Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 07.06.2006
Published:07.06.2006
Source:
SecurityVulns ID:6224
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:COPPERMINE : Coppermine Photo Gallery 1.4
 XTREMEDOWNLOADS : Xtreme Downloads 1.0
 PARTICLESOFT : ParticleSoft Whois 1.0
 PARTICLESOFT : Particle Gallery 1.0
 PARTICLESOFT : Particle Links 1.2
 GANTTY : GANTTy 1.0
 BLOGGIT : BloggIT 1.01
 TINYPHP : TinyPHP forum 3.6
 MIRAKSGALERIE : MiraksGalerie 2.62
CVE:CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a user session, which allows remote attackers to gain privileges via a direct request.)
Original documentdocumentCrAzY.CrAcKeR_(at)_hotmail.com, Calendar Express 2 SQL injection (08.06.2006)
 documentSECUNIA, [SA20465] Coppermine Photo Gallery usermgr.php Unspecified Vulnerability (07.06.2006)
 documentSECUNIA, [SA20475] MiraksGalerie Multiple File Inclusion Vulnerabilities (07.06.2006)
 documentSECUNIA, [SA20436] PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability (07.06.2006)
 documentFederico Fazzi, BloggIT <= 1.01 (admin.php) Arbitrary code execution (07.06.2006)
 documentip.chat_(at)_yahoo.com, bug on showwich.asp (07.06.2006)
 documentluny_(at)_youfucktard.com, GANTTy v1.0.3 (07.06.2006)
 documentluny_(at)_youfucktard.com, ParticleSoft Whois v1.0.3 (07.06.2006)
 documentluny_(at)_youfucktard.com, Partial Links v1.2.2 (07.06.2006)
 documentluny_(at)_youfucktard.com, Particle Gallery v1.0.0 (07.06.2006)
 documentblack-cod3_(at)_hotmail.com, Multiple file include exploits in Xtreme Downloads v.1.0 (07.06.2006)
 documentgamr-14_(at)_hotmail.com, file include in Xtreme Downloads v.1.0 (07.06.2006)

WinGate proxy server buffer overflow
Published:07.06.2006
Source:
SecurityVulns ID:6226
Type:remote
Threat Level:
7/10
Description:Buffer overflow on oversized POST request.
Affected:QBIK : Wingate 6.1
Original documentdocumentkingcope_(at)_gmx.net, [Full-disclosure] MDaemon NOT vulnerable .. sorry for the advisory.. QBik Wingate is vulnerable (07.06.2006)

libgd graphical library DoS
Published:07.06.2006
Source:
SecurityVulns ID:6227
Type:library
Threat Level:
5/10
Description:gdImageCreateFromGifPtr() GIF decoding infinite loop.
Affected:GD : libgd 2.0
Original documentdocumentrocheml_(at)_httrack.com, libgd 2.0.33 infinite loop in GIF decoding ? (07.06.2006)
Files:libgd GIF decoding infinite loop PoC

Unauthorized D-Link DWL-2100ap wireless access points access
Published:07.06.2006
Source:
SecurityVulns ID:6228
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve configuration via Web interface with request like http://dlink-DWL-2100ap/cgi-bin/Intruders.cfg.
Affected:DLINK : D-Link DWL-2100ap
Original documentdocumentnews_(at)_securityopensource.org.br, [Full-disclosure] Advisory - D-Link Access Point (07.06.2006)

Microsoft NetMeeting memory corruption
Published:07.06.2006
Source:
SecurityVulns ID:6229
Type:remote
Threat Level:
5/10
Affected:MICROSOFT : NetMeeting 3.01
Original documentdocumentvuln_(at)_hexview.com, [Full-disclosure] [HV-LOW] Microsoft NetMeeting memory corruption (Brief) (07.06.2006)

TIBCO Rendezvous messaging software buffer overflow
Published:07.06.2006
Source:
SecurityVulns ID:6230
Type:remote
Threat Level:
5/10
Description:Buffer overflow in web administration interface.
Affected:TIBCO : TIBCO Rendezvous 7.5
 TIBCO : TIBCO Runtime Agent 5.4
 TIBCO : TIBCO Hawk 4.6
Original documentdocumentSECUNIA, [SA20431] TIBCO Hawk "tibhawkhma" Privilege Escalation Vulnerability (07.06.2006)
 documentSECUNIA, [SA20452] TIBCO Rendezvous HTTP Administrative Interface Buffer Overflow (07.06.2006)
Files:TIBCO RendezVous remote buffer overflow exploit
 TIBCO RendezVous local password extractor

Multiple Ingate Firewall / SIParator vulnerabilities
Published:07.06.2006
Source:
SecurityVulns ID:6231
Type:remote
Threat Level:
5/10
Description:Crossite scripting, denial of service.
Affected:INGATE : Ingate Firewall 4.1
 INGATE : Ingate Firewall 4.4
 INGATE : Ingate SIParator 4.4
Original documentdocumentSECUNIA, [SA20479] Ingate Firewall and SIParator Two Vulnerabilities (07.06.2006)

Asterisk IAX2 VoIP PBX and multiple IAX clients DoS
updated since 07.06.2006
Published:30.06.2006
Source:
SecurityVulns ID:6225
Type:remote
Threat Level:
5/10
Description:DoS on IAX2 channel processing.
Affected:ASTERISK : Asterisk 1.2
 KIAX : kiax 0.8
Original documentdocumentDEBIAN, [Full-disclosure] [ GLSA 200606-30 ] Kiax: Arbitrary code execution (30.06.2006)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2006-0327: IAXclient truncated frames vulnerabilities (10.06.2006)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2006-0330: Asterisk PBX truncated video frame vulnerability (10.06.2006)
 documentMatt Riddell (IT), Asterisk 1.2.9 and Asterisk 1.0.11 Released - Security Fix (07.06.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod