 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 14.07.2006 | | Source: |  | | | SecurityVulns ID: |  | 6378 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | FLIPPERPOLL : Flipper Poll 1.1 | | | | FLATNUKE : Flatnuke 2.5 | | | | JOOMLA : com_hashcash 1.2 | | | | JOOMLA : HTMLArea3 1.3 | | | | MAMBO : Sitemap 2.0 | | | | PHOTOCYCLE : Photocycle 1.0 | | | | SCOZNET : ScozNews Final-Php 1.1 | | | | ORBITCODERS : Orbitmatrix PHP Script 1.0 | | | | PHORUM : PHORUM 5 | | | | PHPBB : PhpBB 3.0 | | | | JOOMLA : perForms 1.0 | | | | CZARNEWS : CzarNews 1.20 |
| Original document |  | SECUNIA, [SA21038] CzarNews "tpath" File Inclusion Vulnerability (14.07.2006) |
| | | Chironex Fleckeri, SubberZ[Lite] - Remote File Include (14.07.2006) |
| | | endeneu_(at)_linuxmail.com, perForms <= 1.0 ([mosConfig_absolute_path]) Remote File Inclusion (14.07.2006) |
| | | rgod_(at)_autistici.org, flatnuke <= 2.5.7 arbitrary php file upload (14.07.2006) |
| | | x0r0n_(at)_hotmail.com, Flipper Poll <= 1.1.0 Remote File Inclusion Vulnerability (14.07.2006) |
| | | luny_(at)_youfucktard.com, Orbitmatrix PHP Script v1.0 (14.07.2006) |
| | | luny_(at)_youfucktard.com, Photocycle v1.0 - XSS (14.07.2006) |
| | | x0r0n_(at)_hotmail.com, ScozNews Final-Php <=1.1 Remote File Inclusion Vulnerability (14.07.2006) |
| | | matdhule_(at)_gmail.com, [ECHO_ADV_38$2006] Multiple Mambo/Joomla Component Remote File Include Vulnerabilities (14.07.2006) |
Microsoft Windows XP/2003 Picture and Fax Viewer / Wine / ME code execution
updated since 28.12.2005 | | Published: | | 14.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5578 | | Type: | | client | | Level: | | 9/10 | | Description: | | Buffer overflow on parsing WMF metafiles. It may be used for silent Spyware/Trojan installation with Internet Explorer or another browser and also with Lotus Notes. There are vulnerabilities not covered by MS06-001. |
| Affected: | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | IBM : Lotus Notes 6.5 | | | | WINE : Wine 0.9 |
| Original document | | SYMANTEC, SYMSA-2006-004 (Full Details): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (14.07.2006) |
| | | SYMANTEC, SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (14.06.2006) |
| | | MICROSOFT, Microsoft Security Bulletin MS06-026 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547) (13.06.2006) |
| | | frankruder_(at)_hotmail.com, Microsoft Windows GRE WMF Format Multiple Memory Overrun Vulnerabilities (10.01.2006) |
| | | frankruder_(at)_hotmail.com, [UPDATE]Microsoft Windows GRE WMF Format Multiple Unauthorized Memory Access Vulnerabilities (10.01.2006) |
| | | MICROSOFT, Microsoft Security Bulletin MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) (07.01.2006) |
| | | CERT, US-CERT Technical Cyber Security Alert TA06-005A -- Update for Microsoft Windows Metafile Vulnerability (07.01.2006) |
| | | Juha-Matti Laurio, Lotus Notes WMF File Handling Code Execution Vulnerability (30.12.2005) |
| | | CERT, US-CERT Technical Cyber Security Alert TA05-362A -- Microsoft Windows Metafile Handling Buffer Overflow (29.12.2005) |
| | | X-FORCE, ISS Protection Alert: Windows Picture and Fax Viewer WMF Overflow (29.12.2005) |
| | | H D Moore, [Full-disclosure] Someone wasted a nice bug on spyware... (28.12.2005) |
| | | noemailpls_(at)_noemail.ziper, Is this a new exploit? (28.12.2005) |
| McAfee ePolicy Orchestrator directory traversal | | Published: | | 14.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6379 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to access any files with TCP/8081 interface. |
| |
|
| |
