Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
Published:13.01.2006
Source:
SecurityVulns ID:5628
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ACAL : ACal 2.2
 PSOFT : H-Sphere 2.4
 MININUKE : Mininuke 1.8
 FOGBUGZ : FogBugz 4.029
 WORDCIRCLE : Wordcircle 2.17
 TANKLOGGER : TankLogger 2.4
 INTERSPIRE : TrackPoint NX 0.1
 LWCAL : Light Weight Calendar 1.0
Original documentdocumentSECUNIA, [SA18450] Light Weight Calendar "date" PHP Code Execution Vulnerability (13.01.2006)
 documentneset_(at)_wakiza.com, Interspire TrackPoint NX XSS Vulnerability (13.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] TankLogger SQL Injection Vulnerability (13.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] ACal Authentication Bypass & PHP Code Insertion (13.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Wordcircle Authentication Bypass (13.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities (13.01.2006)
 documentneset_(at)_wakiza.com, FogBugz Cross Site Scripting Vulnerability (13.01.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit (13.01.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability (13.01.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: MiniNuke CMS System <= 1.8.2 (news.asp) SQL Injection vulnerability (13.01.2006)
 documentneset_(at)_wakiza.com, M.Neset KABAKLI (13.01.2006)

Multiple PHP extensions vulnerabilities
Published:13.01.2006
Source:
SecurityVulns ID:5629
Type:remote
Threat Level:
5/10
Description:mysqli extension format string vulnerability, session extension session id HTTP response splitting.
Affected:PHP : PHP 5.0
 PHP : PHP 5.1
Original documentdocumentStefan Esser, Advisory 02/2006: PHP ext/mysqli Format String Vulnerability (13.01.2006)
 documentStefan Esser, Advisory 01/2006: PHP ext/session HTTP Response Splitting Vulnerability (13.01.2006)

Toshiba Bluetooth stack directory traversal
Published:13.01.2006
Source:
SecurityVulns ID:5630
Type:remote
Threat Level:
5/10
Description:Directory traversal with filename allows to upload file to any location.
Affected:TOSHIBA : Toshiba Bluetooth Stack 4.0
Original documentdocumentKevin Finisterre, [Full-disclosure] DMA[2006-0112a] - 'Toshiba Bluetooth Stack Directory Transversal' (13.01.2006)

BEA Weblogic application server information leak
Published:13.01.2006
Source:
SecurityVulns ID:5631
Type:remote
Threat Level:
5/10
Description:It's possible to retrieve MBean configuration anonymously with JNDI interface.
Affected:BEA : WebLogic 6.1
 BEA : Weblogic 7.0
 BEA : Weblogic 8.1
Original documentdocumentSECUNIA, [SA18396] BEA WebLogic MBean Exposure of Configuration Information (13.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod