Search:Vulnerability:07.11.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

linux-ftpd-ssl FTP server buffer overflow
Published: 07.11.2005
Source: FULL-DISCLOSURE
SecurityVulns ID: 5428
Type: remote
Level: 5/10
Description: Buffer overflow on oversized directory in CWD command.

Affected: LINUXFTPDSSL : linux-ftpd-ssl 0.17

Original document kingcope_(at)_gmx.net, [Full-disclosure] linux-ftpd-ssl 0.17 warez (07.11.2005)

Files: linux-ftpd-ssl 0.17 remote r00t exploit by kcope
Discuss: Read or add your comments to this news (0 comments)

Macromedia Flash Player array index overflow
updated since 05.11.2005
Published: 07.11.2005
Source: FULL-DISCLOSURE
SecurityVulns ID: 5426
Type: client
Level: 7/10
Description: User controlled value is used as function pointers array index without boundary control.

Affected: MICROSOFT : Internet Explorer 5.5
MICROSOFT : Internet Explorer 6.0
MACROMEDIA : Flash Player 6.0
NETSCAPE : Netscape 7.2
OPERA : Opera 8.0
NETSCAPE : Netscape 8.0
ADOBE : Flash Player 7.0

Original document SECUNIA, [SA17437] Opera Macromedia Flash Player SWF Arbitrary Code Execution (07.11.2005)

SECUNIA, [SA17481] Internet Explorer Macromedia Flash Player SWF Arbitrary Code Execution (07.11.2005)

Daniel Fabian, [Full-disclosure] SEC Consult SA-20051107-1 :: Macromedia Flash Player ActionDefineFunction Memory Corruption (07.11.2005)

document Juha-Matti Laurio, Netscape Flash Player Arbitrary Code Execution Vulnerability (07.11.2005)

EEYE, [Full-disclosure] [EEYEB-20050627B] Macromedia Flash Player Improper Memory Access Vulnerability (05.11.2005)

Files: MPSB05-07 Flash Player ActionDefineFunction Memory Corruption test file
Macromedia Flash Plugin - Buffer Overflow in flash.ocx
Discuss: Read or add your comments to this news (0 comments)

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 07.11.2005
Published: 11.11.2005
Source:
SecurityVulns ID: 5429
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : phpBB 2.0
ADVANCEDGUESTBOO : Advanced Guestbook 2.3
VBULLETIN : vBulletin 3.0
INVISION : Invision Power Board 2.0
PHORUM : Phorum 5.0
XMB : XMB 1.9
PHPKIT : PHPKIT 1.6
ADVANCEDGUESTBOO : Advanced Guestbook 2.2
TWIKI : TWiki 20030201
B2EVOLUTION : b2evolution 0.9
PHPADSNEW : phpAdsNew 2.0
PHPSYSINFO : phpSysInfo 2.3
MOODLE : Moodle 1.5
CUREPHP : CuteNews 1.4
IBPROARCADE : ibProArcade 2.0
INVISION : Invision Power Board 2.1
OSTE : OSTE 1.0
PHPLIST : phplist 2.10
MAGPIERSS : MagpieRSS 0.71
TONIO : Tonio Gallery 2.4
TOENDA : toendaCMS 0.6
TIKIWIKI : tikiwiki 1.9
ANTVILLE : Antville 1.1
YABB : YaBB 2.0
MOODLE : Moodle 1.6
CAMPSITE : Campsite 2.3
OCOMON : OcoMon 1.21
DEVEDITOR : Dev-Editor 3.0

Original document SECUNIA, [SA17537] Dev-Editor Virtual Root Directory Restriction Bypass (11.11.2005)

SECUNIA, [SA17470] OcoMon Unspecified SQL Injection Vulnerabilities (11.11.2005)

Maksymilian Arciemowicz, [Full-disclosure] phpBB 2.0.18 SQL Query problem (11.11.2005)

SECUNIA, [SA17441] phpSysInfo "register_globals" Emulation Layer Overwrite Vulnerability (11.11.2005)

document SECUNIA, [SA17528] Campsite MySQL Password Exposure Mail Transfer Security Issue (11.11.2005)

SECURITEAM, [UNIX] Community Link Pro Command Execution (login.cgi) (11.11.2005)

IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 11.10.05: Tikiwiki tiki-user_preferences Command Injection Vulnerability (11.11.2005)

document IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 11.10.05: Tikiwiki tiki-editpage Arbitrary File Exposure Vulnerability (11.11.2005)

retrogod_(at)_aliceposta.it, Moodle <=1.6dev blind SQL Injection (11.11.2005)

Toni Koivunen, [FS-05-01] Multiple vulnerabilities in phpAdsNew (11.11.2005)

document spyburn mexico rlz, RANKBOX <= XSS vulnerability (11.11.2005)

YABB, [SA17411] YaBB Attachment Script Insertion Vulnerability (10.11.2005)

Preben Nylokken, ASPKnowledgebase vulnerable to XSS injection. (10.11.2005)

Preben Nylokken, ASPKnowledgebase vulnerable to SQL-inject (10.11.2005)

document Moritz Naumann, Antville 1.1 Cross Site Scripting (10.11.2005)

Moritz Naumann, Multiple security issues in TikiWiki 1.9.x (10.11.2005)

SECUNIA, [SA17471] toendaCMS Disclosure of Sensitive Information (08.11.2005)

SECUNIA, [SA17453] Tonio Gallery "galid" SQL Injection Vulnerability (08.11.2005)

document SECUNIA, [SA17440] b2evolution XML-RPC PHP Code Execution Vulnerabilities (08.11.2005)

SECUNIA, [SA17458] XMB "username" Cross-Site Scripting Vulnerability (08.11.2005)

SECURITEAM, [UNIX] MagpieRSS Remote Command Execution (08.11.2005)

Christopher Kunz, [Full-disclosure] Advisory 21/2005: Multiple vulnerabilities in PHPKIT (08.11.2005)

document spyburn mexico rlz, [Full-disclosure] RANKBOX <= XSS vulnerability (08.11.2005)

tk_(at)_trapkit.de, [TKADV2005-11-001] Multiple vulnerabilities in PHPlist (08.11.2005)

bhs_team_(at)_yahoo.com, Advanced Guestbook 2.2 ( SQL Injection Exploit ) (08.11.2005)

GeekZ_(at)_WorldDefacers.net, TWiki 20030201 VIEW string remote command execution (08.11.2005)

document Jerome ATHIAS, Invision Power Board 2.1 : Multiple XSS Vulnerabilities (08.11.2005)

GeekZ_(at)_WorldDefacers.net, upload phpshell in PHPFM (08.11.2005)

poizon_(at)_securityinfo.ru, Path disclosure in CuteNews <= 1.4.0 (08.11.2005)

khc_(at)_bsdmail.org, OSTE v1.0 Remote Command Exucetion (08.11.2005)

document Daniel Fabian, [Full-disclosure] SEC Consult SA-20051107-0 :: toendaCMS multiple vulnerabilites (07.11.2005)

sikikmail_(at)_gmail.com, Zoomblog HTML Injection Vulnerability (07.11.2005)

Janek Vind, [waraxe-2005-SA#043] - Sql injection in Phorum 5.0.20 and earlier (07.11.2005)

document benjilenoob_(at)_hotmail.com, Failles dans Invision Power Board 2.1 [xss] (07.11.2005)

s2b_(at)_hotmail.com, Xss - Html injection in XMB (07.11.2005)

Anti Matter, Invision Power Board Privilege Esaclation (2.0.1 + more) (07.11.2005)

sikikmail_(at)_gmail.com, Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability (07.11.2005)

document bhfh01_(at)_gmail.com, Sql injection in ibProArcade (07.11.2005)

�� aka Shanker, �� vBulletin 3.x (07.11.2005)

Files: Moodle <= 1.6dev get record() SQL injection / remote commands execution
Discuss: Read or add your comments to this news (0 comments)