Computer Security
[EN] no-pyccku

IBM Tivoli Storage Manager buffer overflow
SecurityVulns ID:6889
Threat Level:
Description:Multiple buffer overflows on parsing port TCP/1500 traffic.
Affected:IBM : Tivoli Storage Manager 5.2
Original documentdocument3COM, TSRT-06-14: IBM Tivoli Storage Manager Mutiple Buffer Overflow Vulnerabilities (05.12.2006)

Symantec LiveState Agent privilege escalation
SecurityVulns ID:6887
Threat Level:
Description:It's possible to launch Windows Explorer with SYSTEM privileges.
Original documentdocumentssteam.pl_(at), Symantec LiveState Agent for Windows vulnerability - Local Privilege Escalation (05.12.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:6888
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CUTEPHP : CuteNews 1.3
 DUWARE : DuPortal 3.4
 PHPMYADMIN : phpmyadmin 2.7
 SMF : Simple Machines Forum 1.1
 DUWARE : DUdForum 3.0
 PHPNEWS : PHPNews 1.3
 LISTPICS : listpics 5
 METYUSOKUL : Metyus Okul Yönetim Sistemi 1.0
 ISMAIL : ISMail 2.0
 ONLINEBOOLMARKS : OnLine Bookmarks 0.6
 VTFORUM : Vt-Forum Lite System 1.3
 HASTYMAIL : Hastymail 1.5
CVE:CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445.)
 CVE-2006-4445 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in CuteNews 1.3.x allow remote attackers to execute arbitrary PHP code via a URL in the cutepath parameter to (1) show_news.php or (2) search.php. NOTE: CVE analysis as of 20060829 has not identified any scenarios in which these vectors could result in remote file inclusion.)
Original documentdocumentISecAuditors Security Advisories, [ISecAuditors Security Advisories] IMAP/SMTP Injection in Hastymail (05.12.2006)
 documenth angel, new xss in modbb forum (05.12.2006)
 documentnj_(at), XSS in JAB Guest Book (05.12.2006)
 documentnj_(at), Multiple bugs in TFT-Gallery (05.12.2006)
 documentstarext_(at), Vt-Forum Lite System V.1.3 Xss Vuln. (05.12.2006)
 documentajannhwt_(at), PhpMyAdmin 2.7.0-pl2 Path Disclosure | Multiple CRLF/Http Response Splitting (05.12.2006)
 documentgamr-14_(at), 2[xss]Vulnerabilities in Script Mobile (05.12.2006)
 documentJessica Hope, SMF upload XSS vulnerability (05.12.2006)
 documentsecurity_(at), Online BookMarks Multiple SQL Injection/XSS Vulnerabilities (05.12.2006)
 documentISecAuditors Security Advisories, [ISecAuditors Security Advisories] XSS vulnerability in error page of ISMail (05.12.2006)
 documentShaFuq31_(at)_HoTMaiL.CoM, Metyus Okul Ynetim Sistemi V.1.0 (tr) Sql injection Vuln. (05.12.2006)
 documentblasterim_(at), listpics v5 (05.12.2006)
 documentISecAuditors Security Advisories, [ISecAuditors Advisories] BlueSocket web administration is vulnerable to XSS (05.12.2006)
 documentblasterim_(at), KhaledMuratList mdb (05.12.2006)
 documentemulamex_(at), CuteNews 1.3.6 XSS (05.12.2006)
 documentemulamex_(at), PHPNews 1.3.0 XSS (05.12.2006)
 documentAdvisory_(at), [Aria-Security Team] uGestBook SQL Injection Vuln (05.12.2006)
 documentAdvisory_(at), [Aria-Security Team] DuWare DuPaypal SQL Injection Vuln (05.12.2006)
 documentAdvisory_(at), [Aria-Security Team] DuWare DuForum SQL Injection Vuln (05.12.2006)
 documentAdvisory_(at), [Aria-Security Team] DuWare DuDownloads SQL Injection Vuln (05.12.2006)
 documentAdvisory_(at), [Aria-Security Team] DuWare DuPortal SQL Injection Vuln (05.12.2006)

KOffice integer overflow
updated since 30.11.2006
SecurityVulns ID:6872
Threat Level:
Description:OLEfilter integer overflow on .PPT file open.
Affected:KDE : koffice 1.4
 KDE : koffice 1.6
Original documentdocumentKDE, [KOffice security advisory] KOffice OLEfilter integer overflow (05.12.2006)
 documentUBUNTU, [USN-388-1] KOffice vulnerability (30.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod