 |
|
|
|
Apple MacOS X Xcode OpenBase SQL privilege escalation
updated since 16.10.2006 | | Published: |  | 08.11.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6724 | | Type: |  | local | | Level: |  | 6/10 | | Description: |  | On executing tar from suid root application TAR_OPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem. |
| Affected: |  | XCODE : Xcode OpenBase 9.1 | | | | XCODE : Xcode OpenBase 10.0 |
| Original document |  | Kevin Finisterre, [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux (08.11.2006) |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 08.11.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6793 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | DIGIOZ : DigiOz Guestbook 1.7 | | | | KAYAKO : Kayako SupportSuite 3.00 | | | | SIMPLEPHOTOALBUM : Simple Photo Album 1.2 | | | | C12 : C12 0.1 | | | | DSIWARE : iWare Pro 5.0 | | | | PHPADVENTURE : PHPAdventure 1.1 | | | | SOHOLAUNCH : Soholaunch Pro 4.9 |
| Original document | | the_day, [ECHO_ADV_58$2006]Cyberfolio <=2.0 RC1 $av Remote File Inclusion Vulnerability (08.11.2006) |
| | | the_day, [ECHO_ADV_57$2006]Soholaunch Pro <=4.9 r36 Multiple Remote File Inclusion Vulnerability (08.11.2006) |
| | | HER0, PHPAdventure 1.1 (ad_main.php) Remote File Include Vulnerability (08.11.2006) |
| | | nuffsaid, iWare Pro <= 5.0.4 (chat_panel.php) Remote Code Execution Vulnerability (08.11.2006) |
| | | Dr.Pantagon, vBlog / C12 0.1 (cfgProgDir) Remote File Include Vulnerabilities (08.11.2006) |
| | | x0rax, iPrimal Forums Remote File Inclusion (08.11.2006) |
| | | durito, уязвимости Simple Photo Album - 1.2 и 2.5 (08.11.2006) |
| | | navairum_(at)_gmail.com, News publication system remote File include (08.11.2006) |
| | | Jesper Jurcenoks, DigiOz Guestbook version 1.7 Path Disclosure Vulnerability in list.php (08.11.2006) |
| | | research_(at)_procheckup.com, Cross Site Scripting (XSS) Vulnerability in IBM WebSphere Application Server (08.11.2006) |
| Lotus Notes information leak | | Published: | | 08.11.2006 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 6794 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to check user existance and download certificate of new user with TCP/1352 port protocol. |
| |
|
| |
