Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Firefox / Netscape / SeaMonkey vulnerabilities
updated since 14.04.2006
Published:18.04.2006
Source:
SecurityVulns ID:6011
Type:client
Threat Level:
8/10
Description:Crossite scripting, memory corruptions, buffer overflows, array overflows, integer overflows. Can be exploited to silently install malware code.
Affected:MOZILLA : Firefox 1.0
 NETSCAPE : Netscape 8.1
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
Original documentdocumentCERT, US-CERT Technical Cyber Security Alert TA06-107A -- Mozilla Products Contain Multiple Vulnerabilities (18.04.2006)
 documentZDI, [Full-disclosure] ZDI-06-009: Mozilla Firefox Tag Parsing Code Execution Vulnerability (17.04.2006)
 documentZDI, [Full-disclosure] ZDI-06-010: Mozilla Firefox CSS Letter-Spacing Heap Overflow Vulnerability (15.04.2006)
 documentSECUNIA, [SA19631] Firefox Multiple Vulnerabilities (14.04.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.04.2006
Source:
SecurityVulns ID:6018
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MODX : modx 0.9
 ARTICLEPUBLISHER : Article Publisher Pro 1.0
 BLUEPAY : BluePay Manager 2.0
 MODERNBILL : ModernBill 4.3
 LEADHOUND : Leadhound 2.1
 XFLOW : xFlow 5.46
 SHOUTBOOK : ShoutBOOK 1.1
 NEURONBLOG : Neuron Blog 1.1
 CZARNEWS : CzarNews 1.14
 TINYPHPFORUM : Tiny PHP forum 3.6
 WIREPLASTIK : wpBlog 0.4
 LINPHA : Linpha 1.1
 RECHNUNGSZENTRAL : RechnungsZentrale 2
CVE:CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in Neuron Blog 1.1 allow remote attackers to inject arbitrary SQL commands via the (1) commentname, (2) commentmail, (3) commentwebsite, and (4) comment parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumentGroundZero Security, [Full-disclosure] RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities (18.04.2006)
 documentd4igoro_(at)_gmail.com, Linpha 1.1.0 - XSS Vulnerabilities (18.04.2006)
 documentSECUNIA, [SA19645] MODx Cross-Site Scripting and Directory Traversal (18.04.2006)
 documentSECUNIA, [SA19716] Avaya CMS / IR "/proc" Denial of Service (18.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Wire Plastik wpBlog SQL Injection Vulnerability (18.04.2006)
 documentSteve, Neon Responder (Dos,Exploit) (18.04.2006)
 documentqex_(at)_bsdmail.org, AnimeGenesis <= XSS (18.04.2006)
 documentHessam Salehi, Tiny PHP forum - vulns (18.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities (18.04.2006)
 documentqex_(at)_bsdmail.org, Neuron Blog <= 1.1 XSS (18.04.2006)
 documentqex_(at)_bsdmail.org, ShoutBOOK <= 1.1 XSS (18.04.2006)
 documentr0t, BluePay Manager v2.0 Script Insertion Vulnerability (18.04.2006)
 documentr0t, ModernBill multiple SQL inj. vuln. (18.04.2006)
 documentr0t, Leadhound multiple vuln. (18.04.2006)
 documentr0t, xFlow v5.x multiple vuln. (18.04.2006)
 documentr0t, Article Publisher Pro SQL inj. (18.04.2006)

Neon Responder LANsurveyor add-on DoS
Published:18.04.2006
Source:
SecurityVulns ID:6019
Type:remote
Threat Level:
5/10
Description:Service crash on malformed TCP/4347 packet.
Affected:neon : Neon Responder 5.4
Original documentdocumentSteve, Neon Responder (Dos,Exploit) (18.04.2006)
Files:Neon Responder DoS

Symantec Live Update for Macintosh privilege escalation
updated since 18.04.2006
Published:19.04.2006
Source:
SecurityVulns ID:6021
Type:local
Threat Level:
5/10
Description:suid applications executes external application by relative path.
Affected:SYMANTEC : LiveUpdate for Macintosh 3.0
 SYMANTEC : LiveUpdate for Macintosh 3.5
Original documentdocumentSYMANTEC, [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation (19.04.2006)
 documentSECUNIA, [SA19682] Symantec LiveUpdate for Machintosh Privilege Escalation (18.04.2006)

Privilege escalation in IBM AIX rm_mlcache_file with file overwrite
updated since 18.04.2006
Published:24.04.2006
Source:
SecurityVulns ID:6022
Type:local
Threat Level:
5/10
Description:Race conditions on temporary file creation.
Affected:IBM : AIX 5.1
 IBM : AIX 5.2
 IBM : AIX 5.3
Original documentdocumentNSFOCUS, NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability (24.04.2006)
 documentSECUNIA, [SA19656] IBM AIX rm_mlcache_file Arbitrary File Overwrite (18.04.2006)

Xine media player format string vulnerability
updated since 18.04.2006
Published:02.05.2006
Source:
SecurityVulns ID:6020
Type:client
Threat Level:
6/10
Description:Format string bug on diagnostic message printing, including playlist files parsing.
Affected:XINE : xine 0.99
Original documentdocumentking_purba_(at)_yahoo.co.uk, XINE format string bugs when handling non existen file (02.05.2006)
 documentc0ntexb_(at)_gmail.com, [Full-disclosure] Remote Xine Format String Vulnerability (18.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod