Computer Security
[EN] securityvulns.ru no-pyccku


Outpost Firewall privilege escalation
updated since 02.11.2006
Published:16.11.2006
Source:
SecurityVulns ID:6766
Type:local
Threat Level:
5/10
Description:Insufficient incoming data validation for \Device\SandBox device driver and SSDT hoocked functions.
Affected:AGNITUM : Outpost Firewall Pro 4.0
Original documentdocumentMatousec - Transparent security Research, Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability (16.11.2006)
 documentMatousec - Transparent security Research, Outpost Insufficient validation of 'SandBox' driver input buffer (02.11.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.11.2006
Source:
SecurityVulns ID:6830
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:FUNKYASP : FunkyASP Glossary 1.0
 BLOGME : Blogme 3
 FUTURETEC : E-Calendar Pro 3.0
 BLOO : Bloo 1.00
 TORRENTFLUX : TorrentFlux 2.2
 TORRENTFLUXB4RT : torrentflux-b4rt 2.1
Original documentdocumentAdvisory_(at)_Aria-Security.net, Xtreme ASP Photo Gallery Cross Site Scripting And SQL Injection (16.11.2006)
 documentlaurent gaffié, MetaCart e-Shop [multiples injection sql (get & post)] (16.11.2006)
 documentlaurent gaffié, E-commerce Kit 1 PayPal Edition [ injection sql ] (16.11.2006)
 documentwrit3r_(at)_gmail.com, TorrentFlux 2.2 Arbitrary File Creation/Overwrite/Deletion & Command Execution Vulnerablities (16.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Bloo => 1.00 Cross Site Scripting (16.11.2006)
 documentZDI, [Full-disclosure] ZDI-06-042: Verity Ultraseek Request Proxying Vulnerability (16.11.2006)
 documentlaurent gaffié, E-Calendar Pro 3.0 [ login bypass & injection sql (post)] (16.11.2006)
 documentlaurent gaffié, MultiCalendars [ multiples injection sql ] (16.11.2006)
 documentlaurent gaffié, Dragon calendar [ login bypass & injection sql ] (16.11.2006)
 documentlaurent gaffié, hpecs shopping cart[login bypass & injection sql (post)] (16.11.2006)
 documentlaurent gaffié, A-Cart pro[ injection sql (post&get)] (16.11.2006)
 documentlaurent gaffié, Property Site Manager [login bypass ,multiples injection sql & xss (get)] (16.11.2006)
 documentlaurent gaffié, A+ Store E-Commerce[ injection sql & xss (post) ] (16.11.2006)
 documentlaurent gaffié, Blogme v3 [admin login bypass & xss (post)] (16.11.2006)
 documentlaurent gaffié, FunkyASP Glossary v1.0 [injection sql] (16.11.2006)
 documentlaurent gaffié, Evolve Merchant[ injection sql ] (16.11.2006)
 documentlaurent gaffié, Car Site Manager [injection sql & xss (get)] (16.11.2006)
 documentlaurent gaffié, Inventory Manager [injection sql & xss (get)] (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, BPG Content Management System SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Engine Manager SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, ECommerce Store Shop Builder (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, eShopping SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, Ustore SQL Injection (16.11.2006)
 documentAdvisory_(at)_Aria-Security.net, WWWeb Cocepts SQL Injection (16.11.2006)

Kerio Webstar privilege escalation
Published:16.11.2006
Source:
SecurityVulns ID:6832
Type:local
Threat Level:
5/10
Description:Suid application loads library from current directory.
Affected:KERIO : WebSTAR 5.4
Original documentdocumentKevin Finisterre, [Full-disclosure] Kerio WebSTAR local privilege escalation (16.11.2006)
Files:Exploits Kerio WebStar libucache.dylib privilege escalation

Multiple Panda Antivirus ActiveScan ActiveX security vulnerabilities
Published:16.11.2006
Source:
SecurityVulns ID:6833
Type:client
Threat Level:
6/10
Description:Memory corruption, information leak, client PC rebooting.
Affected:PANDA : Panda ActiveScan 5.53
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: Panda ActiveScan Multiple Vulnerabilities (16.11.2006)

MDaemon mail server weak permissions
Published:16.11.2006
Source:
SecurityVulns ID:6834
Type:local
Threat Level:
5/10
Description:Installation folder allows User group to create files, making it possible to spoof system DLLs with local ones.
Affected:ALT-N : MDaemon 9.0
 ALT-N : MDaemon 9.51
 ALT-N : MDaemon 9.53
Original documentdocumentSECUNIA, [Full-disclosure] Secunia Research: MDaemon Insecure Default Directory Permissions (16.11.2006)

Selenium FTP Server / Conxint FTP directory traversal
Published:16.11.2006
Source:
SecurityVulns ID:6835
Type:remote
Threat Level:
5/10
Description:Directory traversal in different FTP commands.
Affected:CONXINT : Conxint FTP 2.2
 BIBASOFTWARE : Selenium FTP Server 1.0
Original documentdocumentSECURITEAM, [NT] Selenium FTP Server Directory Traversal (16.11.2006)
 documentSECURITEAM, [NT] Conxint FTP MKD DIR and GET Directory Transversal (16.11.2006)

UniversalFTP FTP Server DoS
Published:16.11.2006
Source:
SecurityVulns ID:6837
Type:remote
Threat Level:
5/10
Description:Server crash on MKD command with malformed argument.
Affected:UNIVERSALFTP : UniversalFTP 1.0
Files:DoS Exploit for UniversalFTP version 1.0.50

FireWire IOCTL integer overflow in different BSD-based Unix system
updated since 16.11.2006
Published:06.12.2006
Source:
SecurityVulns ID:6831
Type:local
Threat Level:
6/10
Description:Negative IOCTL paramter value allows read access to kernel memory.
Affected:NETBSD : NetBSD 2.1
 FREEBSD : FreeBSD 5.5
 MIDNIGHTBSD : MidnightBSD 0.1
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:25.kmem (06.12.2006)
 documentRodrigo Rubira Branco (BSDaemon), NetBSD all versions FireWire IOCTL kernel integer overflow information disclousure (16.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod