Computer Security
[EN] no-pyccku

Multiple Linksys/ ZyXel / Edimax / Sitecom routers UPnP problems
updated since 23.05.2006
SecurityVulns ID:6177
Threat Level:
Description:UPnP AddPortMapping request requires no authentication. It makes it possible to create mapping between any external port and internal IP/port. Additionally, insufficient paramters validation allows code execution on router itself.
Affected:LINKSYS : WRT54G
 ZYXEL : P-335WT
 EDIMAX : BR-6104K
Original documentdocumentSECUNIA, [SA22326] Linksys WRT54GXv2 Insecure Universal Plug and Play Configuration (14.10.2006)
Files:How does the UPnP flaw works

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:6718
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB SpamBlocker Mod 1.0
 SPAMOBORONA : SpamOborona PHPBB Plugin
 PHPBB : phpBB Security mod 1.0
 PHPBB : phpBB news defilante horizontale mod 4.1
 PHPBB : phpBB lat2cyr mod 1.0
 PHPBB : phpBB RPG Events mod 1.0
 BUZLAS : phpBB Buzlas mod 2006-1
 BLOQ : Bloq 0.5
 MORCEGO : Morcego CMS 0.9
 PHPCARDS : PHP Cards 1.3
 mnews : MNews 2.0
 GCONTACT : Gcontact 0.6
 EXLOR : EXlor 1.0
CVE:CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.)
 CVE-2006-7181 (Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/
Original documentdocumentxp1o_(at), @lex Guestbook <=(ModeliXe.php) Remote File Inclusion Exploit (14.10.2006)
 documentmahmood ali, EXlor 1.0 (/fonctions/template.php) Remote File Include Vulnerability (14.10.2006)
 documentsecurity_(at), Multiple XSS Vulnerability in Gcontact (14.10.2006)
 document566d9bfe_(at), TorrentFlux startpop.php torrent Script Insertion (14.10.2006)
 documentxp1o_(at), news7 <= (news.php) Remote File Inclusion Exploit (14.10.2006)
 documentCvIr.System_(at), CMS contenido Path Disclosure (14.10.2006)
 documentLe.CoPrA_(at), PHP Top webs (config.php) Remote File Inclue Vulnerability (14.10.2006)
 documentLe.CoPrA_(at), MNews <= 2.0 (noticias.php) Remote File Inclue Vulnerability (14.10.2006)
 documentLe.CoPrA_(at), PHP Cards <= 1.3 Remote File Inclue Vulnerability (14.10.2006)
 documentLe.CoPrA_(at), Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability (14.10.2006)
 documentLe.CoPrA_(at), RamaCMS ( Remote File Inclue Vulnerability (14.10.2006)
 documentBy_KorsaN_Son_(at), Bloq 0.5.4 Remote File İnclude (14.10.2006)
 documentBy_KorsaN_Son_(at), PHPht Topsites Remote File İnclude (14.10.2006)
Files:SpamOborona PHPBB Plugin Remote File Include Vulnerability
 SpamBlockerMODv <= 1.0.2 Remote File Include Vulnerability
 phpBB Security <= 1.0.1 Remote File Include Vulnerability
 pbpbb archive for search engines Remote File Include Vulnerability
 phpBB Add Name Remote File Include Vulnerability
 AMAZONIA MOD Remote File Include Vulnerability
 news defilante horizontale <= 4.1.1 Remote File Include Vulnerability
 phpBB lat2cyr <= 1.0.1 Remote File Include Vulnerability
 Exploits RPG Events 1.0.0 Remote File Include Vulnerability
 Exploits PhpBB Prillian French Remote File Include Vulnerability
 Buzlas <= v2006-1 Full Remote File Include Vulnerability

Apache web server mod_tcl security vulnerability
SecurityVulns ID:6719
Threat Level:
Description:Server format string vulnerabilities with HTTP request header names.
Affected:APACHE : mod_tcl 1.0
Original documentdocumentIDEFENSE, [VulnWatch] iDefense Security Advisory 10.13.06: Apache HTTP Server mod_tcl set_var Format String Vulnerability (14.10.2006)

Macromedia Breeze directory traversal
SecurityVulns ID:6720
Threat Level:
Affected:ADOBE : Macromedia Breeze 5.0
 ADOBE : Macromedia Breeze 5.1
Original documentdocumentSECUNIA, [SA22327] Macromedia Breeze URL Parsing Information Disclosure (14.10.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod