OpenSSH timing attacks Published: 09.10.2006 Source: BUGTRAQ SecurityVulns ID: 2789 Type: remote Level: 5/10 Description: It's possible to check user's validity by measuring response time. Affected: OPENSSH : OpenSSH 3.6 NOKIA : IPSO 3.0 OPENSSH : OpenSSH 4.1 Original document Marco Ivaldi , yet another OpenSSH timing leak? (09.10.2006 ) Marco Ivaldi , OpenSSH/PAM timing attack allows remote users identification (03.05.2003 )
PHP open_basedir protection bypass Published: 09.10.2006 Source: BUGTRAQ SecurityVulns ID: 6681 Type: local Level: 5/10 Description: By using symbolic links in race period of time it's possible to bypass open_basedir protection. Affected: PHP : PHP 4.4 PHP : PHP 5.2 Original document paisterist.nst_(at)_gmail.com , PHP open_basedir with symlink() function Race Condition PoC exploit (09.10.2006 ) Stefan Esser , Advisory 08/2006: PHP open_basedir Race Condition Vulnerability (04.10.2006 )
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 09.10.2006 Source: SecurityVulns ID: 6694 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Affected: PROXY2 : Advanced Poll 2.02 PAFILEDB : paFileDB 3.1 PHPWEBSITE : phpWebSite 0.10 MOODLE : Moodle 1.6 4HOMEPAGES : 4images 1.7 PSYCHOSTATS : PsychoStats 3.01 ISEARCH : iSearch 2.16 DOCMINT : docmint 2.0 PHPMYNEWS : PHPMyNews 1.4 OPENDOC : Easy Doc 1.4 OPENDOC : Easy Blog 1.4 OBDEV : WebYep 1.1 FREENEWS : Freenews 1.1 OPENDOCK : Easy Gallery 1.4 Original document erdc_(at)_echo.or.id , [ECHO_ADV_52$2006]OpenDock Easy Gallery <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability (09.10.2006 ) disfigure , SQL injection - moodle (09.10.2006 ) disfigure , SQL injection - 4images (09.10.2006 ) XORON , Freenews v1.1 <= (chemin) Remote File Include Vulnerability (09.10.2006 ) zarloule04_(at)_hotmail.fr , XSS IN paFileDB 3.1 (09.10.2006 ) crackers child , phpWebSite 0.10.2 Remote File Include Vulnerabilities (09.10.2006 ) erdc_(at)_echo.or.id , [ECHO_ADV_48$2006] WebYep <= 1.1.9 (webyep_sIncludePath) Multiple Remote File Inclusion Vulnerability (09.10.2006 ) erdc_(at)_echo.or.id , [ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability (09.10.2006 ) erdc_(at)_echo.or.id , [ECHO_ADV_50$2006]OpenDock Easy Blog <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability (09.10.2006 ) XORON , PHPMyNews 1.4 <= (cfg_include_dir) Remote File Include Vulnerability (09.10.2006 ) erdc_(at)_echo.or.id , [ECHO_ADV_51$2006] docmint <= 2.0 (MY_ENV[BASE_ENGINE_LOC]) Remote File Inclusion Vulnerability (09.10.2006 ) alguidy_(at)_hotmail.com , Advanced Poll v2.02 :) <= Remote File Inclusion (09.10.2006 ) xp1o_(at)_msn.com , The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit (09.10.2006 )
PHP integer overflow Published: 09.10.2006 Source: BUGTRAQ SecurityVulns ID: 6695 Type: library Level: 6/10 Description: unserialize() function integer overflow. Affected: PHP : PHP 4.3 PHP : PHP 5.1 CVE: CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).)
