Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:13.06.2006
Source:
SecurityVulns ID:6248
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ZEROBOARD : Zeroboard 4.1
 PHPCMS : phpCMS 1.2
 INVISION : Invision Power Board 2.1
 COPPERMINE : Coppermine Photo Gallery 1.4
 BOASTMACHINE : boastMachine 3.1
 MYBB : MyBB 1.1
 CZARNEWS : CzarNews 1.14
 FOING : Foing 0.7
 AWEBNEWS : aWebNews 1.0
 CABACOS : Cabacos Web CMS 3.8
 AWFCMS : AWF CMS 1.11
 IGLOOWEB : igloo DoubleSpeak 0.1
 MYSCRAPBOOK : Myscrapbook 3.1
 THWBOARD : ThWboard 3.0
 MYPHPGUESTBOOK : myPHP Guestbook 2.0
 MDNEWS : MD News 1
 SAXON : SAXON 4.6
 SOMERY : Somery 0.4
 FLOG : FLog 1.1
 MAMBLOG : Mamblog 1.0
 WHEATBLOG : wheatblog 1.0
 SUBTEXT : SubText 1.5
 LOGISPHERE : LogiSphere 1.6
 CSFORUM : CS-Forum 0.81
CVE:CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.)
 CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in Wheatblog (wB) 1.1 allows remote attackers to inject arbitrary web script or HTML via the Email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue may overlap CVE-2006-5195.)
 CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 and 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.)
Original documentdocumentSECUNIA, [SA20592] Zeroboard ".htaccess" File Upload Vulnerability (13.06.2006)
 documentSECUNIA, [SA20534] CS-Forum Multiple Vulnerabilities (13.06.2006)
 documentSECUNIA, [SA20578] LogiSphere Cross-Site Scripting Vulnerability (13.06.2006)
 documentSECUNIA, [SA20580] SubText MultiBlog Admin Logon Security Issue (13.06.2006)
 documentSECUNIA, [SA20583] Cabacos Web CMS "suchtext" Parameter Cross-Site Scripting (13.06.2006)
 documentSpC-x, wheatblog 1.0 Version - "wb_inc_dir" Parameter File Inclusion Vulnerability (13.06.2006)
 documentSpC-x, Mamblog 1.0 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Flog 1.1.2 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, boastMachine v3.1 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Somery 0.4.4 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, SAXON 4.6 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, CzarNews v1.14 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, MD News 1 Version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, aWebNews 1.0 version - Remote File Include Vulnerabilities (13.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)
 documentkepche_(at)_msn.com, Invision Power Board XSS (13.06.2006)
 documentx0r_1_(at)_hotmail.de, MIME-tools 5.411 (Entity 5.404) (13.06.2006)
 document666_(at)_hell.de.tk, ThWboard 3.0 <= SQL Injection (13.06.2006)
 documentdarkfire_(at)_f4kelive.zzn.com, Foing (manage_songs.php) Remote File Inclusion[phpBB] (13.06.2006)
 documentimei, [KAPDA::48]CopperminePhotoGallery1.4.8~ addhit() function~ SQLinjection attack (13.06.2006)
 documentluny_(at)_youfucktard.com, Myscrapbook v3.1 - XSS (13.06.2006)
 documentSECUNIA, Secunia Research: MyBB "domecode()" PHP Code Execution Vulnerability (13.06.2006)
 documentaminrayden_(at)_yahoo.com, igloo DoubleSpeak v 0.1 Multiple remote file inclusion (13.06.2006)
 documentSpC-x, Simpnews <= All version - Remote File Include Vulnerabilities (13.06.2006)

Symantec multiple security applications buffer overflow
Published:13.06.2006
Source:
SecurityVulns ID:6249
Type:remote
Threat Level:
8/10
Description:Buffer overflow in remote management interface (TCP/2967).
Affected:SYMANTEC : Symantec AntiVirus 10.0
 SYMANTEC : Symantec AntiVirus 10.1
 SYMANTEC : Symantec Client Security 3.0
 SYMANTEC : Symantec Client Security 3.1
Original documentdocumentEEYE, [EEYEB-20060524] Symantec Remote Management Stack Buffer Overflow (13.06.2006)

Multiple FAST360 Appliance security vulnerabilities
Published:13.06.2006
Source:
SecurityVulns ID:6250
Type:remote
Threat Level:
5/10
Description:DNS requiest processing DoS, HTTP filtering bypass.
Affected:ARKOON : FAST360 3.0
 ARKOON : FAST360 3.1
 ARKOON : FAST360 3.2
 ARKOON : FAST360 3.3
 ARKOON : FAST360 4.0
Original documentdocumentSECUNIA, [SA20570] FAST360 Appliance HTTP Analysis Bypass Vulnerability (13.06.2006)
 documentSECUNIA, [SA20618] FAST360 Appliance DNS Analysis Denial of Service (13.06.2006)

Microsoft JScript (Internet Explorer) memory corruption
Published:13.06.2006
Source:
SecurityVulns ID:6253
Type:client
Threat Level:
8/10
Description:Memory corruption on objects release. May be used for hidden malware installation.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344) (13.06.2006)
Files:Microsoft Security Bulletin MS06-023 Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)

Microsoft Power Point memory corruption
Published:13.06.2006
Source:
SecurityVulns ID:6256
Type:client
Threat Level:
7/10
Description:Memory corruption can be used for hidden malware installation.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office v. X for Mac
Original documentdocumentMICROSOFT, Microsoft Security Bulletin MS06-028 (13.06.2006)

Multiple Microsoft Internet Explorer security vulnerabilities
updated since 13.06.2006
Published:14.06.2006
Source:
SecurityVulns ID:6251
Type:remote
Threat Level:
8/10
Description:Multiple memory corruptions, address bar spoofing, cross-frame data access. May be used for hidden malware installation.
Affected:MICROSOFT : Internet Explorer 5.01
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentSECUNIA, Secunia Resaerch: Internet Explorer Exception Handling Memory Corruption Vulnerability (14.06.2006)
 documentZDI, ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory Corruption Vulnerability (14.06.2006)
 documentZDI, ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-021 (13.06.2006)
Files:Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281)

Microsoft Windows 2000 AOL Image Support Update ART images buffer overflow
updated since 13.06.2006
Published:14.06.2006
Source:
SecurityVulns ID:6252
Type:client
Threat Level:
5/10
Description:Buffer overflow on ART images processing.
Affected:MICROSOFT : Windows 2000 AOL Image Support Update
Original documentdocumentIDEFENSE, iDefense Security Advisory 06.13.06: Microsoft Internet Explorer ART File Heap Corruption Vulnerability (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439) (13.06.2006)
Files:Microsoft Security Bulletin MS06-022 Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)

Windows Media Player PNG files buffer overflow
updated since 13.06.2006
Published:14.06.2006
Source:
SecurityVulns ID:6254
Type:client
Threat Level:
7/10
Description:Buffer overflow on PNG files processing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Media Player 9
 MICROSOFT : Windows Media Player 10
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 06.13.06: Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow (14.06.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-024 (13.06.2006)
Files: Microsoft Security Bulletin MS06-024 Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod