SquirrelMail WebMail unauthorized access
Published:		14.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6487
Type:		remote
Level:		6/10
Description:		By changing internal compose.php variables it's possible to access files of settings of different users.

Affected:

SQUIRRELMAIL : Squirrelmail 1.4

Original document

Thijs Kinkhorst, SquirrelMail 1.4.8 released - fixes variable overwriting attack (14.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Symantec Backup Exec buffer overflow
Published:		14.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6488
Type:		remote
Level:		6/10
Description:		Buffer overflow in internal RPC-based protocol.

Affected:		SYMANTEC : Backup Exec for Windows Server 9.1
		SYMANTEC : Backup Exec for Windows Server 10.0
		SYMANTEC : Backup Exec for Windows Server 10.1
		SYMANTEC : Backup Exec for Windows Server 9.2

Original document

SYMANTEC, (Security Advisory) SYM06-014 Symantec Backup Exec Internal RPC Overflow (14.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		14.08.2006
Source:
SecurityVulns ID:		6490
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		WEBINSTA : WEBInsta 1.3
		MYWEBLAND : miniBloggie 1.0
		CALENDARIX : Calendarix 0.7
		WEBINSTRA : WEBinsta CMS 0.3
		ASPPLAYGROUND : ASPPlayground.NET Advanced Edition 2.4
		MYWEBLAND : myEvent 1.4
		VWAR : vWar 1.50
		STARTPAGE : Startpage 1.0

Original document		sh3ll_(at)_sh3ll.ir, miniBloggie <= 1.0 (fname) Remote File Inclusion Vulnerability (14.08.2006)
		sh3ll_(at)_sh3ll.ir, Startpage <= 1.0 (cfgLanguage) Remote File Inclusion Vulnerability (14.08.2006)
		philipp.niedziela_(at)_gmx.de, WEBInsta Mailing list manager (cabsolute_path) 1.3e RFI (14.08.2006)
		outlaw_(at)_aria-security.net, wheatblog ُSession.php Remote File Inclusion (14.08.2006)
		brom0815_(at)_gmx.de, VWar <= 1.50 R14 (n) Remote SQL Injection (14.08.2006)
		sh3ll_(at)_sh3ll.ir, Calendarix <= 0.7 (calpath) Remote File Inclusion Vulnerability (14.08.2006)
		sh3ll_(at)_sh3ll.ir, myEvent <= 1.4 Multiple Remote File Include Vulnerabilities (14.08.2006)
		blood2_20032003_(at)_yahoo.com, Forum Software ASPPlayground.NET Advanced Edition 2.4.5 Unicode Xss (14.08.2006)
		erdc_(at)_echo.or.id, [ECHO_ADV_45$2006] WEBinsta CMS 0.3.1 (templates_dir) Remote File Inclusion Vulnerability (14.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Informix security vulnerabilities updated since 14.08.2006
Published:		15.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6489
Type:		remote
Level:		7/10
Description:		Buffer overflow on oversized username. Information leak. Cleartext passwords. Buffer overflows, DoS. CREATE DATABASE privilege escalation. Multiple code execution vulnerabilities. File access.

Affected:		IBM : Informix 9.40
		IBM : Informix 10.00

Original document		NGSSoftware Insight Security Research, SQLIDEBUG envariable overflow on Informix (15.08.2006)
		NGSSoftware Insight Security Research, Multiple Password Exposures Flaws (15.08.2006)
		NGSSoftware Insight Security Research, Unauthorized Database Creation Privilege on Informix (15.08.2006)
		NGSSoftware Insight Security Research, Multiple Arbitrary Command Execution Vulnerabilities (15.08.2006)
		NGSSoftware Insight Security Research, Arbitrary Library Loading in Informix (15.08.2006)
		NGSSoftware Insight Security Research, Multiple Buffer Overflow Vulnerabilities in Informix (15.08.2006)
		NGSSoftware Insight Security Research, Multiple Arbitrary File Access (Write/Read) Vulnerabilities (15.08.2006)
		David Litchfield, Informix: Discovery, Attack,and Defense (14.08.2006)
		NGSSoftware Insight Security Research, Error logging buffer overflow in Informix (14.08.2006)
		NGSSoftware Insight Security Research, Informix Long Username Buffer Overflow Vulnerability (14.08.2006)

Discuss:

Read or add your comments to this news (0 comments)