Multiple Adobe Acrobat Reader bugs
Published:		17.08.2004
Source:		FULL-DISCLOSURE
SecurityVulns ID:		3912
Type:		client
Level:		5/10
Description:		Shell metacharacters problem, uudecode buffer overflow.

Affected:

ADOBE : Acrobat Reader 5.0

Original document

IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 08.12.04a: Adobe Acrobat Reader (Unix) Shell Metacharacter Code Execution Vulnerability (17.08.2004)

Discuss:

Read or add your comments to this news (0 comments)

NETGEAR DG834G unauthorized access
Published:		17.08.2004
Source:		BUGTRAQ
SecurityVulns ID:		3915
Type:		remote
Level:		5/10
Description:		It's possible to switch router to debug mode with unauthorized root access.

Affected:

NETGEAR : Netgear DG834G

Original document

thanasonic_(at)_hack.gr, NETGEAR DG834G SPECIAL FEATURES (17.08.2004)

Discuss:

Read or add your comments to this news (0 comments)

rsync directory traversal updated since 02.05.2004
Published:		17.08.2004
Source:		BUGTRAQ
SecurityVulns ID:		3649
Type:		remote
Level:		6/10
Description:		It's possible to bypass directory traversal protection by adding few slashes into path.

Affected:

RSYNC : rsync 2.5

Original document		SAMBA, August 2004 Security Advisory (17.08.2004)
		DEBIAN, [Full-Disclosure] [SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug (02.05.2004)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs updated since 17.08.2004
Published:		25.08.2004
Source:
SecurityVulns ID:		3914
Type:		remote
Level:		5/10

Affected:		PHPNUKE : Php-Nuke 7.1
		QUIXPLORER : QuiXplorer 2.3
		PHPMYWEBHOSTING : PHPMyWebHosting 0.3
		CATCI : Catci 0.8
		PHPFUSION : PHP-Fusion 4.0
		MERAK : Merak Webmail Server 5.2
		YAPIG : YaPiG 0.92
		PLAYSMS : PlaySMS 0.7
		NIHUO : Nihuo Web Log Analyzer 1.6
		SYMPA : Sympa 4.1
		MANTIS : Mantis 0.19
		MYDMS : MyDMS 1.4
		JSHOP : JShop 1.2
		EGROUPWARE : eGroupWare 1.0
		WEBARTFACTORY : WebArtFactory CMS
		WEBAPP : WebAPP 9.9
		HASTYMAIL : Hastymail 1.0
		HASTYMAIL : Hastymail 1.1
		HASTYMAIL : Hastymail 1.2

Original document		Jason Munro, Hastymail security update (25.08.2004)
		Jérôme ATHIAS, WebAPP directory traversal and ability to retrieve the DES encrypted password hash (25.08.2004)
		Noticias, WebArtFactory CMS Vulnerability (25.08.2004)
		Jose Antonio, Bugs fixed in Version 1.4.3 (25.08.2004)
		Jose Antonio, Multiple Cross Site Scripting Vulnerabilities in eGroupWare (25.08.2004)
		Dr`Ponidi Haryanto, JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks (25.08.2004)
		Jose Antonio, Multiple vulnerabilities in MyDMS (22.08.2004)
		Jose Antonio, Mantis Bugtracker Remote PHP Code Execution Vulnerability (22.08.2004)
		Jose Antonio, Cross Site Scripting Vulnerability in Sympa (22.08.2004)
		Audun Larsen, Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer (22.08.2004)
		SECURITEAM, [UNIX] PlaySMS SQL Injection via Cookie (19.08.2004)
		SECURITEAM, [UNIX] YaPiG add_comment.php PHP Code Injection (19.08.2004)
		Criolabs, Vulnerabilities in Merak Webmail Server. (19.08.2004)
		ahmad muammar, Multiple vulnerabilities in PHP-FUSION (19.08.2004)
		Abu Lafy, Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 (19.08.2004)
		Fernando Quintero, SQL Injection in CACTI (17.08.2004)
		Matias Neiff, Posible security bug in phpMyWebhosting (17.08.2004)
		Cyrille Barthelemy, QuiXplorer directory traversal (17.08.2004)

Discuss:

Read or add your comments to this news (0 comments)