Computer Security
[EN] securityvulns.ru no-pyccku


thttpd symbolic links problem
Published:05.11.2006
Source:
SecurityVulns ID:6779
Type:local
Threat Level:
5/10
Description:Insecure temporary file creation on logfiles rotation.
Affected:THTTPD : thttpd 2.23
Original documentdocumentDEBIAN, [SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation (05.11.2006)

Novell NetMail buffer overflow
Published:05.11.2006
Source:
SecurityVulns ID:6780
Type:remote
Threat Level:
6/10
Description:Buffer overflow on parsing usernames with '.'.
Affected:NOVELL : NetMail 3.5
 NOVELL : eDirectory 8.8
Original documentdocumentZDI, ZDI-06-036: Novell Netmail User Authentication Buffer Overflow Vulnerability (05.11.2006)

Imlib library multiple security vulnerabilities
Published:05.11.2006
Source:
SecurityVulns ID:6781
Type:library
Threat Level:
6/10
Description:Multiple vulnerabilities on parsing ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF formats.
Affected:IMLIB : imlib2 1.2
Original documentdocumentUBUNTU, [USN-376-1] imlib2 vulnerabilities (05.11.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:05.11.2006
Source:
SecurityVulns ID:6782
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPKIT : PHPKIT 1.6
 E107 : e107 0.7
 SIMPLOG : simplog 0.9
 ADMINTOOL : admin.tool CMS 3
 DRAKECMS : Drake CMS 0.2
 SAZCART : SazCart 1.5
 ARIADNE : Ariadne 2.4
 MDPRO : MDPro 1.0
 PHPDYNASITE : phpDynaSite 3.2
Original documentdocumentDr.Pantagon, phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities (05.11.2006)
 documentcw.cybersecurity_(at)_gmail.com, Ariadne v2.4 (store_config[code]) Remote File Include Vuln (05.11.2006)
 documentcw.cybersecurity_(at)_gmail.com, Ariadne v2.4 (store_config[code]) Remote File Include Vuln (05.11.2006)
 documentIbnuSina, SazCart <= 1.5 (cart.php) Remote File Include Vulnerability (05.11.2006)
 documentCorryL, [Full-disclosure] [x0n3-h4ck.org] Bug on Drake CMS v0.2 (05.11.2006)
 documentlaurent gaffié, IF-CMS multiples XSS vunerabilities (05.11.2006)
 documentAesthetico, [MajorSecurity Advisory #30]admin.tool 3 CMS - Multiple Cross Site Scripting Issues (05.11.2006)
 documenthack2prison_(at)_yahoo.com, Web Directory Pro bypass Vulnerabilities (05.11.2006)
 documentAesthetico, MajorSecurity Advisory #31]Xenis.creator CMS - Multiple Cross Site Scripting and SQL Injection Issues (05.11.2006)
 documentm-0-t_(at)_hotmail.com, XSS in script Mobile (05.11.2006)
 documentlaurent gaffié, SIMPLOG 0.9.3 injection sql & multiple xss (05.11.2006)
Files:MDPro <= 1.0.76 (PNSVlang) Remote Code Execution Exploit
 e107 <= 0.7.5 Remote Code Execution Exploit
 PHPKit 1.6.1 exploit

Essentia Web Server buffer overflow
Published:05.11.2006
Source:
SecurityVulns ID:6785
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized GET request.
Affected:ESSENCOMP : Essentia Web Server 2.15
Original documentdocumentCorryL, [Full-disclosure] [x0n3-h4ck.org] Essentia Web Server 2.15 Buffer Overflow (05.11.2006)

XM Easy Personal FTP Server DoS
Published:05.11.2006
Source:
SecurityVulns ID:6786
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized NLST -al FTP command argument.
Affected:XMEASY : XM Easy Personal FTP Server 5.2
CVE:CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags.)
Files:Exploits XM Easy Personal FTP Server <= 5.2.1 'NLST -al' Remote Denial of Service

OpenSSL cryptography security vulnerabilities
updated since 05.09.2006
Published:05.11.2006
Source:
SecurityVulns ID:6574
Type:library
Threat Level:
7/10
Description:It's possible to spoof signature of PKCS #1 v1.5 RSA key with exponent 3.
Affected:OPENSSL : OpenSSL 0.9
 BIND : bind 9.3
 GNU : GnuTLS 1.0
 OPERA : Opera 9.0
Original documentdocumentOPENPKG, [OpenPKG-SA-2006.029] OpenPKG Security Advisory (bind) (05.11.2006)
 documentGENTOO, [Full-disclosure] [ GLSA 200609-18 ] Opera: RSA signature forgery (28.09.2006)
 documentUBUNTU, [USN-348-1] GnuTLS vulnerability (19.09.2006)
 documentINGATE, SIP over TLS: X.509 peer authentication vulnerability in Ingate products (15.09.2006)
 documentOPENSSL, OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339) (05.09.2006)

ruby DoS
updated since 05.11.2006
Published:07.12.2006
Source:
SecurityVulns ID:6783
Type:remote
Threat Level:
5/10
Description:SPU axhaustion in CGI library on parsing HTTP request with invalid MIME booundaries.
Affected:RUBY : ruby 1.8
Original documentdocumentMANDRIVA, [ MDKSA-2006:225 ] - Updated ruby packages fix DoS vulnerability (07.12.2006)
 documentOPENPKG, [OpenPKG-SA-2006.030] OpenPKG Security Advisory (ruby) (05.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod