Computer Security
[EN] no-pyccku

Multiple Cisco Secure Desktop security vulnerabilities
SecurityVulns ID:6799
Threat Level:
Description:Weak NTFS permissions on installation folder. Protection bypass. Information leak.
Affected:CISCO : Cisco Secure Desktop 3.1
Original documentdocumentCISCO, Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Desktop (09.11.2006)
 documentIDEFENSE, iDefense Security Advisory 11.08.06: Cisco Secure Desktop Privilege Escalation Vulnerability (09.11.2006)

libarchive library DoS
SecurityVulns ID:6801
Threat Level:
Description:End of archive during region skipping causes infinite loop.
Affected:FREEBSD : FreeBSD 5.3
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:24.libarchive (09.11.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:6802
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPMYCHAT : phpMyChat 0.14
 KNOWLEDGEBUILDER : knowledgeBuilder 2.2
 FREEWEBSHOP : FreeWebshop 2.2
 PHPMYCHAT : PhpMyChat Plus 1.9
 SPEEDYWIKI : Speedywiki 2.0
 IMMEDIACY : Immediacy .NET CMS 5.2
 SAGE : Sage 1.3
 LETTERIT : LetterIt 2
CVE:CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712.)
 CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the L parameter, a different issue than CVE-2006-5897. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
 CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the ChatPath parameter to (1) avatar.php, (2) colorhelp_popup.php, (3) color_popup.php, (4) index.php, (5) index1.php, (6) lib/connected_users.lib.php, (7) lib/index.lib.php, and (8) phpMyChat.php3; and the (9) L parameter to logs.php. NOTE: CVE analysis suggests that vector 1 might be incorrect.)
Original documentdocumentv1per-haCker, gtcatalog <= 0.9.1 (index.php) Remote File Include Vulnerability (09.11.2006)
 documentv1per-haCker, LetterIt v2 (inc/session.php) Remote File Include Vulnerability (09.11.2006)
 documentDavid Kierznowski, [Full-disclosure] RSS Injection in Sage part 2 (09.11.2006)
 documentlaurent gaffié, FreeWebshop <=2.2.2 [local file include & xss] (09.11.2006)
 documentProCheckUp Research, Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie (09.11.2006)
 documentlaurent gaffié, Speedwiki 2.0 Arbitrary File Upload Vulnerability (09.11.2006)
 documentlaurent gaffié, Abarcar Realty Portal [injection sql] (09.11.2006)
 documentlaurent gaffié, Portix-PHP [login bypass & xss (post)] (09.11.2006)
 documentnavairum_(at), Y.A.N.S sql injection (09.11.2006)
 documentajannhwt_(at), PhpMyChat <= 0.14.5 Source Code Disclosure Vulnerability (09.11.2006)
 documentajannhwt_(at), PhpMyChat Plus <= 1.9 Multiple Source Code Disclosure Vulnerabilities (09.11.2006)
Files:phpsatk Remote File Include Exploit
 knowledgebuilder Remote File Include Exploit

GNU gv buffer overflow
SecurityVulns ID:6803
Threat Level:
Description:Stack buffer overflow (overrun) on oversized PostScript comments.
Affected:GNU : gv 0.6
 GNOME : Evince 0.1
 GNU : gv 3.6
CVE:CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.)
Original documentdocumentRenaud Lifchitz, [Full-disclosure] GNU gv Stack Overflow Vulnerability (09.11.2006)
Files:Evince Document Viewer (DocumentMedia) Buffer Overflow Exploit

HP OpenView Client Configuration Manager code execution
updated since 09.11.2006
SecurityVulns ID:6800
Threat Level:
Description:It's possible to make data to be downloaded and executed thorugh TCP/3465.
Affected:HP : OpenView Client Configuration Manager 1.0
Original documentdocumentHP, [security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) (10.11.2006)
 documentTSRT_(at), [Full-disclosure] TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability (09.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod