Computer Security
[EN] securityvulns.ru no-pyccku


Multiple ClamAV Clam Antivirus security vulnerabilities
updated since 06.04.2006
Published:10.04.2006
Source:
SecurityVulns ID:5981
Type:remote
Threat Level:
7/10
Description:Integer overflow on PE files parsing, format string vulnerabilitry, unallocated memory access.
Affected:CLAMAV : ClamAV 0.88
Original documentdocumentDamian Put, [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration) (10.04.2006)
 documentSECUNIA, [SA19534] ClamAV Multiple Vulnerabilities (06.04.2006)
Files:Clam AntiVirus Win32-UPX Heap Overflow PoC

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.04.2006
Source:
SecurityVulns ID:5987
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPOPENCHAT : PhpOpenChat 3.0
 MYBB : MyBB 1.0
 XMBFORUM : XMB Forum 1.9
 GALLERY : Gallery 1.5
 MAXDEV : MD-Pro 1.0
 SPIP : SPIP 1.8
 PAPOO : Papoo 2.1
 CLEVERCOPY : Clever Copy 3.0
 JUPITERPORTAL : Jupiter Cms 1.1
 SHOPWEEZLE : Shopweezle 2.0
 ECOTWO : ecotwo Shopsystem 1.0
 AWEBBB : aWebBB 1.2
 SAPHPLESSON : SaphpLesson 3.0
 NULLNEWS : Null news 2005.07.27
 SIRE : Sire 2.0
 PHPNEWSMANAGER : phpNewsManager 1.48
 VSNSLEMON : VSNS Lemon 3.2
 VCOUNTER : vCounter 1.0
 NEWSLETTER : Newsletter 1.0
 XBRITE : XBrite Members 1.1
 ADODB : adodb 1.51
Original documentdocumentcrasher_(at)_kecoak.or.id, Vulnerabilities in SPIP (10.04.2006)
 documentr0xes.ratm_(at)_gmail.com, XMB Forum 1.9.5-Final XSS (10.04.2006)
 documentr0t, interaktiv.shop v.5 XSS vuln. (10.04.2006)
 documento.y.6_(at)_hotmail.com, MyBB 1.10 'newthread.php' < CrossSiteScripting > (10.04.2006)
 documentSECUNIA, [SA19578] MAXdev MD-Pro "topicid" SQL Injection Vulnerability (10.04.2006)
 documentSECUNIA, [SA19580] Gallery Unspecified Script Insertion Vulnerabilities (10.04.2006)
 documentDEBIAN, [SECURITY] [DSA 1029-1] New libphp-adodb packages fix several vulnerabilities (10.04.2006)
 documentSECUNIA, [SA19602] XBrite Members "id" SQL Injection Vulnerability (10.04.2006)
 documentking_purba_(at)_yahoo.co.uk, Multiple vulnerability in jupiter CMS (10.04.2006)
 document:) :), Shadowed Portal Cross Site Scripting (10.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] newsletter - sourceworkshop SQL Injection Vulnerability (10.04.2006)
 documentking_purba_(at)_yahoo.co.uk, MAXDEV CMS Multiple vulnerabilities (10.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] vCounter - sourceworkshop SQL Injection Vulnerability (10.04.2006)
 documenteufrato_(at)_gmail.com, [ECHO_ADV_28$2006] Clever Copy <= 3.0 Connect.inc Critical Information Disclosure (10.04.2006)
 documentimei, [KAPDA::#38] - MyBB 1.1.0~functions_post.php~XSS Attack (10.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] VSNS Lemon Multiple Vulnerabilities (10.04.2006)
 documentdr.jr7_(at)_hotmail.com, SQL Injection in Chipmunk Guestbook (10.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phpNewsManager Multiple SQL Injections (10.04.2006)
 documentsimo64_(at)_gmail.com, Sire 2.0 Nws Remote File inclusion & Arbitary Files Upload (10.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Null news SQL Injection Vulnerability (10.04.2006)
 documentw3.__(at)_hotmail.com, Xss In SaphpLesson3.0 (10.04.2006)
 documentcodexploder_(at)_linuxmail.org, Autonomous LAN party File iNclusion (10.04.2006)
 documentr0t, Papoo Multiple SQL vuln. (10.04.2006)
 documentKeVRter, awebBB 1.2 Vuln (10.04.2006)
 documentr0t, APT-webshop-system vuln. (10.04.2006)
 documentr0t, ecotwo Shopsystem vuln. (10.04.2006)
 documentr0t, Shopweezle 2.0 multiple vuln. (10.04.2006)
Files:PHPList <= 2.10.2 GLOBALS[] remote cmmnds xctn
 ADODB tmssql.php Denial of service
 Exploits PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection
 Exploits XBrite Members <= 1.1 remote sql injection vulnerability

Cherokee web server crossite scripting
Published:10.04.2006
Source:
SecurityVulns ID:5988
Type:remote
Threat Level:
5/10
Description:Crossite scripting on error message.
Affected:CHEROKEE : cherokee 0.5
Original documentdocumentrubengarrote_(at)_idominiun.com, XSS Bug in Cherokee Webserver (10.04.2006)

Linux kernel sys_timer_create() DoS
Published:10.04.2006
Source:
SecurityVulns ID:5989
Type:local
Threat Level:
5/10
Description:Creation of large number of timers causes memory exhaustion and system crash.
Affected:LINUX : kernel 2.6
Original documentdocumentfingerout, Linux Kernel Local DoS vulnerability. (10.04.2006)
Files:Exploits Linux Kernel Local DoS vulnerability.

xzgv buffer overflow
Published:10.04.2006
Source:
SecurityVulns ID:5991
Type:client
Threat Level:
5/10
Description:Heap buffer overflow during JPEG parsing.
Affected:ZGV : xzgv 0.8
 ZGV : zgv 5.8
Original documentdocumentSECUNIA, [SA19572] xzgv JPEG Image Parsing Heap Overflow Vulnerability (10.04.2006)

fbida symbolic links problem
Published:10.04.2006
Source:
SecurityVulns ID:5992
Type:local
Threat Level:
5/10
Description:fbgs script insecure temporary files creation.
Affected:FBIDA : fbida 2.03
Original documentdocumentSECUNIA, [SA19559] fbida fbgs Insecure Temporary File Creation Vulnerability (10.04.2006)

Cyrus SASL library DoS
Published:10.04.2006
Source:
SecurityVulns ID:5993
Type:library
Threat Level:
7/10
Description:DoS on DIGEST-MD5 authentication.
Affected:CYRUS : cyrus-sasl 2.1
Original documentdocumentnoreply_(at)_musecurity.com, [Full-disclosure] [MU-200604-01] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service (10.04.2006)

Multiple PHP security vulnerabilities
updated since 10.04.2006
Published:02.03.2007
Source:
SecurityVulns ID:5990
Type:library
Threat Level:
6/10
Description:Crossite scripting, DoS, protection bypass, buffer overflows.
Affected:PHP : PHP 4.4
 PHP : PHP 5.1
CVE:CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected.)
Original documentdocumentPHP-SECURITY, MOPB-03-2007:PHP Variable Destructor Deep Recursion Stack Overflow (02.03.2007)
 documentPHP-SECURITY, MOPB-02-2007:PHP Executor Deep Recursion Stack Overflow (02.03.2007)
 documentinfocus, Multiple PHP4/PHP5 vulnerabilities (24.04.2006)
 documentMaksymilian Arciemowicz, [Full-disclosure] copy() Safe Mode Bypass PHP 4.4.2 and 5.1.2 (10.04.2006)
 documentMaksymilian Arciemowicz, [Full-disclosure] tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2 (10.04.2006)
 documentMaksymilian Arciemowicz, [Full-disclosure] function *() php/apache Crash PHP 4.4.2 and 5.1.2 (10.04.2006)
 documentMaksymilian Arciemowicz, [Full-disclosure] phpinfo() Cross Site Scripting PHP 5.1.2 and 4.4.2 (10.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod