HTML help privilege escalation Published: 12.01.2004 Source: FULL-DISCLOSURE SecurityVulns ID: 3201 Type: library Level: 5/10 Description: HtmlHelp() call doesn't drop system privileges. Affected: MICROSOFT : Windows 2000 Server MICROSOFT : Windows XP MICROSOFT : Windows 2003 Server MICROSOFT : Windows 2000 Profiessional SYMANTEC : Norton Internet Security 2004 Original document Kevin Finisterre , SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM (12.01.2004 ) Brett Moore , [Full-Disclosure] HTML Help API - Privilege Escalation (24.10.2003 )
CGI bugs Published: 12.01.2004 Source: BUGTRAQ SecurityVulns ID: 3336 Type: remote Level: 5/10 Affected: PHPGROUPWARE : phpGroupWare 0.9 GALLERY : Gallery 1.3 PHORUM : Phorum 3.4 PHPNUKE : PHP-Nuke 7.0 PHPBB : phpBB 2.06 PHPPING : php-ping MINIBB : miniBB 1.7 VCARD4J : vCard4J STOITSOV : EasyDynamicPages 2.0 INVISION : Invision Power Board 1.3 POSTNUKE : PostNuke 0.726 HOTNEWS : HotNews 0.7 MANLIX : Manlix SW GuestBook 0.5 VBULLETIN : Vbulletin 2.3 PROMOSI-WEB : ArdGuest Standard 1.6 PHPGEDVIEW : PHPGEDVIEW 2.61 FREZNOSHPO : FreznoShop 1.3 JITTERBUG : jitterbug 1.6 CVE: CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in Poplar Gedcom Viewer 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the env[rootPath] parameter.) Original document DEBIAN , [Full-Disclosure] [SECURITY] [DSA 420-1] New jitterbug packages fix arbitrary command execution (12.01.2004 ) SECURITEAM , [UNIX] FreznoShop Cross Site Scripting Vulnerability (search.php) (09.01.2004 ) Calum Power , Multiple Vulnerabilities in Phorum 3.4.5 (09.01.2004 ) Vietnamese Security Group , Vuln in PHPGEDVIEW 2.61 Multi-Problem (09.01.2004 ) DEBIAN , [Full-Disclosure] [SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection (09.01.2004 ) Frontal Attack , The Cross Site Scripting inArdGuest Standard (09.01.2004 ) Qianwei Hu , vBulletin Forum 2.3.xx calendar.php SQL Injection (06.01.2004 ) Frontal Attack , cgi bugs (06.01.2004 ) Dariusz 'Officerrr' Kolasinski , HotNews arbitary file inclusion (06.01.2004 ) Security Corporation Security Advisory , [SCSA-025] Invision Power Board SQL Injection Vulnerability (06.01.2004 ) JeiAr , PostNuke Issues (0.726 && Possibly Older) (06.01.2004 ) Security Corporation Security Advisory , [SCSA-025] Invision Power Board SQL Injection Vulnerability (04.01.2004 ) Vietnamese Security Group , include() vuln in EasyDynamicPages v.2.0 (03.01.2004 ) Just1n T1mberlake , Possible XSS vuln in VCard4J (03.01.2004 ) Jay Gates , SQL Injection in phpBB's groupcp.php (30.12.2003 ) Chintan Trivedi , Cross Site Scripting vulnerability in miniBB 1.7 (latest) and earlier (30.12.2003 ) Jens Liebchen , [Full-Disclosure] php-ping: Executing arbritary commands (29.12.2003 ) r00t_(at)_rsteam.ru , PHP-NUKE 7.0 FINAL (and olders) sql injection (29.12.2003 )
CGI bugs Published: 17.01.2004 Source: SecurityVulns ID: 3364 Type: remote Level: 5/10
