Computer Security
[EN] securityvulns.ru no-pyccku


noweb symbolic links problem
updated since 21.06.2003
Published:13.02.2006
Source:
SecurityVulns ID:2918
Type:remote
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation.
Affected:NOWEB : noweb 2.9
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 968-1] New noweb packages fix insecure temporary file creation (13.02.2006)
 documentDEBIAN, [SECURITY] [DSA-323-1] New noweb packages fix insecure temporary file creation (21.06.2003)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.02.2006
Source:
SecurityVulns ID:5760
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:XMB : XMB 1.9
 E107 : e107 0.7
 PHPNUKE : PHP-Nuke 7.8
 PLAINBLACK : WebGUI 6.8
 CPAINT : CPAINT 2.0
 SUPERSMASHBROTHE : Invision Power Board Army System Mod 2.1
 VHCS : VHCS 2.4
 RUNCMS : Runcms 1.3
 HINTONDESIGN : phphg Guestbook 1.2
 HINTONDESIGN : phpht Topsites 1.3
 IMAGEVUEX : imageVue 16.1
 HIVEMAIL : HiveMail 1.3
 LINPHA : Linpha 1.0
 DOCMGR : DocMGR
 DBESESSION : DB_eSession 1.0
 SITEFRAME : Siteframe 5.0
 ANSILOVE : Ansilove 1.02
Original documentdocumentSECUNIA, [SA18810] Ansilove File Disclosure and File Upload Vulnerabilities (13.02.2006)
 documentSECUNIA, [SA18804] Siteframe "q" Cross-Site Scripting Vulnerability (13.02.2006)
 documentSECUNIA, [SA18805] DB_eSession "deleteSession()" Function SQL Injection (13.02.2006)
 documentSECUNIA, [SA18819] WebGUI User Account Creation Vulnerability (13.02.2006)
 documentSECUNIA, [SA18821] XMB Forums today.php Cookie Data SQL Injection (13.02.2006)
 documentSECUNIA, [SA18820] PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability (13.02.2006)
 documentSECUNIA, [SA18816] e107 Unspecified BBCode Script Insertion Vulnerabilities (13.02.2006)
 documentSECUNIA, [SA18803] DocMGR process.php File Inclusion Vulnerability (13.02.2006)
 documentGod Of Death (G.O.D), [Full-disclosure] XSS in PlaySMS (13.02.2006)
 documentJeiAr, Linpha <= 1.0 multiple arbitrary local inclusion (13.02.2006)
 documentJeiAr, HiveMail <= 1.3 Multiple Vulnerabilities (13.02.2006)
 documentzjieb_(at)_hotmail.com, imageVue16.1 upload vulnerability (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phpht Topsites Multiple Vulnerabilities (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] phphg Guestbook Multiple Vulnerabilities (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] GuestBookHost Authentication Bypass (13.02.2006)
 documentrgod_(at)_autistici.org, runCMS <= 1.3a2 possible remote code execution through the integrated FCKEditor package (13.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Unknown Domain Shoutbox multiple XSS & SQL Injection Vulnerabilities (13.02.2006)
 documentRoman Medina, [VulnWatch] RS-2006-1: Multiple flaws in VHCS 2.x (13.02.2006)
 documentSecuBox fRoGGz, Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit (13.02.2006)
 documentJeiAr, CPAINT AJAX Library Cross Site Scripting (13.02.2006)
Files:Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit

SUSE Linux privilege escalation
Published:13.02.2006
Source:
SecurityVulns ID:5761
Type:local
Threat Level:
5/10
Description:Multiple packages are erroneously compiled in a way dynamic libraries are loaded from current directory.
Affected:SUSE : SUSE LINUX 9.3
 SUSE : SUSE LINUX 10.0
 SUSE : SUSE LINUX 9.2
 SUSE : SUSE LINUX 9.1
 SUSE : SUSE SLES 9
 NOVELL : Novell Linux Desktop 9
Original documentdocumentSUSE, SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007) (13.02.2006)

D-Link / US Robotics multiple wireless access points DoS
Published:13.02.2006
Source:
SecurityVulns ID:5763
Type:remote
Threat Level:
6/10
Description:Fragmented sequential UDP packets causes device to reboot.
Affected:USR : USR8054
 DLINK : D-Link DI-524
 DLINK : D-Link DI-624
 DLINK : D-Link DI-784
Original documentdocumentdeft, [Full-disclosure] [thunkers.net] D-Link Fragmented UDP DoS Vulnerability (13.02.2006)

FortiGate application level firewall protection bypass
Published:13.02.2006
Source:
SecurityVulns ID:5764
Type:remote
Threat Level:
5/10
Description:URL filtering may be bypassed. FTP traffic is not virus checked.
Affected:FOTINET : FortiOS 2.8
Original documentdocumentMathieu Dessus, [Full-disclosure] URL filter bypass in Fortinet (13.02.2006)
 documentMathieu Dessus, [Full-disclosure] Bypass Fortinet anti-virus using FTP (13.02.2006)

HP Systems Insight Manager directory traversal
Published:13.02.2006
Source:
SecurityVulns ID:5765
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities allow to obtain any file from server.
Affected:HP : Systems Insight Manager 5.0
 HP : Systems Insight Manager 4.2
Original documentdocumentHP, [security bulletin] SSRT061108 rev.2 - HP Systems Insight Manager Remote Unauthorized Access - Directory Traversal (13.02.2006)

Multiple pam_mysql security vulnerabilities
Published:13.02.2006
Source:
SecurityVulns ID:5767
Type:remote
Threat Level:
5/10
Description:DoS and double free() bug.
Affected:PAMMYSQL : pam_mysql 0.6
Original documentdocumentSECUNIA, [SA18598] PAM-MySQL SQL Logging and Authentication Vulnerabilities (13.02.2006)

Multiple Hitachi Business Logic vulnerabilities
updated since 27.12.2005
Published:13.02.2006
Source:
SecurityVulns ID:5575
Type:remote
Threat Level:
5/10
Description:SQL injection, crossite scripting, etc.
Affected:HITACHI : Business Logic 2.06
 HITACHI : Business Logic 2.000
 HITACHI : Business Logic 3.0
Original documentdocumentSECUNIA, [SA18817] Hitachi Business Logic Cross-Site Scripting and SQL Injection (13.02.2006)
 documentSECUNIA, [SA18213] Hitachi Business Logic Multiple Vulnerabilities (27.12.2005)

Microsoft Internet Explorer Drag-and-Drop code execution
updated since 13.02.2006
Published:14.02.2006
Source:
SecurityVulns ID:5766
Type:remote
Threat Level:
5/10
Description:By spoofing target window in race period it's possible to install malware in special folder. Vulnerability may be exploited for trojaning user's machine, but requires interaction.
Affected:MICROSOFT : Internet Explorer 5.01
 MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentMatthew Murphy, Microsoft Internet Explorer Drag-and-Drop Redeux (14.02.2006)
 documentSECURITEAM, [NT] Microsoft Internet Explorer Drag-and-Drop Redeux (13.02.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod