Search:Vulnerability:16.10.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 16.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6722
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: BUGZILLA : Bugzilla 2.18
DIGITALHIVE : DigitalHive 2.0
BUGZILLA : Bugzilla 2.20
WEBSPELL : Webspell 4.01
BACKEND : Back-end 0.4
WBB : WoltLab Burning Book 1.1
ASBRUSOFT : HardCore Web Content Editor 6.0
DEFBLOG : Def-Blog 1.0
BUGZILLA : Bugzilla 2.22
BUGZILLA : Bugzilla 2.23

Original document BUGZILLA, Security Advisory for Bugzilla 2.18.5, 2.20.2, 2.22, and 2.23.2 (16.10.2006)

SYMANTEC, SYMSA-2006-010: Directory Traversal in IronWebMail (16.10.2006)

MILW0RM, webSPELL <= 4.01.01 (getsquad) Remote SQL Injection Exploit (16.10.2006)

SHiKaA-_(at)_hotmail.com, DigitalHive <= v2.0 RC2 (page) Remote File Inclusion Exploit (16.10.2006)

document SHiKaA-_(at)_hotmail.com, Def-Blog <= v1.0.1 (article) Remote SQL Injection Exploit (16.10.2006)

SHiKaA-_(at)_hotmail.com, Def-Blog <= v1.0.1 (article) Remote SQL Injection Exploit (16.10.2006)

security_(at)_nruns.com, [Full-disclosure] Asbru HardCore Web Content Editor - Command Injection (16.10.2006)

document SHANKAR, многочисленные уязвимости в WoltLab Burning Book <=1.1.2 (16.10.2006)

Files: Exploits bbsNew => 2.0.1 Remote File Include Vulnerability
woltlab.de burning book <=1.1.2 SQL and PHP injection PoC
vbulletin Exploit Tool Box
Back-end => 0.4.5 Remote File Include Vulnerability
Discuss: Read or add your comments to this news (0 comments)

IIS BlackIce PC Protection file lock protection bypass
Published: 16.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6723
Type: local
Level: 5/10
Description: It's possible to delete file and spoof deleted with new copy by direct call to ZwDeleteFile() API.

Affected: ISS : BlackICE PC Protection 3.6

Original document Matousec - Transparent security Research, [Full-disclosure] ISS BlackICE PC Protection Filelock protection bypass Vulnerability (16.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple ClamAV antivirus security vulnerabilities
updated since 16.10.2006
Published: 19.10.2006
Source: SECUNIA
SecurityVulns ID: 6725
Type: remote
Level: 7/10
Description: Buffer overflow on PE files parsing, DoS on CHM parsing.

Affected: CLAMAV : ClamAV 0.88

Original document IDEFENSE, Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability (19.10.2006)

IDEFENSE, Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability (19.10.2006)

SECUNIA, [SA22370] Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities (16.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Apple MacOS X Xcode OpenBase SQL privilege escalation
updated since 16.10.2006
Published: 08.11.2006
Source: BUGTRAQ
SecurityVulns ID: 6724
Type: local
Level: 6/10
Description: On executing tar from suid root application TAR_OPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem.

Affected: XCODE : Xcode OpenBase 9.1
XCODE : Xcode OpenBase 10.0

Original document Kevin Finisterre, [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux (08.11.2006)

Files: Exploits XCode OpenBase SQL symlink
Xcode OpenBase <= 9.1.5 Local Root Exploit (OSX)
Exploits XCode OpenBase SQL unsafe system() call
Discuss: Read or add your comments to this news (0 comments)