Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.10.2006
Source:
SecurityVulns ID:6683
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INVISION : Invision Gallery 2.0
 INVISION : Invision Power Board 2.1
 TASKJITSU : Taskjitsu 2.0
 JAFCMS : JAF CMS 4.0
 WIKYBLOG : WikyBlog 1.4
 PHPMYTEAM : phpMyTeam 2.0
 PHPCLASSIFIEDS : Php Classifieds 7.1
 PHPBB : phpBB Static Topics 1.0
 PHPBB : phpBB Admin Topic Action Logging Mod 0.95
 KLINZA : Klinza Professional CMS 5.0
 PHPMYPROFILER : phpMyProfiler 0.9
 OPENBIBLIO : OpenBiblio 0.5
 HAMWEATHER : HAMweather 3.9
 DRUPAL : IMCE 4.7 drupal module
 BBACE : BBaCE 5
CVE:CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.)
Original documentdocumentSECUNIA, [SA22137] BBaCE "phpbb_root_path" File Inclusion (05.10.2006)
 documentSECUNIA, [SA22261] Drupal IMCE Module Multiple Vulnerabilities (05.10.2006)
 documentSECUNIA, [SA22242] HAMweather "do_parse_code" Command Injection Vulnerability (05.10.2006)
 documentSECUNIA, [SA22238] OpenBiblio Local File Inclusion and SQL Injection (05.10.2006)
 documentSECUNIA, [SA22257] Taskjitsu "key" SQL Injection Vulnerability (05.10.2006)
 documentmozi, phpMyProfiler Remote File Inclusion Vulnerability (05.10.2006)
 documentThE TiGeR, JAF CMS Remote file include (website) (05.10.2006)
 documentMILW0RM, phpBB Admin Topic Action Logging Mod <= 0.94b File Include Vuln (05.10.2006)
 documentmozi, phpGreetz Remote File Inclusion Vulnerability (05.10.2006)
 documentKw3rLn, phpBB Static Topics <= 1.0 [phpbb_root_path] Remote File Include Vulnerability (05.10.2006)
 documentKzar, PHP Classifieds 7.1 (index.php) Remote SQL Injection Vulnerability (05.10.2006)
 documentMILW0RM, phpMyTeam <= 2.0 (smileys_dir) Remote File Include Vulnerability (05.10.2006)
 documentxp1o_(at)_msn.com, WikyBlog <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit (05.10.2006)
 documentRapigator, Invision Power Board Multiple Vulnerabilities (05.10.2006)
Files:Klinza Professional CMS <= 5.0.1 (show_hlp.php) Remote File Include Exploit
 Invision Gallery => 2.0.7 ReadFile() & SQL injection exploit
 Travelsized CMS <= 0.4 (frontpage.php) Remote File Include Exploit

Multiple VoIP phones vulnerabilities
Published:05.10.2006
Source:
SecurityVulns ID:6684
Type:remote
Threat Level:
6/10
Description:Buffer overflows in integrated HTTP server. Buffer overflow on large UDP datagrams.
Affected:LINKSYS : Linksys SPA-921
 POLYCOM : PolyCom IP-301
 GRANDSTREAM : GrandStream GXP-2000
Original documentdocumentShawn Merdinger, [Full-disclosure] (0-Day) PolyCom IP-301 VoIP Desktop Phone HTTP server DoS and undocumented TCP port 42 (05.10.2006)
 documentShawn Merdinger, [Full-disclosure] (0-Day) GrandStream GXP-2000 VoIP Desktop Phone multiple undocumented UDP ports and DoS (05.10.2006)
 documentShawn Merdinger, [Full-disclosure] (0-day) Linksys SPA-921 VoIP Desktop Phone HTTP Server DoS (05.10.2006)

Trend Micro OfficeScan Client directory traversal
Published:05.10.2006
Source:
SecurityVulns ID:6685
Type:remote
Threat Level:
6/10
Description:Directory traversal in embedded HTTP server.
Affected:TM : OfficeScan Corporate Edition 7.3
Original documentdocumentSECUNIA, [SA22156] Trend Micro OfficeScan Client Removal and Arbitrary File Deletion (05.10.2006)

Symantec AntiVirus privilege escalation
updated since 05.10.2006
Published:26.10.2006
Source:
SecurityVulns ID:6686
Type:remote
Threat Level:
6/10
Description:Insufficient address checks in SAVRT, NAVENG and NAVEX15 devices IOCTLS calls allos to overwrite kernel memory.
Affected:SYMANTEC : Symantec Client Security 1.1
 SYMANTEC : Symantec Client Security 2.0
 SYMANTEC : Symantec AntiVirus 9.0
 SYMANTEC : Symantec AntiVirus 8.1
Original documentdocumentSYMANTEC, Symantec Product Security: Symantec Device Driver Elevation of Privileg (26.10.2006)
 documentReversemode, [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation (07.10.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability (05.10.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod