Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:17.08.2006
Source:
SecurityVulns ID:6498
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPAY : Phpay 2.02
 WIKIWEBWEAVER : WikiWebWeaver 1.0
 NETCOMMONS : NetCommons 1.0
 SPIDEYBLOG : Spidey Blog Script 1.5
 PHPROJEKT : PHProjekt 5.1
 ZENCART : Zen Cart 1.3
 OWL : Owl Intranet Knowledgebase 0.90
 DISCLOSER : Discloser 0.0
Original documentdocumentSECUNIA, [SA21517] OPT Max "CRM_inc" Parameter File Inclusion Vulnerability (17.08.2006)
 documentSECUNIA, [SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection (17.08.2006)
 documentSECUNIA, [SA21454] phPay Open Mail Relay Vulnerability (17.08.2006)
 documentSECUNIA, [SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities (17.08.2006)
 documentSECUNIA, [SA21526] PHProjekt "path_pre"/"lib_path" File Inclusion Vulnerabilities (17.08.2006)
 documentSECUNIA, [SA21482] Spidey Blog Script "pid" SQL Injection Vulnerability (17.08.2006)
 documentSECUNIA, [SA21445] NetCommons Unspecified Cross-Site Scripting Vulnerability (17.08.2006)
 documentcrackers_child_(at)_sibersavascilar.com, HelpDesk.cgi Vulnerability (17.08.2006)
 documentcrackers_child_(at)_sibersavascilar.com, WikiWebWeaver 1.0 beta 2 Upload Shell Vulnerability (17.08.2006)
 documentcrackers_child_(at)_sibersavascilar.com, com_extcalendar(extcalendar.php) Remote File Include Vulnerabilities (17.08.2006)
 documentcrackers_child_(at)_sibersavascilar.com, dwodp Mambo Component Remote File Include Vulnerabilities (17.08.2006)
Files:Exploits discloser 0.0.4 Remote File Inclusion

ShockwaveFlash ActiveX buffer overflow
Published:17.08.2006
Source:
SecurityVulns ID:6499
Type:client
Threat Level:
4/10
Description:Stack overflow (stack memory exhaustion) on oversized hostname in AllowScriptAccess property ftp:// URL.
Original documentdocumentMr.Niega_(at)_gmail.com, ShockwaveFlash 9 (Stack overflow) (17.08.2006)
Files:ShockwaveFlash 9 Stack overflow PoC exploits
 ShockwaveFlash 9 Stack overflow PoC exploits (2)

HP-UX DoS
Published:17.08.2006
Source:
SecurityVulns ID:6500
Type:local
Threat Level:
5/10
Description:Support Tools Manager DoS, Trusted Mode DoS.
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBUX02141 SSRT51153 rev.1 - HP-UX in Trusted mode, Local Denial of Service (DoS) (17.08.2006)
 documentHP, [security bulletin] HPSBUX02115 SSRT061077 rev.2 - HP-UX running Support Tools Manager (xstm, cstm, stm) Local Denial of Service (DoS) (17.08.2006)

Symantec Veritas NetBackup 6.0 PureDisk Remote Office Edition authentication bypass
Published:17.08.2006
Source:
SecurityVulns ID:6501
Type:remote
Threat Level:
5/10
Affected:SYMANTEC : Veritas NetBackup 6.0
Original documentdocumentSYMANTEC, SYM06-16 Symantec NetBackup PureDisk Remote Office Edition Elevation of Privilege (17.08.2006)

IBM eGatherer ActiveX buffer overflow
Published:17.08.2006
Source:
SecurityVulns ID:6502
Type:client
Threat Level:
6/10
Description:Buffer overflow on oversized RunEgatherer method's parameter.
Affected:IBM : eGatherer 3.20
Original documentdocumentEEYE, [Full-disclosure] [EEYEB-20060703] IBM eGatherer ActiveX Code Execution Vulnerability (17.08.2006)
Files:IBM eGatherer ActiveX PoC
 IBM eGatherer ActiveX Code Execution PoC

Multiple 04WebServer security vulnerabilities
Published:17.08.2006
Source:
SecurityVulns ID:6503
Type:remote
Threat Level:
5/10
Description:Crossite scripting, user identification bypass.
Affected:SOFT3304 : 04WebServer 1.83
Original documentdocumentSECUNIA, [SA21504] 04WebServer Cross-Site Scripting and Security Bypass (17.08.2006)

Multiple Novell eDirectory security vulnerabilities
Published:17.08.2006
Source:
SecurityVulns ID:6504
Type:remote
Threat Level:
5/10
Description:Remote Denial of Service, cleartext password in log files.
Original documentdocumentSECUNIA, [SA21496] Novell eDirectory Denial of Service and Password Exposure (17.08.2006)

Solaris race conditions
Published:17.08.2006
Source:
SecurityVulns ID:6505
Type:local
Threat Level:
5/10
Description:Race condition on netstat or SNMP query during ifconfig causes DoS.
Affected:ORACLE : Solaris 10
Original documentdocumentSECUNIA, [SA21471] Sun Solaris netstat/SNMP queries and ifconfig Race Condition (17.08.2006)

Multiple Sony Vaio Media Integrated Server security vulnerabilities
Published:17.08.2006
Source:
SecurityVulns ID:6506
Type:remote
Threat Level:
5/10
Description:Buffer overflow, durectory traversal.
Affected:SONY : Vaio Media Server 5.0
Original documentdocumentSECUNIA, [SA21512] Sony VAIO Media Integrated Server Two Vulnerabilities (17.08.2006)

XFree86 / X11.org integer overflow
Published:17.08.2006
Source:
SecurityVulns ID:6507
Type:local
Threat Level:
5/10
Description:Integer overflow on PCF fonts parsing.
Affected:XFREE : XFree86 4.3
 XFREE : XFree86 4.6
 XORG : X11 6.9
 XFREE : XFree86 4.5
 XFREE : XFree86 4.4
 XORG : X11 7.0
Original documentdocumentSECUNIA, [SA21446] XFree86 PCF Integer Overflow Vulnerabilities (17.08.2006)

Multiple MySQL security vulnerabilities
Published:17.08.2006
Source:
SecurityVulns ID:6508
Type:local
Threat Level:
6/10
Description:Privilege escalation with stored routine, privilege escalation with creating a database with the name different only in case from existing one.
Affected:ORACLE : MySQL 5.0
Original documentdocumentSECUNIA, [SA21506] MySQL Create Database Bypass and Privilege Escalation (17.08.2006)

Multiple Globus Toolkit grid toolkit vulnerabilities
Published:17.08.2006
Source:
SecurityVulns ID:6509
Type:remote
Threat Level:
5/10
Description:Race conditions. Symbolic links problem.
Affected:globus : Globus Toolkit 4.0
 globus : Globus Toolkit 3.2
Original documentdocumentSECUNIA, [SA21516] Globus Toolkit Multiple Vulnerabilities (17.08.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod