Computer Security
[EN] securityvulns.ru
no-pyccku



Sun Java Webstart virtual machine protection bypass
Published:14.06.2005
Source:SECUNIA
SecurityVulns ID:4887
Type:client
Level:6/10
Description:It's possible to bypass sandbox environment.
Affected:SUN : JRE 1.5
 SUN : JDK 1.5
 SUN : J2SE 5.0
Original documentdocumentSECUNIA, [SA15671] Java Web Start Sandbox Security Bypass Vulnerability (14.06.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple bluetooth devices DoS
Published:14.06.2005
Source:BUGTRAQ
SecurityVulns ID:4884
Type:local
Level:5/10
Description:Traffic or connection flood leads to denial of service.
Affected:NOKIA : Nokia 7650
 NOKIA : Nokia 6600
 SIEMENS : Siemens V55
 MOTOROLA : Motorola S55
Original documentdocumenthugo_(at)_infohacking.com, Bluetooth SIG Denial of Service vulnerability (14.06.2005)
Discuss:Read or add your comments to this news (0 comments)

Novell eDirectory directory services special DOS device names DoS
Published:14.06.2005
Source:FULL-DISCLOSURE
SecurityVulns ID:4885
Type:remote
Level:5/10
Description:Special devices access causes error in dhost.exe.
Affected:NOVELL : Novell eDirectory 8.7
Original documentdocumentCIRT Advisory, [Full-disclosure] [CIRT.DK - Advisory] Novell eDirectory 8.7.3 DOS Device name Denial of Service (14.06.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple Macromedia products licensgin service privilege escalation
Published:14.06.2005
Source:SECUNIA
SecurityVulns ID:4886
Type:local
Level:6/10
Description:Ilcensing service file has weak permisions and may be spoofed by local user.
Affected:MACROMEDIA : Dreamweaver MX 2004
 MACROMEDIA : Captivate
 MACROMEDIA : Contribute 2
 MACROMEDIA : Contribute 3
 MACROMEDIA : Director MX 2004
 MACROMEDIA : Fireworks MX 2004
 ADOBE : Flash MX 2004
 MACROMEDIA : FreeHand MX
 MACROMEDIA : Macromedia Studio MX 2004
Original documentdocumentSECUNIA, [SA15654] Macromedia Products Privilege Escalation Vulnerability (14.06.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple bugs in OpenSSL
updated since 30.09.2003
Published:14.06.2005
Source:BUGTRAQ
SecurityVulns ID:3151
Type:remote
Level:7/10
Description:Rpbolem with stack corruption, uninitialized memory references.
Affected:OPENSSL : OpenSSL 0.9
 APPLE : Mac OS X 10.2
 CRAY : COS 3.4
 STUNNEL : Stunnel 0.9
 PWLIB : PWLib 1.4
 PWLIB : PWLib 1.5
 NOVELL : iManager 2.02
Original documentdocumentCIRT Advisory, [Full-disclosure] [CIRT.DK - Advisory] Novell iManager 2.0.2 ASN.1 Parsing vulnerability in Apache module (14.06.2005)
 documentREDHAT, [RHSA-2004:048-01] Updated PWLib packages fix protocol security issues (16.02.2004)
 documentOPENSSL, [OpenSSL Advisory] Denial of Service in ASN.1 parsing (05.11.2003)
 documentPatrik Hornik, New OpenSSL remote vulnerability (issue date 2003/10/02) (03.10.2003)
 documentCERT, CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations (03.10.2003)
 documentOPENSSL, [Full-Disclosure] [OpenSSL Advisory] Vulnerabilities in ASN.1 parsing (30.09.2003)
 documentOPENPKG, Subject: [OpenPKG-SA-2003.044] OpenPKG Security Advisory (openssl) (30.09.2003)
Files:OpenSSL ASN.1 parsing bugs PoC / brute forcer
Discuss:Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities
updated since 14.06.2005
Published:18.06.2005
Source:
SecurityVulns ID:4883
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
Affected:PAFILEDB : paFileDB 3.1
 UPB : Ultimate PHP Board 1.9
 SQUIRRELMAIL : squirrelmail 1.4
 SINGAPORE : singapore 0.9
 E107 : E107 0.617
 MAMBO : Mambo 4.5
 XAMPP : XAMPP 1.4
 AWSD : WebHints 1.03
 INTERACTIVEPHP : FusionBB 0.11
 PHPFORUMS : McGallery 1.1
 BITRIX : Bitrix Site Manager 4.0
 1TWO : Annuaire 1Two 1.0
 DOKEOS : Dokeos 1.5
 COOLCAFE : Cool Cafe Chat 1.2
 ATUTOR : ATutor 1.4
 ATUTOR : ATutor 1.5
 CONTELLIGENT : Contelligent 9.0
 AMAROK : amaroK Web Frontend 1.3
 AJAX : ajax-spell 1.7
Original documentdocumentSECUNIA, [SA15736] amaroK Web Frontend Exposure of User Credentials (18.06.2005)
 documentSECUNIA, [SA15738] Contelligent Preview Privilege Escalation Vulnerability (17.06.2005)
 documentSECUNIA, [SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure (17.06.2005)
 documentSECUNIA, [SA15705] ATutor Cross-Site Scripting Vulnerabilities (17.06.2005)
 documentmorning_wood, [Full-disclosure] CoolCafe Chat SQL injection (17.06.2005)
 documentMarc Ruef, e107 v0.617 several new and old vulnerabilities (17.06.2005)
 documentSQUIRRELMAIL, [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] (17.06.2005)
 documentAlberto Trivero, M4DR007-06SA (security advisory): Multiple vulnerabilities in UPB 1.9.6 GOLD (17.06.2005)
 documentSieg Fried, [Full-disclosure] Dokeos - Multiple Vulnerabilities (16.06.2005)
 documentSECUNIA, [SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion (16.06.2005)
 documentEmanuele "MadSheep" Gentili, MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability (16.06.2005)
 documentpokleyzz, Mambo 4.5.2.2 SQL Injection in UPDATE statement (16.06.2005)
 documentJeiAr, Multiple paFileDB Vulnerabilities (16.06.2005)
 documentD_BuG, Vulnerability: Bitrix Web Server Paths (16.06.2005)
 documentD_BuG, Vulnerability: Bitrix Php inclusion (16.06.2005)
 documentD_BuG, Vulnerability: McGallery v 1.1 Mysql DB including (16.06.2005)
 documentD_BuG, Vulnerability: McGallery v 1.1 files reading on disk (16.06.2005)
 documentJeiAr, FusionBB Multiple Vulnerabilities (16.06.2005)
 documentActionSpider_(at)_linuxmail.com, Remote Exploit for Web_store.cgi (16.06.2005)
 documentthegreatone2176_(at)_yahoo.com, singapore v0.9.11 cross site scripting and path disclosure (14.06.2005)
 documentblackshoe_(at)_gmail.com, File Upload Manager Sploits (14.06.2005)
Files:Passwords Decrypter for UPB <= 1.9.6
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru
test server