Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 14.04.2006
Published:14.04.2006
Source:
SecurityVulns ID:6010
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPWEBSITE : phpWebSite 0.10
 QB : QuickBlogger 1.4
 PHPMYADMIN : phpmyadmin 2.7
 MYBB : MyBB 1.10
 PAJAX : PAJAX 0.5
 REVOBOARD : RevoBoard 1.8
 SAPHPLESSON : SaphpLesson 2.0
 WEBPLUS : Web+Shop 5.3
 CENSTORE : Censtore 7.3
 QUIZZ : quizz 1.0
 RATEIT : RateIt 2.2
Original documentdocumentSECUNIA, [SA19637] RateIt "rateit_id" SQL Injection Vulnerability (14.04.2006)
 documentSECUNIA, [SA19662] Web+Shop "storeid" Full Path Disclosure Weakness (14.04.2006)
 documentSECUNIA, [SA19626] Aweb Scripts Seller Payment Bypass Security Issue (14.04.2006)
 documentrevnic_(at)_gmail.com, TalentSoft Web+Shop Path Disclosure (14.04.2006)
 documentselfar2002_(at)_hotmail.com, SaphpLesson 2.0 (forumid) Remote SQL Injection Exploit (14.04.2006)
 documento.y.6_(at)_hotmail.com, MyBB 1.10 New CrossSiteScripting ' member.php ' (14.04.2006)
 documentkr4ch_(at)_web.de, phpMyAdmin 2.7.0-pl1 (14.04.2006)
 documentbotan_(at)_linuxmail.org, QuickBlogger v1.4 Cross-Site Scripting (14.04.2006)
 documento.y.6_(at)_hotmail.com, MyBB 1.10 New XSS ' member.php ' (14.04.2006)
 documentr0xes.ratm_(at)_gmail.com, RevoBoard [email] tag XSS (14.04.2006)
 documentselfar2002_(at)_hotmail.com, phpWebSite 0.10.? (topics.php) Remote SQL Injection Exploit (14.04.2006)
 documentRedTeam Pentesting, [Full-disclosure] PAJAX Remote Code Injection and File Inclusion Vulnerability (14.04.2006)
Files:Exploits phpWebSite topic SQL-Injection
 Exploits SaphpLesson 2.0 SQL-Injection
 quizz.p exploit
 Censtore.cgi exploit
 PHPWebSite <= 0.10.2 remote cmmnds xctn

Multiple Firefox / Netscape / SeaMonkey vulnerabilities
updated since 14.04.2006
Published:18.04.2006
Source:
SecurityVulns ID:6011
Type:client
Threat Level:
8/10
Description:Crossite scripting, memory corruptions, buffer overflows, array overflows, integer overflows. Can be exploited to silently install malware code.
Affected:MOZILLA : Firefox 1.0
 NETSCAPE : Netscape 8.1
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-107A -- Mozilla Products Contain Multiple Vulnerabilities (18.04.2006)
 documentZDI, [Full-disclosure] ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (17.04.2006)
 documentZDI, [Full-disclosure] ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (15.04.2006)
 documentSECUNIA, [SA19631] Firefox Multiple Vulnerabilities (14.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod