Search:Vulnerability:17.09.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Arc symbolic links problem
Published: 17.09.2005
Source: BUGTRAQ
SecurityVulns ID: 5229
Type: local
Level: 5/10
Description: Insecure temporary files creation.

Affected: ARC : arc 5.21

Original document ZATAZ.net, arc insecure temporary file creation (17.09.2005)

Discuss: Read or add your comments to this news (0 comments)

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 12.09.2005
Published: 17.09.2005
Source:
SecurityVulns ID: 5200
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: AZDG : AzDGDatingLite 2.1
HOSTINGCONTROLLE : Hosting Controller 6.1
PUNBB : PunBB 1.2
SAWMILL : Sawmill 7.1
ATUTOR : ATutor 1.5
MYGUESTBOOK : MyGuestbook 0.6
MALL23 : Mall23
SAWMILL : Sawmill 7.0
PHPNUKE : PHP-Nuke 7.8
SITEINTERACTIVE : Subscribe Me Pro 2.044
SILVEREX : X-Chat 2.4
HANDYADDRESSBOOK : Handy Address Book Server 1.1
TWIKI : TWikiRelease02Sep2004
DELUXEBB : DeluxeBB 1.0
NOAH : Classifieds 1.3
DIGITALSCRIBE : Digital Scribe 1.4
AEWEBWORKS : aeDating 4.0
MIVA : MIVA Merchant 5
TAC : Vista Webstation 3.0

Original document CIRT Advisory, [Full-disclosure] [CIRT.DK - Advisory 37] TAC Vista Webstation 3.0 Directory Traversal bug in webinterface (17.09.2005)

SECUNIA, [SA16843] PHP-Nuke Unspecified wysiwyg Editor Vulnerabilities (16.09.2005)

SECUNIA, [SA16841] Digital Scribe "username" SQL Injection (16.09.2005)

document admin_(at)_hyperconx.com, XSS Vulnerability in MIVA Merchant 5 - Includes Fix (16.09.2005)

alexsrb_(at)_netsite.com, Online Dating Software by AEwebworks - aeDating Script <= 4.0 Version Vulnerability (16.09.2005)

SECUNIA, [SA16824] Hosting Controller Unspecified Disclosure of Sensitive Information (15.09.2005)

document SECUNIA, [SA16813] ATutor Password Reminder SQL Injection Vulnerability (15.09.2005)

rod hedor, Remote File Inclusion in MyGuestbook (15.09.2005)

retrogod_(at)_aliceposta.it, Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution (15.09.2005)

Sap ., TWiki Remote Command Execution Vulnerability (15.09.2005)

document alireza hassani, SQL injection & XSS in phpoutsourcing Noah's classifieds (15.09.2005)

SECUNIA, [SA16826] Noah's Classified SQL Injection and Cross-Site Scripting (15.09.2005)

SECUNIA, [SA16819] DeluxeBB SQL Injection Vulnerabilities (15.09.2005)

SECUNIA, [SA16820] TWiki "rev" Shell Command Injection Vulnerability (15.09.2005)

document retrogod_(at)_aliceposta.it, ATutor 1.5.1 SQL Injection / Admin credentials disclosure / remote code execution (14.09.2005)

SECUNIA, [SA16798] Handy Address Book Server SEARCHTEXT Cross-Site Scripting (14.09.2005)

retrogod_(at)_aliceposta.it, AzDGDatingLite V 2.1.3 remote code execution (13.09.2005)

document povilas_(at)_critical.lt, Denial of service vulnerability in X-Chat for Windows from Silverex.org (13.09.2005)

h4cky0u, [Full-disclosure] Subscribe Me Pro 2.044.09P and prior Directory Traversal Vulnerability (13.09.2005)

r.verton_(at)_gmail.com, PHP Nuke <= 7.8 Multiple SQL Injections (13.09.2005)

document Mark Terry, [Full-disclosure] Sawmill XSS vuln (12.09.2005)

SECUNIA, [SA16775] PunBB Multiple Vulnerabilities (12.09.2005)

SECUNIA, [SA16778] Mall23 eCommerce "idPage" SQL Injection Vulnerability (12.09.2005)

Discuss: Read or add your comments to this news (0 comments)

YaST packages management system weak permissions
Published: 17.09.2005
Source: BUGTRAQ
SecurityVulns ID: 5228
Type: local
Level: 5/10
Description: /var/adm/YaST/InstSrcManager/IS_CACHE_0x0000000X/DATA/descr file is world writable. There is a buffer overflow on oversized package location while parsing this file.

Affected: SUSE : SUSE LINUX 9.3

Original document l0om, worring about YaST in SuSE 9.3 and maybe lower (17.09.2005)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin