Computer Security
[EN] securityvulns.ru no-pyccku


MailEnable IMAP Server multiple security vulnerabilities
updated since 01.12.2006
Published:09.12.2006
Source:
SecurityVulns ID:6878
Type:remote
Threat Level:
6/10
Description:Buffer overflow in EXAMINE, SELECT, DELETE commands.
Affected:MAILENABLE : MailEnable Professional 2.32
Original documentdocumentSECUNIA, [SA23267] MailEnable IMAP Service Denial Of Service Vulnerability (09.12.2006)
 documentSECUNIA, [SA23201] MailEnable IMAP Service Buffer Overflow Vulnerability (09.12.2006)
 documentSECUNIA, Secunia Research: MailEnable IMAP Service Two Vulnerabilities (01.12.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:09.12.2006
Source:
SecurityVulns ID:6907
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : PhpBB Toplist 1.3
 TUCOWS : Tucows Client Code Suite 1.2
 THINKEDIT : ThinkEdit 1.9
 PAFILEDB : PafileDB 3.5
Original documentdocumentkoray, PafileDB Login SQL injection =) (09.12.2006)
 documentPaul Bakoyiannis, CM68 News <= 12.02.06 (addpth) Remote File Inclusion Vulnerability (09.12.2006)
 documentstarext_(at)_msn.com, PhpBB Toplist 1.3.7 Xss Vuln. (09.12.2006)
 documentstarext_(at)_msn.com, Animated Smiley Generator File Include Vul. (09.12.2006)
Files:Exploits Tucows Open Project --Remote File Inclusion Vulnerablity
 ThinkEdit Remote File Inclusion Exploit

Sophos antivirus and Trend Micro antivirus RAR files DoS
Published:09.12.2006
Source:
SecurityVulns ID:6906
Type:remote
Threat Level:
5/10
Description:Endless loops and hangs on scanning archives with pack_size and head_size of zero.
Affected:SOPHOS : Sophos Small business edition 4.06
 TM : Trend Micro PC Cillin 2006
 TM : Trend Micro Internet Security 2006
 TM : OfficeScan 7.3
 TRENDMICRO : Trend Micro Server Protect 5.58
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability (09.12.2006)

PHP safe_mode and open_basedir protection bypass
Published:09.12.2006
Source:
SecurityVulns ID:6905
Type:local
Threat Level:
6/10
Description:It's possible to access directories above basedir with session_save_path().
Affected:PHP : PHP 5.2
CVE:CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.)
 CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path.)
Original documentdocumentMaksymilian Arciemowicz, PHP 5.2.0 session.save_path safe_mode and open_basedir bypass (09.12.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod