Search:Vulnerability:17.08.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 17.08.2006
Source: BUGTRAQ
SecurityVulns ID: 6498
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPAY : Phpay 2.02
WIKIWEBWEAVER : WikiWebWeaver 1.0
NETCOMMONS : NetCommons 1.0
SPIDEYBLOG : Spidey Blog Script 1.5
PHPROJEKT : PHProjekt 5.1
ZENCART : Zen Cart 1.3
OWL : Owl Intranet Knowledgebase 0.90
DISCLOSER : Discloser 0.0

Original document SECUNIA, [SA21517] OPT Max "CRM_inc" Parameter File Inclusion Vulnerability (17.08.2006)

SECUNIA, [SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection (17.08.2006)

SECUNIA, [SA21454] phPay Open Mail Relay Vulnerability (17.08.2006)

SECUNIA, [SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities (17.08.2006)

document SECUNIA, [SA21526] PHProjekt "path_pre"/"lib_path" File Inclusion Vulnerabilities (17.08.2006)

SECUNIA, [SA21482] Spidey Blog Script "pid" SQL Injection Vulnerability (17.08.2006)

SECUNIA, [SA21445] NetCommons Unspecified Cross-Site Scripting Vulnerability (17.08.2006)

crackers_child_(at)_sibersavascilar.com, HelpDesk.cgi Vulnerability (17.08.2006)

document crackers_child_(at)_sibersavascilar.com, WikiWebWeaver 1.0 beta 2 Upload Shell Vulnerability (17.08.2006)

crackers_child_(at)_sibersavascilar.com, com_extcalendar(extcalendar.php) Remote File Include Vulnerabilities (17.08.2006)

crackers_child_(at)_sibersavascilar.com, dwodp Mambo Component Remote File Include Vulnerabilities (17.08.2006)

Files: Exploits discloser 0.0.4 Remote File Inclusion
Discuss: Read or add your comments to this news (0 comments)

Multiple 04WebServer security vulnerabilities
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6503
Type: remote
Level: 5/10
Description: Crossite scripting, user identification bypass.

Affected: SOFT3304 : 04WebServer 1.83

Original document SECUNIA, [SA21504] 04WebServer Cross-Site Scripting and Security Bypass (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple Novell eDirectory security vulnerabilities
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6504
Type: remote
Level: 5/10
Description: Remote Denial of Service, cleartext password in log files.

Original document SECUNIA, [SA21496] Novell eDirectory Denial of Service and Password Exposure (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Shockwave crossite scripting
updated since 24.07.2006
Published: 17.08.2006
Source: BUGTRAQ
SecurityVulns ID: 6391
Type: client
Level: 6/10
Description: Crossite access to cookies and document data is possible.

Original document Amit Klein (AKsecurity), Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" (17.08.2006)

Amit Klein (AKsecurity), Technical note: under some conditions, it's possible to steal HTTP credentials using Flash (15.08.2006)

Amit Klein (AKsecurity), Sending multipart/form-data requests from Flash (with arbitrary headers) (11.08.2006)

document Amit Klein (AKsecurity), Write-up by Amit Klein: "Forging HTTP request headers with Flash" (25.07.2006)

spammeanddie_(at)_msn.com, Crtical Shockwave Embeded XSS Execution (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

ShockwaveFlash ActiveX buffer overflow
Published: 17.08.2006
Source: BUGTRAQ
SecurityVulns ID: 6499
Type: client
Level: 4/10
Description: Stack overflow (stack memory exhaustion) on oversized hostname in AllowScriptAccess property ftp:// URL.

Original document Mr.Niega_(at)_gmail.com, ShockwaveFlash 9 (Stack overflow) (17.08.2006)

Files: ShockwaveFlash 9 Stack overflow PoC exploits
ShockwaveFlash 9 Stack overflow PoC exploits (2)
Discuss: Read or add your comments to this news (0 comments)

HP-UX DoS
Published: 17.08.2006
Source: BUGTRAQ
SecurityVulns ID: 6500
Type: local
Level: 5/10
Description: Support Tools Manager DoS, Trusted Mode DoS.

Affected: HP : HP-UX 11.11
HP : HP-UX 11.23

Original document HP, [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS) (17.08.2006)

HP, [security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple Sony Vaio Media Integrated Server security vulnerabilities
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6506
Type: remote
Level: 5/10
Description: Buffer overflow, durectory traversal.

Affected: SONY : Vaio Media Server 5.0

Original document SECUNIA, [SA21512] Sony VAIO Media Integrated Server Two Vulnerabilities (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

XFree86 / X11.org integer overflow
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6507
Type: local
Level: 5/10
Description: Integer overflow on PCF fonts parsing.

Affected: XFREE : XFree86 4.3
XFREE : XFree86 4.6
XORG : X11 6.9
XFREE : XFree86 4.5
XFREE : XFree86 4.4
XORG : X11 7.0

Original document SECUNIA, [SA21446] XFree86 PCF Integer Overflow Vulnerabilities (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

IBM eGatherer ActiveX buffer overflow
Published: 17.08.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 6502
Type: client
Level: 6/10
Description: Buffer overflow on oversized RunEgatherer method's parameter.

Affected: IBM : eGatherer 3.20

Original document EEYE, [Full-disclosure] [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability (17.08.2006)

Files: IBM eGatherer ActiveX Code Execution PoC
IBM eGatherer ActiveX PoC
Discuss: Read or add your comments to this news (0 comments)

Solaris race conditions
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6505
Type: local
Level: 5/10
Description: Race condition on netstat or SNMP query during ifconfig causes DoS.

Affected: ORACLE : Solaris 10

Original document SECUNIA, [SA21471] Sun Solaris netstat/SNMP queries and ifconfig Race Condition (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Symantec Veritas NetBackup 6.0 PureDisk Remote Office Edition authentication bypass
Published: 17.08.2006
Source: BUGTRAQ
SecurityVulns ID: 6501
Type: remote
Level: 5/10

Affected: SYMANTEC : Veritas NetBackup 6.0

Original document SYMANTEC, SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple MySQL security vulnerabilities
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6508
Type: local
Level: 6/10
Description: Privilege escalation with stored routine, privilege escalation with creating a database with the name different only in case from existing one.

Affected: ORACLE : MySQL 5.0

Original document SECUNIA, [SA21506] MySQL Create Database Bypass and Privilege Escalation (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple Globus Toolkit grid toolkit vulnerabilities
Published: 17.08.2006
Source: SECUNIA
SecurityVulns ID: 6509
Type: remote
Level: 5/10
Description: Race conditions. Symbolic links problem.

Affected: globus : Globus Toolkit 4.0
globus : Globus Toolkit 3.2

Original document SECUNIA, [SA21516] Globus Toolkit Multiple Vulnerabilities (17.08.2006)

Discuss: Read or add your comments to this news (0 comments)

test server