Returnil Virtual System protection bypass
Published:		16.06.2008
Source:		fRoGGz
SecurityVulns ID:		9089
Type:		local
Level:		4/10
Description:		Configuraiton file encryption password is stored in cleartext in process memory.

Affected:

RETURNIL : Returnil Virtual System 2008

Original document

mikuvoli_(at)_sverige.nu, Returnil Virtual System 2008 - Password Disclosure Issue (16.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

S.T.A.L.K.E.R. game server DoS
Published:		16.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9090
Type:		remote
Level:		5/10
Description:		Crash on player name longer than 64 characters.

Affected:

GSC : S.T.A.L.K.E.R. 1.0006

Original document

Luigi Auriemma, Denial of Service in S.T.A.L.K.E.R. 1.0006 (16.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

GSC privilege escalation
Published:		16.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9092
Type:		remote
Level:		4/10
Description:		Privileges are only checked on client side.

Affected:

GSC : GSC 2067

Original document

Moose, GSC Privilege Escalation Exploit (16.06.2008)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		16.06.2008
Source:
SecurityVulns ID:		9088
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Power Phlogger - information leak, crossite scripting. Simple Machines - crossite scripting.

Affected:		SMF : Simple Machines Forum 1.1
		PRENEWSMANAGER : Pre News Manager 1.0
		POWERPHLOGGER : Power Phlogger 2.2
		AZIMYT : Open Azimyt CMS 0.21
		AZIMYT : Open Azimyt CMS 0.22
		PREADSPORTAL : Pre Ads Portal 2.0

Original document		Jose Luis Góngora Fernández, E-SMART CART (productsofcat.asp) Remote SQL Injection Vulnerability (16.06.2008)
		Eduardo Jorge, Muitiple XSS - Glassfish Web Interface (Sun Java System Application Server 9.1_01 (build b09d-fcs) ) (16.06.2008)
		Jose Luis Góngora Fernández, PHP JOBWEBSITE PRO (JobSearch3.php) SQL Injection Vulnerability (16.06.2008)
		erdc_(at)_echo.or.id, [ECHO_ADV_98$2008] Pre Ads Portal <= 2.0 Sql Injection Vulnerability (16.06.2008)
		erdc_(at)_echo.or.id, [ECHO_ADV_97$2008] Pre News Manager <= 1.0 (index.php id) Sql Injection Vulnerability (16.06.2008)
		Digital Security Research Group [DSecRG], [DSECRG-08-026] LFI in Open Azimyt CMS 0.22 (16.06.2008)
		irancrash_(at)_gmail.com, VistaReseller Panel BETA Xss Vulnerability (16.06.2008)
		elektronic_(at)_antichat.ru, SMF <= 1.1.4 COOKIE[topic] SQL-Injection Exploit (16.06.2008)
		MustLive, Multiple new vulnerabilities in Power Phlogger (16.06.2008)

Files:		SMF <= 1.1.4 SQL Injection Exploit
Discuss:		Read or add your comments to this news (0 comments)

DUC NO-IP weak encryption
Published:		16.06.2008
Source:		BUGTRAQ
SecurityVulns ID:		9091
Type:		local
Level:		5/10
Description:		Password is stored in world-readable registry entry in reversable encryption form.

Original document

glafkos_(at)_infosec.org.uk, DUC NO-IP Local Password Information Disclosure Vulnerability (16.06.2008)

Files:		DUC NO-IP Local Password Information Disclosure
Discuss:		Read or add your comments to this news (0 comments)