Computer Security

Search:Vulnerability:16.11.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



UniversalFTP FTP Server DoS
Published:16.11.2006
Source:MILW0RM
SecurityVulns ID:6837
Type:remote
Level:5/10
Description:Server crash on MKD command with malformed argument.
Affected:UNIVERSALFTP : UniversalFTP 1.0
Files:DoS Exploit for UniversalFTP version 1.0.50
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.11.2006
Source:
SecurityVulns ID:6830
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FUNKYASP : FunkyASP Glossary 1.0
 BLOGME : Blogme 3
 FUTURETEC : E-Calendar Pro 3.0
 BLOO : Bloo 1.00
 TORRENTFLUX : TorrentFlux 2.2
 TORRENTFLUXB4RT : torrentflux-b4rt 2.1
Original documentdocumentAdvisory_(at)_Aria-Security.net, Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection (16.11.2006)
 documentlaurent gaffié, MetaCart e-Shop [multiples injection sql (get & post)] (16.11.2006)
 documentlaurent gaffié, E-commerce Kit 1 PayPal Edition [ injection sql ] (16.11.2006)
 documentwrit3r_(at)_gmail.com, TorrentFlux 2.2 Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities (16.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Bloo => 1.00 Cross Site Scripting (16.11.2006)
 documentZDI, [Full-disclosure] ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability (16.11.2006)
 documentlaurent gaffié, E-Calendar Pro 3.0 [ login bypass & injection sql (post)] (16.11.2006)
 documentlaurent gaffié, MultiCalendars [ multiples injection sql ] (16.11.2006)
 documentlaurent gaffié, Dragon calendar [ login bypass & injection sql ] (16.11.2006)
 documentlaurent gaffié, hpecs shopping cart[login bypass & injection sql (post)] (16.11.2006)
 documentlaurent gaffié, A-Cart pro[ injection sql (post&get)] (16.11.2006)
 documentlaurent gaffié, Property Site Manager [login bypass ,multiples injection sql & xss (get)] (16.11.2006)
 documentlaurent gaffié, A+ Store E-Commerce[ injection sql & xss (post) ] (16.11.2006)
 documentlaurent gaffié, Blogme v3 [admin login bypass & xss (post)] (16.11.2006)
 documentlaurent gaffié, FunkyASP Glossary v1.0 [injection sql] (16.11.2006)
 documentlaurent gaffié, Evolve Merchant[ injection sql ] (16.11.2006)
 documentlaurent gaffié, Car Site Manager [injection sql & xss (get)] (16.11.2006)
 documentlaurent gaffié, Inventory Manager [injection sql & xss (get)] (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, BPG Content Management System SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Engine Manager SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, ECommerce Store Shop Builder (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, eShopping SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Ustore SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, WWWeb Cocepts SQL Injection (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Multiple Panda Antivirus ActiveScan ActiveX security vulnerabilities
Published:16.11.2006
Source:BUGTRAQ
SecurityVulns ID:6833
Type:client
Level:6/10
Description:Memory corruption, information leak, client PC rebooting.
Affected:PANDA : Panda ActiveScan 5.53
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: Panda ActiveScan Multiple Vulnerabilities (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Selenium FTP Server / Conxint FTP directory traversal
Published:16.11.2006
Source:SECURITEAM
SecurityVulns ID:6835
Type:remote
Level:5/10
Description:Directory traversal in different FTP commands.
Affected:CONXINT : Conxint FTP 2.2
 BIBASOFTWARE : Selenium FTP Server 1.0
Original documentdocumentSECURITEAM, [NT] Selenium FTP Server Directory Traversal (16.11.2006)
 documentSECURITEAM, [NT] Conxint FTP MKD DIR and GET Directory Transversal (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Windows Client Service for Netware multiple vulnerabilities
updated since 14.11.2006
Published:16.11.2006
Source:MICROSOFT
SecurityVulns ID:6825
Type:remote
Level:5/10
Description:Memory corruption, DoS.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
Original documentdocumentMCAFEE, [Full-disclosure] Vulnerabilities in Client Service for NetWare (16.11.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) (14.11.2006)
Files: Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Discuss:Read or add your comments to this news (0 comments)

MDaemon mail server weak permissions
Published:16.11.2006
Source:BUGTRAQ
SecurityVulns ID:6834
Type:local
Level:5/10
Description:Installation folder allows User group to create files, making it possible to spoof system DLLs with local ones.
Affected:ALT-N : MDaemon 9.0
 ALT-N : MDaemon 9.51
 ALT-N : MDaemon 9.53
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: MDaemon Insecure Default Directory Permissions (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Outpost Firewall privilege escalation
updated since 02.11.2006
Published:16.11.2006
Source:BUGTRAQ
SecurityVulns ID:6766
Type:local
Level:5/10
Description:Insufficient incoming data validation for \Device\SandBox device driver and SSDT hoocked functions.
Affected:AGNITUM : Outpost Firewall Pro 4.0
Original documentdocumentMatousec - Transparent security Research, Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability (16.11.2006)
 documentMatousec - Transparent security Research, Outpost Insufficient validation of 'SandBox' driver input buffer (02.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Kerio Webstar privilege escalation
Published:16.11.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6832
Type:local
Level:5/10
Description:Suid application loads library from current directory.
Affected:KERIO : WebSTAR 5.4
Original documentdocumentKevin Finisterre, [Full-disclosure] Kerio WebSTAR local privilege escalation (16.11.2006)
Files:Exploits Kerio WebStar libucache.dylib privilege escalation
Discuss:Read or add your comments to this news (0 comments)

libpng DoS
updated since 16.11.2006
Published:18.11.2006
Source:SECUNIA
SecurityVulns ID:6836
Type:library
Level:6/10
Description:Out-of-bounds reading in png_set_sPLT().
Affected:libpng : libpng 1.2
 PXELINUX : pxelinux 3.20
 SYSLINUX : syslinux 3.20
 DOXYGEN : doxygen 1.4
 CHROMIUM : chromium 0.9
Original documentdocumentMANDRIVA, [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities (18.11.2006)
 documentMANDRIVA, [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities (18.11.2006)
 documentMANDRIVA, [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities (18.11.2006)
 documentSECUNIA, [SA22900] libpng sPLT Chunk Handling Denial of Service (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)

FireWire IOCTL integer overflow in different BSD-based Unix system
updated since 16.11.2006
Published:06.12.2006
Source:BUGTRAQ
SecurityVulns ID:6831
Type:local
Level:6/10
Description:Negative IOCTL paramter value allows read access to kernel memory.
Affected:NETBSD : NetBSD 2.1
 FREEBSD : FreeBSD 5.5
 MIDNIGHTBSD : MidnightBSD 0.1
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:25.kmem (06.12.2006)
 documentRodrigo Rubira Branco (BSDaemon), NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru