Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		10.11.2006
Source:
SecurityVulns ID:		6808
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:

BITWEAVER : bitweaver 1.3

Original document		laurent gaffié, Wheatblog [multiple xss (post) & full path disclosure] (10.11.2006)
		laurent gaffié, LandShop Real Estate [multiple injection sql & xss] (10.11.2006)
		laurent gaffié, bitweaver <=1.3.1 [injection sql (post) & xss (post)] (10.11.2006)
		laurent gaffié, omnistar article manager [multiples injection sql] (10.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

HP OpenView Client Configuration Manager code execution updated since 09.11.2006
Published:		10.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6800
Type:		remote
Level:		6/10
Description:		It's possible to make data to be downloaded and executed thorugh TCP/3465.

Affected:

HP : OpenView Client Configuration Manager 1.0

Original document		HP, [security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) (10.11.2006)
		TSRT_(at)_3com.com, [Full-disclosure] TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability (09.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

HP Tru64 Unix libpthread buffer overflow
Published:		10.11.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6805
Type:		library
Level:		5/10
Description:		Buffer overflow on parsing PTHREAD_CONFIG environment variable.

Affected:

HP : Tru64 5.1

Original document

Netragard Security Advisories, [Full-disclosure] [NETRAGARD-20061109 SECURITY ADVISORY] [HP Tru64 libpthread buffer overflow][http://www.netragard.com] (10.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Netkit FTP Server protection bypass
Published:		10.11.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6806
Type:		remote
Level:		5/10
Description:		Invalid chroot() and seteuid() usage under some circumstances allow FTP root directory bypass.

Affected:		NETKIT : ftpd 0.17
CVE:		CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.)
		CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.)

Original document

GENTOO, [Full-disclosure] [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation (10.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

MailMarshal directory traversal
Published:		10.11.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6809
Type:		remote
Level:		5/10
Description:		Directory traversal on ARJ archives parsing.

Affected:

MARSHAL : MailMarshal 6.1

Original document

ZDI, [Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability (10.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

ProFTPD buffer overflow updated since 10.11.2006
Published:		28.11.2006
Source:		SECUNIA
SecurityVulns ID:		6807
Type:		remote
Level:		9/10
Description:		Off-by-one vulnerability in sreplace() is used for remote root access.

Affected:

PROFTPD : ProFTPD 1.3

Original document		Evgeny Legerov, [Full-disclosure] ProFTPD 1.3.0 remote stack overflow (28.11.2006)
		PROFTPD, CVE-2006-5815: remote code execution in ProFTPD (28.11.2006)
		OPENPKG, [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) (17.11.2006)
		SECUNIA, [SA22803] ProFTPD Unspecified Vulnerability (10.11.2006)

Files:		Exploits [0day] ProFTPD 1.3.0 stack overflow
		VulnDisco Pack Standard
Discuss:		Read or add your comments to this news (0 comments)