Computer Security
[EN] securityvulns.ru no-pyccku


Apple Airport Express / Apple Airport Extreme DoS
updated since 13.01.2005
Published:07.01.2006
Source:
SecurityVulns ID:4361
Type:remote
Threat Level:
5/10
Description:Inivalid data to UDP/161 cause device to crash.
Affected:APPLE : AirPort Extreme
 APPLE : Airport Express
Original documentdocumentAPPLE, APPLE-SA-2006-01-05 AirPort firmware update (07.01.2006)
 documentDylan Griffiths, [Full-Disclosure] Apple Airport WDS DoS (13.01.2005)

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
Published:07.01.2006
Source:
SecurityVulns ID:5602
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:APPSERV : appserv 2.4
 BOASTMACHINE : boastMachine 3.1
 RALPHARMA : TinyPHPForum 3.6
 ADNFORUM : adnforum 1.0
 THEWEBFORUM : TheWebForum 1.2
 DOMUS : Proyecto Domus 2.10
 SYSCP : WebFTP 1.2
 AQUIFER : Aquifer CMS
 ONEPLUG : OnePlug CMS
 INETSTORE : iNETstore Ebusiness Software
 TIMECAN : Timecan CMS 3.0
CVE:CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 and earlier allows remote attackers to include and execute arbitrary files via ".." sequences in the uname parameter.)
Original documentdocumentSECUNIA, [SA18324] Timecan CMS "viewID" SQL Injection Vulnerability (07.01.2006)
 documentSECUNIA, [SA18322] iNETstore Ebusiness Software "searchterm" Cross-Site Scripting Vulnerability (07.01.2006)
 documentSECUNIA, [SA18325] OnePlug CMS SQL Injection Vulnerabilities (07.01.2006)
 documentSECUNIA, [SA18326] Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability (07.01.2006)
 documentzeus olimpusklan, [Full-disclosure] SimpBook "message" Remote Cross-Site Scripting Vulnerability (07.01.2006)
 documentThomas Henlich, SysCP WebFTP local file inclusion vulnerability (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Proyecto Domus 'email' XSS Vulnerability (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] TheWebForum Script Insertion and Authentication Bypass (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] ADNForum Multiple Vulnerabilities (07.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] TinyPHPForum Multiple Vulnerabilities (07.01.2006)
 documentnight_warrior771_(at)_hotmail.com, CyberShop User Login Sql Injection (07.01.2006)
 documenteufrato_(at)_gmail.com, [ECHO_ADV_25$2006] Full path disclosure on boastMachine v3.1 (07.01.2006)
 documentXez, Remote file include in appserv 2.4.5 (possible in previous versions) (07.01.2006)

HylaFax enterprise fax system multiple vulnerabilities
Published:07.01.2006
Source:
SecurityVulns ID:5603
Type:remote
Threat Level:
6/10
Description:Unauthorized access and privilege escalation are possible.
Affected:HYLAFAX : hylafax 4.2
Original documentdocumentHYLAFAX, HylaFAX Security advisory - fixed in HylaFAX 4.2.4 (07.01.2006)
 documentGENTOO, [ GLSA 200601-03 ] HylaFAX: Multiple vulnerabilities (07.01.2006)

Lotus Domino multiple vulnerabilities
Published:07.01.2006
Source:
SecurityVulns ID:5605
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities, including few buffer overflows.
Affected:IBM : Lotus Domino 6.5
Original documentdocumentSECUNIA, [SA18328] IBM Lotus Domino Denial of Service and Unspecified Vulnerabilities (07.01.2006)

HP-UX xterm privilege escalation
updated since 15.11.2005
Published:07.01.2006
Source:
SecurityVulns ID:5449
Type:local
Threat Level:
5/10
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] SSRT051074 rev.3 - HP-UX Running xterm Local Unauthorized Access (07.01.2006)
 documentHP, [security bulletin] HPSBUX02075 SSRT051074 - HP-UX Running xterm Local Unauthorized Access (15.11.2005)

rxvt-unicode weak permissions
Published:07.01.2006
Source:
SecurityVulns ID:5604
Type:local
Threat Level:
5/10
Description:Insecure permissions for few tty devices.
Affected:RXVTUNICODE : rxvt-unicode 6.2
Original documentdocumentSECUNIA, [SA18301] rxvt-unicode TTY Device Insecure Permissions Vulnerability (07.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod