Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Word 2000 unknown vulnerability
Published:05.09.2006
Source:
SecurityVulns ID:6575
Type:client
Threat Level:
6/10
Description:Unknown security vulnerability is used hor hidden malware installation.
Original documentdocumentJuha-Matti Laurio, Microsoft Word 0-day Vulnerability (September) FAQ document available (05.09.2006)
Files:Microsoft Word 0-day Vulnerability FAQ - September 2006

Alt-N Web Admini MDaemon account hijacking
Published:05.09.2006
Source:
SecurityVulns ID:6576
Type:local
Threat Level:
5/10
Description:Administrator of any mail domain can redirect any mail of "MDaemon" system account to any account.
Affected:ALT-N : MDaemon 9.0
 ALT-N : WebAdmin 3.2
Original documentdocumentTTG, [Full-disclosure] TTG0602 - Alt-N WebAdmin MDaemon Account Hijacking (05.09.2006)

dsocks socksifier buffer overflow
Published:05.09.2006
Source:
SecurityVulns ID:6578
Type:remote
Threat Level:
5/10
Description:Buffer overflow in name resolution functions.
Affected:DSOCKS : dsocks 1.3
Original documentdocumentMichael Adams, [Full-disclosure] Buffer overflow vulnerability in dsocks (05.09.2006)
Files:Exploits dsocks buffer overflow

J. River Media Center buffer overflow
Published:05.09.2006
Source:
SecurityVulns ID:6579
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized TCP/8070 port string.
Affected:JRIVER : J. River Media Center 11.0
Files:Media Center 11 d0s exploit overly long string.

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.09.2006
Published:06.09.2006
Source:
SecurityVulns ID:6577
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SOFTBB : SoftBB 0.1
 NCHSOFTWARE : Web Dictate 1.02
 GAPAGENDA : GrapAgenda 0.1
 PHPPROXIMA : PHP Proxima 6
 MYSPEACH : MySpeach 3.0
 SPONGENEWS : Sponge News 2.2
 CNEWS : C-News 1.0
 ACGV : ACGV News 0.9
 PHPCOMMANDER : PhpCommander 3.0
 DRUPAL : Pathauto 4.7
 BINGOPHP : BinGo News 3.01
 PHPBB : PhpBB Shadow Prémod 2.7
 AKARRU : Akarru 0.4
CVE:CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the my[root] parameter.)
 CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.)
 CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING MySpeach 3.0.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter, a different vector than CVE-2006-4630. NOTE: Some of these details are obtained from third party information.)
 CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING MySpeach 3.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the my_ms[root] parameter.)
Original documentdocumenterne_(at)_ernealizm.com, Akarru v0.4.3.34 - Remote File Include Vulnerabilities (06.09.2006)
 documentKw3rLn, Shadow Prémod <= 2.7.1 [phpbb_root_path] Remote File Include Vulnerability (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, BinGo News <= v3.01 (bnrep) Remote File Inclusion Exploit (06.09.2006)
 documentSECUNIA, [SA21779] Drupal Pathauto Module Cross-Site Scripting Vulnerability (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, ACGV News <= v0.9.1 (PathNews) Remote File Inclusion Exploit (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, C-News <= v1.0.1 (path) Remote File Inclusion Exploit (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, Sponge News <= v2.2 (sndir) Remote File Inclusion Exploit (06.09.2006)
 documentSHiKaA-_(at)_hotmail.com, MySpeach <= v3.0.2 (my_ms[root]) Remote File Inclusion Exploit (05.09.2006)
 documentbotan_(at)_linuxmail.org, [Kurdish Security # 25 ] GrapAgenda Remote Command Vulnerability (05.09.2006)
 documentthe.leo.008_(at)_gmail.com, SoftBB v0.1 < = Cross-Site Scripting (05.09.2006)
 documentrevnic_(at)_gmail.com, Web Dictate Admin Null Password Vulnerability (05.09.2006)
Files:SoftBB 0.1 Remote PHP Code Execution Exploit
 PHP Proxima <= v.6 Remote Code Execution Exploit
 pHNews <= alpha 1 (templates_dir) Remote Code Execution Exploit
 PhpCommander <= 3.0 Remote Code Execution Exploit

OpenSSL cryptography security vulnerabilities
updated since 05.09.2006
Published:05.11.2006
Source:
SecurityVulns ID:6574
Type:library
Threat Level:
7/10
Description:It's possible to spoof signature of PKCS #1 v1.5 RSA key with exponent 3.
Affected:OPENSSL : OpenSSL 0.9
 BIND : bind 9.3
 GNU : GnuTLS 1.0
 OPERA : Opera 9.0
Original documentdocumentOPENPKG, [OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind) (05.11.2006)
 documentGENTOO, [Full-disclosure] [ GLSA 200609-18 ] Opera: RSA signature forgery (28.09.2006)
 documentUBUNTU, [USN-348-1] GnuTLS vulnerability (19.09.2006)
 documentINGATE, SIP over TLS: X.509 peer authentication vulnerability in Ingate products (15.09.2006)
 documentOPENSSL, OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339) (05.09.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod