIGWEBMASTER : Bigwebmaster Guestbook 1.02
 UAPPLICATION : UBlog 1.6
 321SOFT : 321soft PhP Gallery 0.9
Original documentdocumentDavid Maciejak, [Full-disclosure] WebCalendar User Account Enumeration Weakness (05.05.2006)
 documento.y.6_(at)_hotmail.com, PunBB 1.2.11 Cross-Site Scripting (05.05.2006)
 documentaminrayden_(at)_yahoo.com, Fast Click SQL Lite <= 1.1.3 Remote File Inclusion (05.05.2006)
 documentaminrayden_(at)_yahoo.com, Fast Click <= 2.3.8 Remote File Inclusion (05.05.2006)
 documentd4igoro_(at)_gmail.com, 321soft PhP Gallery 0.9 - directory travel & XSS (05.05.2006)
 documentJavor Ninov, bigwebmaster guestbook multiply XSS (05.05.2006)
 documentomnipresent_(at)_email.it, UBlog Remote XSS Exploit (05.05.2006)
 documentomnipresent_(at)_email.it, Cute Guestbook Remote XSS Exploit (05.05.2006)

[email protected] weak encryption
Published:05.05.2006
Source:
SecurityVulns ID:6093
Type:m-i-t-m
Threat Level:
6/10
Description:Weak ecnryption algorithm (XOR) while transmitting on wire.
Affected:ULTRAVNC : [email protected] 1.0
Original documentdocumentgdehanot_(at)_asia-global-risk.com, Vulnerability in the way [email protected] handles MS-Logon Authentication. (05.05.2006)

CA Common Services CAIRIM on z/OS LMP SVC privilege escalation
Published:05.05.2006
Source:
SecurityVulns ID:6094
Type:local
Threat Level:
5/10
Affected:CA : CAIRIM 1.0
Original documentdocumentCA, [Full-disclosure] CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC vulnerability (05.05.2006)

Multiple libtiff security vulnerabilities
Published:05.05.2006
Source:
SecurityVulns ID:6095
Type:library
Threat Level:
7/10
Description:Denial of service via a TIFF image that triggers errors in the TIFFFetchAnyArray function in tif_dirread.c; certain "codec cleanup methods" in tif_lzw.c, tif_pixarlog.c, and tif_zip.c; and improper restoration of setfield and getfield methods in cleanup functions within tif_jpeg.c, tif_pixarlog.c, tif_fax3.c, and tif_zip.c, TIFFToRGB out-of-memory reference, tif_jpeg.c double free(), TIFFFetchData integer overflow.
Affected:LIBTIFF : libtiff 3.8

Sami FTP Server buffer overflow
updated since 25.01.2006
Published:05.05.2006
Source:
SecurityVulns ID:5689
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized FTP USER command.
Affected:KRAJASOFT : Sami FTP 2.0
Original documentdocumentrewterz, [REWTERZ-20060504] - Sami FTP Server Remote Buffer Overflow Vulnerability (05.05.2006)
 documentmircia, samiftpd buffer overflow (25.01.2006)
Files:Sami FTP Server v2.0.1 Remote notepad.exe execution PoC
 KarjaSoft Sami FTP Server 2.0.2 USER/PASS buffer overflow

XM Easy Personal FTP Server buffer overflow
Published:05.05.2006
Source:
SecurityVulns ID:6092
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized username.
Affected:DXMSOFT : XM Easy Personal FTP Server 4.3
CVE:CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.)
 CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.)
Original documentdocumentrewterz, [REWTERZ-20060503] XM Easy Personal FTP Server Remote Buffer Overflow Vulnerability (05.05.2006)
Files:XM EASY PERSONAL FTP SERVER v4.3

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod