Computer Security
[EN] securityvulns.ru no-pyccku


HP OpenView Client Configuration Manager code execution
updated since 09.11.2006
Published:10.11.2006
Source:
SecurityVulns ID:6800
Type:remote
Threat Level:
6/10
Description:It's possible to make data to be downloaded and executed thorugh TCP/3465.
Affected:HP : OpenView Client Configuration Manager 1.0
Original documentdocumentHP, [security bulletin] HPSBMA02167 SSRT061262 rev.2 - HP OpenView Client Configuration Manager (CCM), Remote Unauthorized Arbitrary Code Execution or Denial of Service (DoS) (10.11.2006)
 documentTSRT_(at)_3com.com, [Full-disclosure] TSRT-06-13: HP OpenView Client Configuration Manager Device Code Execution Vulnerability (09.11.2006)

HP Tru64 Unix libpthread buffer overflow
Published:10.11.2006
Source:
SecurityVulns ID:6805
Type:library
Threat Level:
5/10
Description:Buffer overflow on parsing PTHREAD_CONFIG environment variable.
Affected:HP : Tru64 5.1
Original documentdocumentNetragard Security Advisories, [Full-disclosure] [NETRAGARD-20061109 SECURITY ADVISORY] [HP Tru64 libpthread buffer overflow][http://www.netragard.com] (10.11.2006)

Netkit FTP Server protection bypass
Published:10.11.2006
Source:
SecurityVulns ID:6806
Type:remote
Threat Level:
5/10
Description:Invalid chroot() and seteuid() usage under some circumstances allow FTP root directory bypass.
Affected:NETKIT : ftpd 0.17
CVE:CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778.)
 CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.)
Original documentdocumentGENTOO, [Full-disclosure] [ GLSA 200611-05 ] Netkit FTP Server: Privilege escalation (10.11.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:10.11.2006
Source:
SecurityVulns ID:6808
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BITWEAVER : bitweaver 1.3
Original documentdocumentlaurent gaffié, Wheatblog [multiple xss (post) & full path disclosure] (10.11.2006)
 documentlaurent gaffié, LandShop Real Estate [multiple injection sql & xss] (10.11.2006)
 documentlaurent gaffié, bitweaver <=1.3.1 [injection sql (post) & xss (post)] (10.11.2006)
 documentlaurent gaffié, omnistar article manager [multiples injection sql] (10.11.2006)

MailMarshal directory traversal
Published:10.11.2006
Source:
SecurityVulns ID:6809
Type:remote
Threat Level:
5/10
Description:Directory traversal on ARJ archives parsing.
Affected:MARSHAL : MailMarshal 6.1
Original documentdocumentZDI, [Full-disclosure] ZDI-06-039: Marshal MailMarshal ARJ Extraction Directory Traversal Vulnerability (10.11.2006)

ProFTPD buffer overflow
updated since 10.11.2006
Published:28.11.2006
Source:
SecurityVulns ID:6807
Type:remote
Threat Level:
9/10
Description:Off-by-one vulnerability in sreplace() is used for remote root access.
Affected:PROFTPD : ProFTPD 1.3
Original documentdocumentEvgeny Legerov, [Full-disclosure] ProFTPD 1.3.0 remote stack overflow (28.11.2006)
 documentPROFTPD, CVE-2006-5815: remote code execution in ProFTPD (28.11.2006)
 documentOPENPKG, [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) (17.11.2006)
 documentSECUNIA, [SA22803] ProFTPD Unspecified Vulnerability (10.11.2006)
Files:Exploits [0day] ProFTPD 1.3.0 stack overflow
 VulnDisco Pack Standard

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod