Computer Security
[EN] securityvulns.ru
no-pyccku



gld / postgrey antispam greylisting daemon for Postfix multiple vulnerabilities
updated since 13.04.2005
Published:17.04.2005
Source:BUGTRAQ
SecurityVulns ID:4682
Type:remote
Level:6/10
Description:Multiple buffer overflows, format string bugs.
Affected:GLD : gld 1.4
 POSTGREY : postgrey 1.18
Original documentdocumentSECUNIA, [SA14958] Postgrey Format String Denial of Service Vulnerability (17.04.2005)
 documentdong-h0un U, GLD (Greylisting daemon for Postfix) multiple vulnerabilities. (13.04.2005)
Files:gld 1.4 remote overflow format string exploit
Discuss:Read or add your comments to this news (0 comments)

monkeyd web server format string vulnerability
Published:17.04.2005
Source:BUGTRAQ
SecurityVulns ID:4698
Type:remote
Level:5/10
Affected:MONKEYD : monkeyd 0.9
Original documentdocumentGENTOO, [ GLSA 200504-14 ] monkeyd: Multiple vulnerabilities (16.04.2005)
Discuss:Read or add your comments to this news (0 comments)

libsafe stack protection library protection bypass
Published:17.04.2005
Source:BUGTRAQ
SecurityVulns ID:4700
Type:library
Level:5/10
Description:In multithread application there are race doncition before protection becomes active.
Affected:LIBSAFE : libsafe 2.0
Original documentdocumentOverflow.pl, [Overflow.pl] Libsafe - Safety Check Bypass Vulnerability (16.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Solaris GSS API privilege escalation
Published:17.04.2005
Source:SECUNIA
SecurityVulns ID:4702
Type:library
Level:6/10
Description:Ralative part is used to load library.
Affected:SUN : Solaris 8
 SUN : Solaris 7
 SUN : Solaris 9
Original documentdocumentSECUNIA, [SA14971] Solaris Unspecified Generic Security Services Library Vulnerability (17.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Multiple Musicmatch Jukebox bugs
Published:17.04.2005
Source:BUGTRAQ
SecurityVulns ID:4697
Type:client
Level:5/10
Description:Unauthorized files access, information leak.
Affected:YAHOO : Musicmatch 10.00
Original documentdocumentHyperdose Security, Trojan file issue in Musicmatch software (16.04.2005)
 documentHyperdose Security, Trusted Site Cross Site Scripting Elevation of Privilege in Musicmatch (16.04.2005)
 documentHyperdose Security, Improper log file storage in Musicmatch software (16.04.2005)
 documentHyperdose Security, Arbitrary file overwrite possible by Musicmatch ActiveX control (16.04.2005)
Discuss:Read or add your comments to this news (0 comments)

MacOS multiple browsers unauthorized local files access
Published:17.04.2005
Source:BUGTRAQ
SecurityVulns ID:4699
Type:client
Level:6/10
Description:By using AppleWebKit XMLHttpRequest it's possible to mount disk image with HTML documents to known location.
Affected:APPLE : Safari 1.2
 OMNIGROUP : OmniWeb 5.1
 APPLE : Safari RSS 2.0
Original documentdocumentDavid Remahl, [DR001] AppleWebKit XMLHttpRequest arbitrary file disclosure vulnerability (16.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Sun ONE Directory Server buffer overflow
Published:17.04.2005
Source:SECUNIA
SecurityVulns ID:4701
Type:remote
Level:6/10
Description:Buffer overflow on parsing LDAP request.
Affected:SUN : Sun ONE Directory Server 5.1
Original documentdocumentSECUNIA, [SA14960] Sun Java System Directory Server LDAP Request Buffer Overflow (16.04.2005)
Discuss:Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities
updated since 11.04.2005
Published:17.04.2005
Source:
SecurityVulns ID:4657
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
Affected:INVISION : Invision Power Board 1.3
 WEBCT : WebCT 4.1
 PHPNUKE : PHP-Nuke 7.6
 ACNEWS : ACNews 1.0
 TOWERBLOG : TowerBlog 0.6
 RABIDS : RadBids 2
 LOGICSSOFTWARE : LOG-FT
 UMMAGUMMA : zOOm Image Gallery 2.1
 JPORTAL : Jportal 2.3
 AZDG : AzDGDatingPlatinum 1.1
 XAMPP : XAMPP 1.4
 CENTRA : Centra 7
 SPLITBRAIN : DokuWiki
 WORDPRESS : WordPress 1.5
 EGROUPWARE : eGroupWare 1.006
 PHPBB2 : phpBB Plus 1.52
 S9Y : serentdipity 0.8
 ALL4WWW : All4WWW 1.0
 ONEWORLDSTORE : OneWorldStore
 RSA : RSA Authentication Agent for Web for IIS 5.2
 MYBLOGGIE : myBloggie 2.1
 SPHPBLOG : sphpblog 0.4
 CHRISNOWAK : Mafia Blog 0.4
Original documentdocumenttom cruise, phpBB datenbank mod has XSS/SQL Injection in the id variable (16.04.2005)
 documentdcrab_(at)_hackerscenter.com, Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below (16.04.2005)
 documentFrancisco Alisson, Mafia Blog (16.04.2005)
 documentahmad muammar, Vulnerabilities in sphpblog (16.04.2005)
 documentFrancisco Alisson, myBloggie 2.1.1 (16.04.2005)
 documentSECUNIA, [SA14954] RSA Authentication Agent for Web for IIS Cross-Site Scripting (15.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple multiple sql injection/errors and xss vulnerabilities in OneWorldStore (15.04.2005)
 documentFrancisco Alisson, All4WWW-Homepagecreator Remote Command Execution (15.04.2005)
 documentkreon, serendipity SQL Injection vulnerability (14.04.2005)
 documentdcrab_(at)_hackerscenter.com, Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules. (14.04.2005)
 documentGerald Quakenbush, eGroupWare Leaks Files (13.04.2005)
 documentNicolas Montoza, WordPress XSS and HTML injection (13.04.2005)
 documentkreon, DoKuWiki file-upload vulnerabilities (13.04.2005)
 documentAndreas Constantinides, zOOM Media Gallery - Simple SQL Injection discovery (13.04.2005)
 documentClorox, Centra 7 XSS Exploit (13.04.2005)
 documentlacertosum_(at)_yahoo.com, WebCT 4.1 vulnerable to XSS attacks (12.04.2005)
 documentmorning_wood, [Full-disclosure] XAMPP (12.04.2005)
 documentkreon, AzDGDatingPlatinum multiple vulnerabilities (12.04.2005)
 documentMarcin "CiNU5" Krupowicz, Sql injection in jPortal version 2.3.1 (module banner) (12.04.2005)
 documentdcrab_(at)_hackerscenter.com, Invision board 1.3.1 and below are vulnerable to a sql injection vulnerability [PATCH INCLUDED] (12.04.2005)
 documentJeiAr, Multiple ModernBill 4.3.0 And Earlier Vulnerabilities (11.04.2005)
 documentAndreas Constantinides, [VulnWatch] zOOM Media Gallery - Simple SQL Injection discovery (11.04.2005)
 documentSECUNIA, [SA14851] Logics Software LOG-FT File Transfer Arbitrary File Disclosure (11.04.2005)
 documentSECURITEAM, [UNIX] RadBids Multiple Vulnerabilities (11.04.2005)
 documentCorryL, [Full-disclosure] TowerBlog <= 0.6 Admin Account View [x0n3-h4ck] (11.04.2005)
 documentBilDos, Exploti... (11.04.2005)
Discuss:Read or add your comments to this news (0 comments)

Dameware NT Utilities / Mini Remote Control privilege escalation
updated since 07.04.2005
Published:17.04.2005
Source:SECUNIA
SecurityVulns ID:4648
Type:local
Level:5/10
Affected:DAMEWARE : DameWare NT Utilities 4.8
 DAMEWARE : Mini Remote Control 4.8
Original documentdocumentJordi Corrales, Dameware NT Utilities and MiniRemote Control <= 4.9 vulnerability (16.04.2005)
 documentSECUNIA, [SA14829] DameWare NT Utilities / Mini Remote Control Privilege Escalation (07.04.2005)
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 



Рейтинг@Mail.ru