Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		16.11.2006
Source:
SecurityVulns ID:		6830
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		FUNKYASP : FunkyASP Glossary 1.0
		BLOGME : Blogme 3
		FUTURETEC : E-Calendar Pro 3.0
		BLOO : Bloo 1.00
		TORRENTFLUX : TorrentFlux 2.2
		TORRENTFLUXB4RT : torrentflux-b4rt 2.1

Original document		Advisory_(at)_Aria-Security.net, Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection (16.11.2006)
		laurent gaffié, MetaCart e-Shop [multiples injection sql (get & post)] (16.11.2006)
		laurent gaffié, E-commerce Kit 1 PayPal Edition [ injection sql ] (16.11.2006)
		writ3r_(at)_gmail.com, TorrentFlux 2.2 Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities (16.11.2006)
		the_3dit0r_(at)_yahoo.com, Bloo => 1.00 Cross Site Scripting (16.11.2006)
		ZDI, [Full-disclosure] ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability (16.11.2006)
		laurent gaffié, E-Calendar Pro 3.0 [ login bypass & injection sql (post)] (16.11.2006)
		laurent gaffié, MultiCalendars [ multiples injection sql ] (16.11.2006)
		laurent gaffié, Dragon calendar [ login bypass & injection sql ] (16.11.2006)
		laurent gaffié, hpecs shopping cart[login bypass & injection sql (post)] (16.11.2006)
		laurent gaffié, A-Cart pro[ injection sql (post&get)] (16.11.2006)
		laurent gaffié, Property Site Manager [login bypass ,multiples injection sql & xss (get)] (16.11.2006)
		laurent gaffié, A+ Store E-Commerce[ injection sql & xss (post) ] (16.11.2006)
		laurent gaffié, Blogme v3 [admin login bypass & xss (post)] (16.11.2006)
		laurent gaffié, FunkyASP Glossary v1.0 [injection sql] (16.11.2006)
		laurent gaffié, Evolve Merchant[ injection sql ] (16.11.2006)
		laurent gaffié, Car Site Manager [injection sql & xss (get)] (16.11.2006)
		laurent gaffié, Inventory Manager [injection sql & xss (get)] (16.11.2006)
		Advisory_(at)_Aria-Security.net, BPG Content Management System SQL Injection (16.11.2006)
		Advisory_(at)_Aria-Security.net, Engine Manager SQL Injection (16.11.2006)
		Advisory_(at)_Aria-Security.net, ECommerce Store Shop Builder (16.11.2006)
		Advisory_(at)_Aria-Security.net, eShopping SQL Injection (16.11.2006)
		Advisory_(at)_Aria-Security.net, Ustore SQL Injection (16.11.2006)
		Advisory_(at)_Aria-Security.net, WWWeb Cocepts SQL Injection (16.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Panda Antivirus ActiveScan ActiveX security vulnerabilities
Published:		16.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6833
Type:		client
Level:		6/10
Description:		Memory corruption, information leak, client PC rebooting.

Affected:

PANDA : Panda ActiveScan 5.53

Original document

SECUNIA, [Full-disclosure] Secunia Research: Panda ActiveScan Multiple Vulnerabilities (16.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Selenium FTP Server / Conxint FTP directory traversal
Published:		16.11.2006
Source:		SECURITEAM
SecurityVulns ID:		6835
Type:		remote
Level:		5/10
Description:		Directory traversal in different FTP commands.

Affected:		CONXINT : Conxint FTP 2.2
		BIBASOFTWARE : Selenium FTP Server 1.0

Original document		SECURITEAM, [NT] Selenium FTP Server Directory Traversal (16.11.2006)
		SECURITEAM, [NT] Conxint FTP MKD DIR and GET Directory Transversal (16.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Windows Client Service for Netware multiple vulnerabilities updated since 14.11.2006
Published:		16.11.2006
Source:		MICROSOFT
SecurityVulns ID:		6825
Type:		remote
Level:		5/10
Description:		Memory corruption, DoS.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		MCAFEE, [Full-disclosure] Vulnerabilities in Client Service for NetWare (16.11.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980) (14.11.2006)

Files:		Microsoft Security Bulletin MS06-066 Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
Discuss:		Read or add your comments to this news (0 comments)

MDaemon mail server weak permissions
Published:		16.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6834
Type:		local
Level:		5/10
Description:		Installation folder allows User group to create files, making it possible to spoof system DLLs with local ones.

Affected:		ALT-N : MDaemon 9.0
		ALT-N : MDaemon 9.51
		ALT-N : MDaemon 9.53

Original document

SECUNIA, [Full-disclosure] Secunia Research: MDaemon Insecure Default Directory Permissions (16.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Kerio Webstar privilege escalation
Published:		16.11.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6832
Type:		local
Level:		5/10
Description:		Suid application loads library from current directory.

Affected:

KERIO : WebSTAR 5.4

Original document

Kevin Finisterre, [Full-disclosure] Kerio WebSTAR local privilege escalation (16.11.2006)

Files:		Exploits Kerio WebStar libucache.dylib privilege escalation
Discuss:		Read or add your comments to this news (0 comments)

Outpost Firewall privilege escalation updated since 02.11.2006
Published:		16.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6766
Type:		local
Level:		5/10
Description:		Insufficient incoming data validation for \Device\SandBox device driver and SSDT hoocked functions.

Affected:

AGNITUM : Outpost Firewall Pro 4.0

Original document		Matousec - Transparent security Research, Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability (16.11.2006)
		Matousec - Transparent security Research, Outpost Insufficient validation of 'SandBox' driver input buffer (02.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

UniversalFTP FTP Server DoS
Published:		16.11.2006
Source:		MILW0RM
SecurityVulns ID:		6837
Type:		remote
Level:		5/10
Description:		Server crash on MKD command with malformed argument.

Affected:

UNIVERSALFTP : UniversalFTP 1.0

Files:		DoS Exploit for UniversalFTP version 1.0.50
Discuss:		Read or add your comments to this news (0 comments)

libpng DoS updated since 16.11.2006
Published:		18.11.2006
Source:		SECUNIA
SecurityVulns ID:		6836
Type:		library
Level:		6/10
Description:		Out-of-bounds reading in png_set_sPLT().

Affected:		libpng : libpng 1.2
		PXELINUX : pxelinux 3.20
		SYSLINUX : syslinux 3.20
		DOXYGEN : doxygen 1.4
		CHROMIUM : chromium 0.9

Original document		MANDRIVA, [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities (18.11.2006)
		MANDRIVA, [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities (18.11.2006)
		MANDRIVA, [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities (18.11.2006)
		SECUNIA, [SA22900] libpng sPLT Chunk Handling Denial of Service (16.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

FireWire IOCTL integer overflow in different BSD-based Unix system updated since 16.11.2006
Published:		06.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6831
Type:		local
Level:		6/10
Description:		Negative IOCTL paramter value allows read access to kernel memory.

Affected:		NETBSD : NetBSD 2.1
		FREEBSD : FreeBSD 5.5
		MIDNIGHTBSD : MidnightBSD 0.1

Original document		FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:25.kmem (06.12.2006)
		Rodrigo Rubira Branco (BSDaemon), NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (16.11.2006)

Discuss:

Read or add your comments to this news (0 comments)