Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:11.07.2006
Source:
SecurityVulns ID:6355
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:RANDSHOP : randshop 1.1
 EDGEWALL : Trac 0.9
 SQUERY : SQuery 4.5
 OTTOMAN : Ottoman CMS 1.1
 PCCOOKBOOK : pc_cookbook 0.3
 PHPPOLLS : phpPolls 1.0
 FARSINEWS : Farsinews 3.0
 BLUEDOJO : Graffiti Forums 1.0
 SQUERY : SQuery 4.0
 SQUERY : SQuery 3.9
 EJ3 : TOPo 2.1
 SABDRIMER : Sabdrimer PRO 2.2
Original documentdocumentSECUNIA, [SA20958] Trac "reStructuredText" Directives Vulnerability (11.07.2006)
 documentA.nosrati, Sabdrimer PRO (v.2.2.4 ) Remote File Include Vulnerability (11.07.2006)
 documentSHiKaA, SQuery <= 4.5(libpath) Remote File Inclusion Exploit (11.07.2006)
 documentpaisterist.nst_(at)_gmail.com, Graffiti Forums v1.0 SQL Injection Vulnerabilities (11.07.2006)
 documentStorM BoY, MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download (11.07.2006)
 documentSaudi Hackrz, randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability (11.07.2006)
 documentarmin390_(at)_9mail.com, Local file inclusion in Farsinews3.0BETA1 (11.07.2006)
 documentalp_eren_(at)_ayyildiz.org, phpPolls 1.0.3 Administration ByPass (11.07.2006)
 documentmatdhule_(at)_gmail.com, [ECHO_ADV_37$2006] pc_cookbook Mambo/Joomla Component <= v0.3 Remote File Include Vulnerabilities (11.07.2006)
Files:Ottoman CMS <= 1.1.3 Remote File Inclusion Exploit
 EJ3 TOPO 2.2 Remote Code Execution Exploit

Multiple FlexWATCH network camera security vulnerabilities
Published:11.07.2006
Source:
SecurityVulns ID:6356
Type:remote
Threat Level:
5/10
Description:Crossite scripting, authentication bypass.
Affected:FLEXWATCH : FlexWATCH Network Camera 3.0
Original documentdocumentinfo_(at)_digitalarmaments.com, Digital Armaments Security Advisory 10.07.2006: Flexwath Authorization Bypassing and XSS Vulnerability (11.07.2006)

Samba file server DoS
Published:11.07.2006
Source:
SecurityVulns ID:6357
Type:remote
Threat Level:
5/10
Description:Memory exhaustion in smbd by issuing large number of share connection requests.
Original documentdocumentSAMBA, [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd (11.07.2006)
Files:Samba Internal Data Structures Denial of Service Vulnerability Exploit

Juniper DX crossite scripting
Published:11.07.2006
Source:
SecurityVulns ID:6358
Type:remote
Threat Level:
5/10
Description:Web administration system log crossite scripting thorugh username.
Affected:JUNIPER : Juniper DX 5.1
Original documentdocumentDarren Bounds, Juniper Networks DX Web Administration Persistent System Log XSS Vulnerability (11.07.2006)

WinGate directory traversal
Published:11.07.2006
Source:
SecurityVulns ID:6359
Type:remote
Threat Level:
6/10
Description:Directory traversal with IMAP.
Affected:QBIK : Wingate 6.1
Original documentdocumentSECUNIA, [SA20707] WinGate IMAP Commands Directory Traversal Vulnerability (11.07.2006)
Files:Imap directory traversal file listing, retrieval and deletion tools

Multiple Macromedia flash player security vulnerabilities
Published:11.07.2006
Source:
SecurityVulns ID:6360
Type:client
Threat Level:
7/10
Description:Multiple security vulnerabilities lead to code execution with possibility for silent malware installation.
Affected:ADOBE : Flash Player 8.0
Original documentdocumentFORTINET, Vulnerability in Macromedia Flash Player Could Allow Remote Code Execution (11.07.2006)

ASP.NET source code disclosure
Published:11.07.2006
Source:
SecurityVulns ID:6361
Type:remote
Threat Level:
6/10
Description:It's possible to retrieve source codes for scripts and executable, except protected file extensions.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : .NET Framework 2.0
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (917283) (11.07.2006)
Files:Microsoft Security Bulletin MS06-033 Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

Multiple Microsoft Windows Server service security vulnerabilities
updated since 11.07.2006
Published:21.08.2006
Source:
SecurityVulns ID:6363
Type:remote
Threat Level:
8/10
Description:Kernel mode heap overflow on mailslots processing. Information leak from SMB buffers.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service (16.08.2006)
 documentGerardo Richarte, Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) (16.08.2006)
 documentEEYE, [Full-disclosure] EEYE: Free scanning tool for critical MS06-040 flaw (10.08.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883) (08.08.2006)
 documentX-FORCE, ISS Protection Brief: Vulnerability in Server Driver could result in Denial of Service (29.07.2006)
 documentMCAFEE, [Full-disclosure] Microsoft SMB Information Disclosure Vulnerability CVE-2006-1315 (12.07.2006)
 documentTIPPINGPOINT, TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability (11.07.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159) (11.07.2006)
Files:Microsoft SRV.SYS Mailslot Ring0 Memory Corruption(MS06-035) Exploit
 Microsoft NetpIsRemote() MSO6-040 Overflow exploit (MetaSploit)
 Microsoft Windows CanonicalizePathName() Remote Code Execution Exploit
 MS06-040 Remote Code Execution Proof of Concept
 Microsoft Security Bulletin MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159)
 Microsoft Security Bulletin MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod