Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.06.2006
Source:
SecurityVulns ID:6243
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SNITZ : Snitz Forums 3.4
 JOOMLA : Joomla! 1.0
 RINGLINK : Ringlink 3.2
 FXAPP : fx-APP 0.0
 OPENCMS : OpenCms 6.2
 CABACOS : Cabacos Web CMS 3.8
 CMSCFX : CFXe-CMS 2.0
 ZMS : ZMS 2.9
 IMAGEVUEX : ImageVue Gallery 16.2
 INTEGRAMOD : IntegraMOD 1.4
 EMPRIS : empris 20020923
 AEPARTNER : aePartner 0.8
 PHPONDIRECTORY : phpOnDirectory 1.0
 MAILENABLE : MailEnable Enterprise Edition ASP 2.0
 EPAYROLL : Enterprise TimeSheet and Payroll 1.1
CVE:CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via (1) the search box, and the (2) url, (3) website, (4) comment, and (5) signature fields in the profile, and possibly (6) a menu item.)
 CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.)
Original documentdocumentKacper, Enterprise TimeSheet and Payroll (EPS) <= v.1.1 Remote File Include Vulnerability (11.06.2006)
 documentSoroush Dalili, MailEnable Enterprise Edition ASP Version <= 2.0 (11.06.2006)
 documentKacper, phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include Vulnerability (11.06.2006)
 documentKacper, aePartner (dir[data]) <= v.0.8.3 Remote File Include Vulnerability (11.06.2006)
 documentKacper, Emergenices Personnel Information System (Empris) [phormationdir] <= v.20020923 Remote File Include Vulnerability (11.06.2006)
 documentSECUNIA, [SA20528] IntegraMOD "STYLE_URL" Parameter Cross-Site Scripting (11.06.2006)
 documentSilitix, [Full-disclosure] ImageVue Gallery : File Upload Vulnerability (11.06.2006)
 documentfarhad koosha, [KAPDA::#47] - Snitz Forum <= 3.4.05 SQL-Injection Vulnerability (11.06.2006)
 documentc4nberx_(at)_gmail.com, Joomla! 1.0 Remote File Inclusion (11.06.2006)
 documentAesthetico, [MajorSecurity #14]CFXe-CMS <= 2.0 - XSS (11.06.2006)
 documentAesthetico, [MajorSecurity #13]Cabacos Web CMS<= 3.8 - XSS (11.06.2006)
 documentAesthetico, [MajorSecurity #11]OpenCMS<= 6.2.1 - XSS (11.06.2006)
 documentluny_(at)_youfucktard.com, Tempinbox.com (11.06.2006)
 documentluny_(at)_youfucktard.com, fx-APP Version 0.0.8.1 (11.06.2006)
 documentluny_(at)_youfucktard.com, Ringlink v3.2 - XSS (11.06.2006)
Files:Exploits GUESTEX guestbook remote code execution

WinSCP URI handler command execution
Published:11.06.2006
Source:
SecurityVulns ID:6244
Type:client
Threat Level:
5/10
Description:scp:// and sftp:// URI handlers allow to transmit unsafe paramters via command line.
Affected:WINSCP : WinSCP 3.8
Original documentdocumentjelmer, [Full-disclosure] WinSCP - URI Handler Command Switch Parsing (11.06.2006)

CesarFTP buffer overflow
Published:11.06.2006
Source:
SecurityVulns ID:6245
Type:remote
Threat Level:
5/10
Description:Buffer overflow in MKD FTP command.
Affected:ACLOGIC : CesarFTP 0.99
Original documentdocumentSECURITEAM, [EXPL] CesarFTP Buffer Overflow (Exploit) (11.06.2006)
Files:CesarFtp 0.99g 0day Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod