Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.09.2006
Source:
SecurityVulns ID:6599
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SIPS : sips 0.2
 POPPER : Popper 1.41
 TIKIWIKI : tikiwiki 1.9
 CNEWS : C-News 1.0
 PHPLINKEXCHANGE : PhpLinkExchange 1.0
 RAIDENHTTPD : RaidenHTTPD 1.1.
 CCLEAGUE : CCleague Pro Sports CMS 1.0
 VIVVO : Vivvo Article Manager 3.2
 SOCKETWIZ : Socketwiz Bookmarks 2.0
 OPENICMS : OPENi-CMS 1.0
 P4CMS : p4CMS 1.05
Original documentdocumentSHiKaA-_(at)_hotmail.com, p4CMS <= v1.05 (abs_pfad) Remote File Inclusion Exploit (12.09.2006)
 documentSHiKaA-_(at)_hotmail.com, Popper <= v1.41 (form) Remote File Inclusion Exploit (12.09.2006)
 documentSECUNIA, [SA21826] Stefan E. Newsscript Multiple Vulnerabilities (12.09.2006)
 documentbasher13_(at)_linuxmail.org, OPENi-CMS 1.0.1(config) Remote File Inclusion Vulnerability (12.09.2006)
 documentinfo_(at)_kahramanhost.com, phpWordPress (Vivvo Article Manager) (12.09.2006)
 documentinfo_(at)_kahramanhost.com, phpWordPress (Vivvo Article Manager) (12.09.2006)
 documentOmid, Sql injection in Tikiwiki (12.09.2006)
 documentchris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #8 - Mcgallerypro (path_to_folder) Remote File Inclusion (12.09.2006)
 documentthe.leo.008_(at)_gmail.com, C-News v 1.0.1 < = Multiple Remote File Include Vulnerabilities (12.09.2006)
 documentthe.leo.008_(at)_gmail.com, SIPS v 0.2.2 < = Remote File Include Vulnerability (12.09.2006)
 documentHACKERS PAL, HotPlug CMS Config File Include Vulnerability (12.09.2006)
 documentl0x3_(at)_hotmail.com, PayProCart <= 1146078425 Multiple Remote File Include Vulnerabilities (12.09.2006)
Files:HotPlug CMS Config File Include Vulnerability exploit
 Exploits PhpLinkExchange v1.0 RC
 RaidenHTTPD/1.1.49 remote commands execution exploit
 CCleague Pro Sports CMS <= 1.0.1RC1 (Cookie) Remote Code Execution Exploit
 Socketwiz Bookmarks <= 2.0 (root_dir) Remote File Include Exploit
 [email protected] <= 2.0 (skiny) Remote File Include Exploit

Multithreaded TFTP (buffer overflow)
Published:12.09.2006
Source:
SecurityVulns ID:6600
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized TFTP command.
Affected:TFTPSERVER : TFTP Server MT 1.1
 TFTPSERVER : TFTP Server MT 1.3
Files:Multithreaded TFTP 1.1 Server d0s exploit
 TFTPServerMT v 1.3 Remote Buffer Overflow Dos Exploit

Invalid Lotus Domino Web access sesssion cookie handling
Published:12.09.2006
Source:
SecurityVulns ID:6601
Type:remote
Threat Level:
4/10
Description:Server accepts session cookie after user logout.
Affected:IBM : Lotus Domino Web Access 7.0
CVE:CVE-2007-1740 (** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4843. Reason: This candidate is a duplicate of CVE-2006-4843. Notes: All CVE users should reference CVE-2006-4843 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.)
 CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified "code sequences" that bypass the protection scheme.)
Original documentdocumentFerguson, David, [Full-disclosure] Session Token Remains Valid After Logout in IBM Lotus Domino Web Access (12.09.2006)

Linux kernel ULE packet DoS
Published:12.09.2006
Source:
SecurityVulns ID:6602
Type:remote
Threat Level:
5/10
Description:Crash on receiving packet with zero SNDU length.
Affected:LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA21820] Linux Kernel ULE Packet Handling Denial of Service (12.09.2006)

Microsoft Windows XP Pragmatic General Multicast memory corruption
Published:12.09.2006
Source:
SecurityVulns ID:6603
Type:remote
Threat Level:
5/10
Description:Memory corruption on parsing multicast PGM message if Microsoft Message Queuing Services (MSMQ) service is installed.
Affected:MICROSOFT : Windows XP
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007) (12.09.2006)
Files:Microsoft Security Bulletin MS06-052 Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod