KDE langen2kvtml symbolic links problem
Published:		15.08.2005
Source:		SECUNIA
SecurityVulns ID:		5107
Type:		local
Level:		5/10
Description:		Insecure temporary file creation.

Affected:

KDE : KDE 3.4

Original document

SECUNIA, [SA16428] KDE langen2kvtml Insecure Temporary File Creation (15.08.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple MindAlign instant messenger vulnerabilities
Published:		15.08.2005
Source:		NISCC
SecurityVulns ID:		5106
Type:		remote
Level:		5/10
Description:		Information leak, authentication bypass, crossite scripting, weak encryption, DoS.

Affected:

PARLANO : MindAlign 5.0

Original document

NISCC, Several Vulnerability Issues Affecting the MindAlign (15.08.2005)

Discuss:

Read or add your comments to this news (0 comments)

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) updated since 15.08.2005
Published:		21.08.2005
Source:
SecurityVulns ID:		5105
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		ADVANCEDGUESTBOO : Advanced Guestbook 2.3
		CUTEPHP : CuteNews 1.3
		PHPMYFAQ : phpMyFAQ 1.4
		MANTIS : Mantis 0.19
		EGROUPWARE : eGroupWare 1.0
		PHPADSNEW : phpAdsNew 2.0
		PHPOPENADS : phpPgAds 2.0
		PHPNUKE : PHP-Nuke 7.6
		PHPWEBSITE : phpWebSite 0.10
		WBB : Burning Board 2.2
		WBB : Burning Board 2.3
		DRUPAL : Drupal 4.5
		RUNCMS : Runcms 1.1
		MYBB : MyBB 1.0
		DRUPAL : Drupal 4.6
		APPLE : Mac OS X 10.4
		ATUTOR : ATutor 1.5
		PHPMYFAQ : phpMyFAQ 1.5
		NUCLEUS : Nucleus 3.20
		MAILWATCH : MailWatch for MailScanner 1.0
		EZ : ezUpload 2.2
		PHPXMLRPC : PHPXMLRPC 1.1
		PEAR : XML_RPC 1.3
		DOKEOS : Dokeos 1.6
		PHPTB : PHPTB 2.0
		CPAINT : CPAINT Ajax Toolkit 1.3
		PHPROJEKT : PHProjekt 5.0
		SOFT4E : ECW Shop 6.0
		DISCUZ : Discuz! 4.0
		PHPFREENEWS : PHPFreeNews 1.40
		CPAINT : CPAINT 1.3
		MIG : My Image Gallery 1.4
		WAGORA : W-Agora 4.2
		MEDIABOX404 : mediabox404 1.2
		DADAMAIL : Dada Mail 2.09
		ECWSHOP : ECW-Shop 6.02
		ZORUM : zorum 3.5
		BBCAFFE : BBCaffe 2.0
		EMEFA : Emefa Guestbook 1.2
		LIVESUPPORT : LiveSupport 1.0
		NEOCROME : Land Down Under 800

Original document		bl2k_(at)_shabgard.org, Bugs Land Down Under v800 (21.08.2005)
		admin_(at)_batznet.com, Woltlab Burning Board <= 2.2.2/2.3.3 modcp.php SQL injection (21.08.2005)
		s2b_(at)_hotmail.com, Vul in MyBB (21.08.2005)
		DEBIAN, [SECURITY] [DSA 778-1] New mantis packages fix several vulnerabilities (19.08.2005)
		SECUNIA, [SA16475] LiveSupport PEAR XML_RPC Nested XML Tags PHP Code Execution (19.08.2005)
		SECUNIA, [SA16489] Emefa Guestbook Script Insertion Vulnerability (19.08.2005)
		SECUNIA, [SA16491] MailWatch for MailScanner XML-RPC PHP Code Execution (19.08.2005)
		retrogod_(at)_liceposta.it, BBCaffe 2.0 cross site scripting poc (19.08.2005)
		retrogod_(at)_aliceposta.it, Zorum 3.5 remote code execution poc exploit (19.08.2005)
		Security Lists, runcms highlight.php hole (19.08.2005)
		SECUNIA, [SA16459] ECW-Shop SQL Injection and Cross-Site Scripting Vulnerabilities (18.08.2005)
		SECUNIA, [SA16435] Dada Mail Archived Messages Script Insertion Vulnerability (18.08.2005)
		SECUNIA, [SA16465] eGroupWare XML-RPC Nested XML Tags PHP Code Execution (18.08.2005)
		Matteo Beccati, [PHPADSNEW-SA-2005-001] phpAdsNew and phpPgAds 2.0.6 fix multiple vulnerabilities (18.08.2005)
		goszynskif_(at)_gmail.com, PHPTB Topic Board <= 20: Multiple PHP injection vulnerabilities (18.08.2005)
		Cedric.Tissieres_(at)_objectif-securite.ch, SQL injection in mediabox404 v1.2 (18.08.2005)
		matrix_killer ma3x, w-agora 4.2.0 and prior Remote Directory Travel Vulnerability (18.08.2005)
		matrix_killer ma3x, ATutor-1.5.1 SQL injection and XSS bugs (18.08.2005)
		SECUNIA, [SA16405] My Image Gallery Cross-Site Scripting Vulnerabilities (18.08.2005)
		SECUNIA, [SA16460] Nucleus CMS XML-RPC Nested XML Tags PHP Code Execution (18.08.2005)
		SECUNIA, [SA16462] CPAINT Ajax Toolkit Unspecified Command Execution Vulnerability (18.08.2005)
		Maksymilian Arciemowicz, [SECURITYREASON.COM] phpAdsNew/phpPgAds 2.0.5 Local file inclusion cXIb8O3.16 (18.08.2005)
		h4cky0u, [Full-disclosure] PHPFreeNews v1.40 and prior Multiple Vulnerabilities (18.08.2005)
		SECURITEAM, [UNIX] Discuz! Command Execution Vulnerability (17.08.2005)
		matrix_killer ma3x, XSS in CuteNews v1.3.6 (17.08.2005)
		John Cobb, [NOBYTES.COM: #9] ECW Shop 6.0.2 - Multiple Vulnerabilities (17.08.2005)
		h4cky0u, [Full-disclosure] phpWebSite 0.10.1 Full SQL Injection (17.08.2005)
		matrix_killer ma3x, PHProjekt 5.0 XSS (17.08.2005)
		matrix_killer ma3x, phpWebSite 0.10.1 Full SQL injection (17.08.2005)
		SECUNIA, [SA16434] ezUpload "path" Arbitrary File Inclusion Vulnerability (16.08.2005)
		wiley14_(at)_gmail.com, Vulnerability found in CPAINT Ajax Toolkit (16.08.2005)
		matrix_killer ma3x, Advanced Guestbook 2.3.3 upload image bug (16.08.2005)
		morning_wood, [Full-disclosure] Apple Mac Tiger 10.4 weblog server (16.08.2005)
		SECUNIA, [SA16443] PHPTB "mid" Parameter SQL Injection Vulnerability (16.08.2005)
		SECUNIA, [SA16441] phpMyFAQ XML-RPC Nested XML Tags PHP Code Execution (16.08.2005)
		SECUNIA, [SA16407] Dokeos Multiple Directory Traversal Vulnerabilities (15.08.2005)
		DRUPAL, [Full-disclosure] [DRUPAL-SA-2005-004] Drupal 4.6.3 / 4.5.5 fixes critical XML-RPC issue (15.08.2005)
		Stefan Esser, [Full-disclosure] Advisory 14/2005: PEAR XML_RPC Remote PHP Code Injection Vulnerability (15.08.2005)
		Stefan Esser, [Full-disclosure] Advisory 15/2005: PHPXMLRPC Remote PHP Code Injection Vulnerability (15.08.2005)

Files:		PHPBB 2.0.10 add admin exploit
		PHP-NUKE all versions add admin exploit
		PHP Stat Administrative User Authentication Bypass POC Exploit
		Zorum 3.5 remote commands execution
		EXPLOIT FOR: MyBulletinBoard Search.PHP SQL Injection Vulnerability
		phpbb 2.0.15 remote command execution exploit
Discuss:		Read or add your comments to this news (0 comments)