Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 12.10.2006
Published:12.10.2006
Source:
SecurityVulns ID:6705
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FLATNUKE : Flatnuke 2.5
 XEOPORT : Xeobook 0.93
 PHPLIST : phpList 2.10
 ZENPHOTO : zenphoto 1.0
 SUPERALBERT : AlberT-EasySite 1.0
 JINZORA : Jinzora 2.1
 GCARDS : gcards 1.13
 COMMUNITYPORTALS : CommunityPortals 1.0
 SMARTYVALIDATE : SmartyValidate 2.8
 XEOPORT : XeoPort 0.81
 CALLCENTERSOFTWA : call-center software 0.93
 SOFTERRA : PHP Developer Library 1.5
 DOWNLOADENGINE : Download-Engine 1.4
 PHPBB : phpBB Journals System mod 1.0
 SHNEWS : SH-News 3.1
 MINICHAT : Minichat 6
 NABOARD : [email protected] 3.1
 EDROTBERG : Exhibit Engine 1.5
Original documentdocumentraphael.huck_(at)_free.fr, zenphoto Multiple Path Disclosure and Cross Site Scripting Vulnerabilities (13.10.2006)
 documentMILW0RM, [email protected] <= 3.1.9e (naboard_pnr.php) Remote File Include Vulnerability (12.10.2006)
 documentlos_misfits_(at)_hotmail.com, Exploits Minichat v6 Remote File Include (12.10.2006)
 documentv1per-haCker, SH-News (RFI) (12.10.2006)
 documentv1per-hacker_(at)_hotmail.com , Download-Engine Remote File Include (12.10.2006)
 documentv1per-hacker_(at)_hotmail.com , Download-Engine Remote File Include (12.10.2006)
 documentmp01010_(at)_yahoo.com, Softerra. PHP Developer Library (12.10.2006)
 documentMayhemic Labs Security, [Full-disclosure] MHL-2006-002 Public Advisory: "Call-Center-Software" Multiple Security Issues (12.10.2006)
 documenttamriel_(at)_gmx.net, [Full-disclosure] XeoPort <= 0.81 SQL Injection Vulnerability (12.10.2006)
 documenttamriel_(at)_gmx.net, [Full-disclosure] Xeobook <= 0.93 Multiple SQL Injection Vulnerabilities (12.10.2006)
 documenthitham hitham, [Full-disclosure] New Vuln... (12.10.2006)
 documentk1tk4t_(at)_newhack.org, AlberT-EasySite <= 1.0.a5 Remote File Inclusion (12.10.2006)
 documentraphael.huck_(at)_free.fr, Noah's Classifieds Cross Site Scripting Vulnerability (12.10.2006)
 documentD-virus_(at)_linuxmail.org, gcards (languagefile) <= Remote File Include (12.10.2006)
 documentk1tk4t_(at)_newhack.org, Jinzora <= 2.1 Remote File Inclusion (12.10.2006)
 documentMustLive, Cross-Site Scripting в phplist (12.10.2006)
Files:Exploits CommunityPortals <= 1.0 Remote File Include Vulnerability
 Exploits Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability
 Exploits PHP News Reader <= 2.6.2 Remote File Include Vulnerability
 Exploits CommunityPortals <= 1.0 Remote File Include Vulnerability
 Exhibit Engine <= 1.5 RC 4 (photo_comment.php) Remote File Include Exploit
 Flatnuke <=2.5.8 file()/privilege escalation/remote commands xctn exploit
 Flatnuke 2.5.8 "userlang" arbitrary local inclusion/delete all users exploit

HP-UX TCP/IP DoS
Published:12.10.2006
Source:
SecurityVulns ID:6706
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.04
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02087 SSRT4728 rev.4 - HP-UX running TCP/IP Remote Denial of Service (DoS) (12.10.2006)

AOL YGPPDownload ActiveX buffer overflow
Published:12.10.2006
Source:
SecurityVulns ID:6707
Type:client
Threat Level:
5/10
Description:Buffer overflow in SetAlbumName() method of YGPPicDownload.dll AOL.PicDownloadCtrl.1.
Affected:AOL : AOL 9.0
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 10.11.06: AOL YGPPDownload SetAlbumName ActiveX Control Buffer Overflow Vulnerability (12.10.2006)

Sun Solaris NSPR library privilege escalation
Published:12.10.2006
Source:
SecurityVulns ID:6708
Type:library
Threat Level:
5/10
Description:Environment variable is used for log filename.
Affected:ORACLE : Solaris 10
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 10.11.06: Sun Microsystems Solaris NSPR Library Arbitrary File Creation Vulnerability (12.10.2006)
Files:Solaris 10 libnspr oldschool local root

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod