 |
|
|
|
Sun Solaris LD_AUDIT privilege escalation
updated since 28.06.2005 | | Published: |  | 17.07.2005 | | Source: |  | FULL-DISCLOSURE | | SecurityVulns ID: |  | 4937 | | Type: |  | local | | Level: |  | 9/10 | | Description: |  | LD_AUDIT environment variable allows to attch external dynamic library compiled with ld.so library. In addition, there is buffer overflow while parsing this variable. |
| Affected: |  | SUN : Solaris 9 | | | | SUN : Solaris 10 | | | | AVAYA : AVAYA CMS 13 | | | | AVAYA : Avaya IR 1.0 |
| Original document |  | petefran_(at)_gmail.com, Solaris Runtime Linker - Exploit Detection (17.07.2005) |
| | | Przemyslaw Frasunek, Re: [Full-disclosure] Solaris 9/10 ld.so fun (28.06.2005) |
| | | Przemyslaw Frasunek, [Full-disclosure] Solaris 9/10 ld.so fun (28.06.2005) |
PHP, ASP, CGI web applications security vulnerabilities
updated since 11.07.2005 | | Published: | | 17.07.2005 | | Source: | | | | SecurityVulns ID: | | 4978 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | PHPBB : phpBB 2.0 | | | | INVISION : Invision Power Board 2.0 | | | | INVISION : Invision Power Board 1.3 | | | | HOSTINGCONTROLLE : Hosting Controller 6.1 | | | | BLOGTORRENT : BlogTorrent 0.92 | | | | REINSVEIEN : DownloadProtect 1.0 | | | | IDBOARD : Id Board Free 1.1 | | | | SPID : SPiD 1.3 | | | | PPA : PPA 0.5 | | | | SQUITO : Squito Gallery 1.3 | | | | MOODLE : Moodle 1.5 | | | | INCREDIBLEINTERA : DragonFly Shopping Cart | | | | PHPYAWP : Yawp 1.0 | | | | IPHOTOALBUM : iPhotoAlbum 1.1 | | | | SIDV : SiDv 3.0 | | | | ETOMITE : Etomite 0.6 | | | | PCDOC24 : WPS Web-Portal-System 0.7 | | | | EKSTREME : PHP Counter 7.2 | | | | PHPSFTPD : PHPsFTPd 0.4 | | | | YABBSE : YabbSE 1.5 | | | | SIMPLEMESSAGEBOA : Simple Message Board 2.0 | | | | WEBEOC : WebEOC 6.0 | | | | SEAGULL : Seagull PHP Framework 0.43 | | | | CLASS1 : Class-1 0.24 | | | | MOOSEGALLERY : MooseGallery 1.02 | | | | PHPCOUNTER : PHPCounter 7.2 | | | | PHPAUCTION : Phpauction GPL 2.0 | | | | EMILDA : Emilda 1.2 | | | | USANET : USANet Shopping Mall | | | | USANET : Standard Classified Ads | | | | USANET : MakeBid Standard Auction | | | | USANET : MakeBid Reverse Auction | | | | USANET : MakeBid Deluxe Auction | | | | USANET : Domain Name Auction |
| Original document | | Zinho, [HSC Security Group] Invision PowerBoard 1.3.x - 2-x Exploit and Patch (17.07.2005) |
| | | durito, просмотр файлов в Web-Portal-System 0.7.0 (16.07.2005) |
| | | SECUNIA, [SA15985] USANet Creations Products Shell Command Injection Vulnerability (16.07.2005) |
| | | SECUNIA, [SA15857] Emilda User Management Security Bypass Vulnerability (16.07.2005) |
| | | SECUNIA, [SA15967] Phpauction GPL Multiple Vulnerabilities (16.07.2005) |
| | | SECUNIA, [SA15816] PHPCounter "EpochPrefix" Cross-Site Scripting Vulnerability (16.07.2005) |
| | | SECUNIA, [SA16093] MooseGallery "type" File Inclusion Vulnerability (16.07.2005) |
| | | SECUNIA, [SA16074] Seagull PHP Framework PEAR XML_RPC PHP Code Execution (16.07.2005) |
| | | SECUNIA, [SA16075] WebEOC Multiple Vulnerabilities (16.07.2005) |
| | | stormhacker_(at)_hotmail.com, XSS in forums Simple Message Board Version 2.0 Beta 1 (15.07.2005) |
| | | priestmaster, YaBBSe 1.5.5c Path disclosure problem (15.07.2005) |
| | | Steve, PHPsFTPd - Admin password leak (14.07.2005) |
| | | priestmaster, Path Disclosure and XSS problem in PHP Counter 7.2 (14.07.2005) |
| | | blahplok_(at)_yahoo.com, WPS Web-Portal-System v.0.7.0 (wps_shop.cgi) remote commands execution vulnerability (14.07.2005) |
| | | CENSORED, CSS в etomite v0.6 (14.07.2005) |
| | | CENSORED, SQL инъекции в SiDv v3.0 (14.07.2005) |
| | | SECUNIA, [SA16031] iPhotoAlbum File Inclusion Vulnerabilities (13.07.2005) |
| | | Stefan Esser, Advisory 10/2005: Yawp/YaWiki Remote URL Include Vulnerability (13.07.2005) |
| | | dcrab_(at)_hackerscenter.com, Dragonfly Shopping Cart Multiple vulnerabilities (13.07.2005) |
| | | SECUNIA, [SA16028] Moodle Unspecified Vulnerabilities (12.07.2005) |
| | | SECUNIA, [SA16009] Squito Gallery "photoroot" File Inclusion Vulnerability (12.07.2005) |
| | | SECUNIA, [SA16011] PPA "config[ppa_root_path]" File Inclusion Vulnerability (12.07.2005) |
| | | SECUNIA, [SA15976] Id Board free "f" SQL Injection Vulnerability (12.07.2005) |
| | | SECUNIA, [SA16003] DownloadProtect "file" Disclosure of Sensitive Information (12.07.2005) |
| | | Emanuele "MadSheep" Gentili, blogtorrent remote/local user password disclosure (12.07.2005) |
| | | kehieuhoc_(at)_yahoo.com, Bug Hosting Controller New (v6.1 - Hotfix 2.1) (12.07.2005) |
| | | Fixbugs, phpbb <=2.0.16 bug (11.07.2005) |
| Microsoft Outlook special DOS device names DoS | | Published: | | 17.07.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5011 | | Type: | | client | | Level: | | 5/10 | | Description: | | Microsoft Outlooks gangs on the messages with attachment with special device name. |
| |
|
| |
