Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows software restriction policy protection bypass
Published:09.06.2006
Source:
SecurityVulns ID:6235
Type:local
Threat Level:
5/10
Description:By using RunAs function it's possible to launch any application.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentANONYMOUS, Windows Software Restriction Policy Protection Bypass (09.06.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.06.2006
Source:
SecurityVulns ID:6236
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPNUKE : PHP-Nuke 7.9
 TIKIWIKI : tikiwiki 1.9
 MIRAKSGALERIE : MiraksGalerie 2.62
 SELECTAPIX : SelectaPix 1.4
 MAFIAMOBLOG : Mafia Moblog 6
 BABYKATIEMEDIA : vSCAL 1.0
 BABYKATIEMEDIA : vREAL v1.0
 VIARTSHOP : ViArt Shop 2.5
 ILIST : i.List 1.5
 CMSBANDITS : cms-bandits 2.5
 NPDS : NPDS 5.10
 BACKEND : Back-end 0.7
 DOCEBO : Docebo CMS 3.0
 RESCUE : WebFORM 4.2
 RESCUE : FORM2MAIL 1.22
Original documentdocumentSECUNIA, [SA20515] WebFORM and FORM2MAIL Mail Header Injection Vulnerability (09.06.2006)
 documentFederico Fazzi, [Full-disclosure] Docebo CMS 3.0.3, Remote command execution (09.06.2006)
 documentahwaz_(at)_setiran.com, 'Multiple Sql injection and XSS in integramod portal (09.06.2006)
 documenttry_og_(at)_hotmail.com, PHP-Nuke <= 7.9 Search XSS Vulnerability (09.06.2006)
 documentFederico Fazzi, Back-end = 0.7.2.1 (jpcache.php) Remote command execution (09.06.2006)
 documentgmdarkfig_(at)_gmail.com, NPDS <= 5.10 Local Inclusion, XSS, Full path disclosure (09.06.2006)
 documentFederico Fazzi, cms-bandits 2.5, Remote command execution (09.06.2006)
 documentroot_(at)_xzziroz.net, GUESTEX guestbook code execution (09.06.2006)
 documentluny_(at)_youfucktard.com, Ez Ringtone Manager from scriptez.net - XSS (09.06.2006)
 documentluny_(at)_youfucktard.com, E-Dating System from scriptsez.net - XSS (09.06.2006)
 documentAesthetico, [MajorSecurity #10]i.List <= 1.5 - XSS (09.06.2006)
 documentFederico Fazzi, MiraksGalerie <= 2.62 Multiple Remote command execution (09.06.2006)
 documentJohn Cobb, [NOBYTES.COM: #12] ViArt Shop v2.5.5 - XSS Vulnerability (09.06.2006)
 documentluny_(at)_youfucktard.com, Easy Ad-Manager (09.06.2006)
 documentluny_(at)_youfucktard.com, Chemical Directory - XSS (09.06.2006)
 documentluny_(at)_youfucktard.com, Babykatmedia.com scripts - vSCAL & vREAL - XSS Vulns (09.06.2006)
 documentsimo64_(at)_gmail.com, Mafia Moblog Full Path Disclosure / SQL injection (09.06.2006)
 documentSECUNIA, [SA20134] SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities (09.06.2006)

Mathcad Password weak encryption
Published:09.06.2006
Source:
SecurityVulns ID:6237
Type:local
Threat Level:
5/10
Description:Area password is stored in base64.
Affected:MATHSOFT : Mathcad 13
Original documentdocumentbugtraq_(at)_firewraith.co.uk, Mathcad Area Lock Vulnerability (09.06.2006)

gdm (Gnome Desktop Manager) privilege escalation
Published:09.06.2006
Source:
SecurityVulns ID:6238
Type:remote
Threat Level:
5/10
Description:Unprivileged user can access gdm configuration if face browser feature is on.
Affected:GNOME : gdm 2.8
Original documentdocumentRPATH, rPSA-2006-0098-1 gdm (09.06.2006)

HP OpenView Storage Data Protector unauthorized access
Published:09.06.2006
Source:
SecurityVulns ID:6239
Type:remote
Threat Level:
5/10
Description:Arbitrary command execution is possible.
Affected:HP : OpenView Storage Data Protector 5.1
 HP : OpenView Storage Data Protector 5.5
Original documentdocumentHP, [security bulletin] HPSBMA02121 SSRT061157 rev.2 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution (09.06.2006)

HP-UX Secure Shell DoS
Published:09.06.2006
Source:
SecurityVulns ID:6240
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.04
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02090 SSRT051058 rev.2 - HP-UX Secure Shell Remote Denial of Service (DoS) (09.06.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod