Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.10.2006
Source:
SecurityVulns ID:6722
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:BUGZILLA : Bugzilla 2.18
 DIGITALHIVE : DigitalHive 2.0
 BUGZILLA : Bugzilla 2.20
 WEBSPELL : Webspell 4.01
 BACKEND : Back-end 0.4
 WBB : WoltLab Burning Book 1.1
 ASBRUSOFT : HardCore Web Content Editor 6.0
 DEFBLOG : Def-Blog 1.0
 BUGZILLA : Bugzilla 2.22
 BUGZILLA : Bugzilla 2.23
Original documentdocumentBUGZILLA, Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 (16.10.2006)
 documentSYMANTEC, SYMSA-2006-010: Directory Traversal in IronWebMail (16.10.2006)
 documentMILW0RM, webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit (16.10.2006)
 documentSHiKaA-_(at)_hotmail.com, DigitalHive <= v2.0 RC2 (page) Remote File Inclusion Exploit (16.10.2006)
 documentSHiKaA-_(at)_hotmail.com, Def-Blog <= v1.0.1 (article) Remote SQL Injection Exploit (16.10.2006)
 documentSHiKaA-_(at)_hotmail.com, Def-Blog <= v1.0.1 (article) Remote SQL Injection Exploit (16.10.2006)
 documentsecurity_(at)_nruns.com, [Full-disclosure] Asbru HardCore Web Content Editor - Command Injection (16.10.2006)
 documentSHANKAR, многочисленные уязвимости в WoltLab Burning Book <=1.1.2 (16.10.2006)
Files:Exploits bbsNew => 2.0.1 Remote File Include Vulnerability
 vbulletin Exploit Tool Box
 Back-end => 0.4.5 Remote File Include Vulnerability
 woltlab.de burning book <=1.1.2 SQL and PHP injection PoC

IIS BlackIce PC Protection file lock protection bypass
Published:16.10.2006
Source:
SecurityVulns ID:6723
Type:local
Threat Level:
5/10
Description:It's possible to delete file and spoof deleted with new copy by direct call to ZwDeleteFile() API.
Affected:ISS : BlackICE PC Protection 3.6
Original documentdocumentMatousec - Transparent security Research, [Full-disclosure] ISS BlackICE PC Protection Filelock protection bypass Vulnerability (16.10.2006)

Multiple ClamAV antivirus security vulnerabilities
updated since 16.10.2006
Published:19.10.2006
Source:
SecurityVulns ID:6725
Type:remote
Threat Level:
7/10
Description:Buffer overflow on PE files parsing, DoS on CHM parsing.
Affected:CLAMAV : ClamAV 0.88
Original documentdocumentIDEFENSE, Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability (19.10.2006)
 documentIDEFENSE, Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability (19.10.2006)
 documentSECUNIA, [SA22370] Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities (16.10.2006)

Apple MacOS X Xcode OpenBase SQL privilege escalation
updated since 16.10.2006
Published:08.11.2006
Source:
SecurityVulns ID:6724
Type:local
Threat Level:
6/10
Description:On executing tar from suid root application TAR_OPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem.
Affected:XCODE : Xcode OpenBase 9.1
 XCODE : Xcode OpenBase 10.0
Original documentdocumentKevin Finisterre, [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux (08.11.2006)
Files:Xcode OpenBase <= 9.1.5 Local Root Exploit (OSX)
 Exploits XCode OpenBase SQL unsafe system() call
 Exploits XCode OpenBase SQL symlink

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod