Search:Vulnerability:18.06.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP, ASP, CGI web applications security vulnerabilities
updated since 14.06.2005
Published: 18.06.2005
Source:
SecurityVulns ID: 4883
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected: PAFILEDB : paFileDB 3.1
UPB : Ultimate PHP Board 1.9
SQUIRRELMAIL : squirrelmail 1.4
SINGAPORE : singapore 0.9
E107 : E107 0.617
MAMBO : Mambo 4.5
XAMPP : XAMPP 1.4
AWSD : WebHints 1.03
INTERACTIVEPHP : FusionBB 0.11
PHPFORUMS : McGallery 1.1
BITRIX : Bitrix Site Manager 4.0
1TWO : Annuaire 1Two 1.0
DOKEOS : Dokeos 1.5
COOLCAFE : Cool Cafe Chat 1.2
ATUTOR : ATutor 1.4
ATUTOR : ATutor 1.5
CONTELLIGENT : Contelligent 9.0
AMAROK : amaroK Web Frontend 1.3
AJAX : ajax-spell 1.7

Original document SECUNIA, [SA15736] amaroK Web Frontend Exposure of User Credentials (18.06.2005)

SECUNIA, [SA15738] Contelligent Preview Privilege Escalation Vulnerability (17.06.2005)

SECUNIA, [SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure (17.06.2005)

SECUNIA, [SA15705] ATutor Cross-Site Scripting Vulnerabilities (17.06.2005)

document morning_wood, [Full-disclosure] CoolCafe Chat SQL injection (17.06.2005)

Marc Ruef, e107 v0.617 several new and old vulnerabilities (17.06.2005)

SQUIRRELMAIL, [SM-ANNOUNCE] Patch fixes SquirrelMail cross site scripting vulnerabilities [CAN-2005-1769] (17.06.2005)

Alberto Trivero, M4DR007-06SA (security advisory): Multiple vulnerabilities in UPB 1.9.6 GOLD (17.06.2005)

document Sieg Fried, [Full-disclosure] Dokeos - Multiple Vulnerabilities (16.06.2005)

SECUNIA, [SA15708] Annuaire 1Two Cross-Site Scripting and Script Insertion (16.06.2005)

Emanuele "MadSheep" Gentili, MADSHEEP-05SA (security advisory): WebHints <= v1.03 Remote Command Execution Vulnerability (16.06.2005)

document pokleyzz, Mambo 4.5.2.2 SQL Injection in UPDATE statement (16.06.2005)

JeiAr, Multiple paFileDB Vulnerabilities (16.06.2005)

D_BuG, Vulnerability: Bitrix Web Server Paths (16.06.2005)

D_BuG, Vulnerability: Bitrix Php inclusion (16.06.2005)

D_BuG, Vulnerability: McGallery v 1.1 Mysql DB including (16.06.2005)

document D_BuG, Vulnerability: McGallery v 1.1 files reading on disk (16.06.2005)

JeiAr, FusionBB Multiple Vulnerabilities (16.06.2005)

ActionSpider_(at)_linuxmail.com, Remote Exploit for Web_store.cgi (16.06.2005)

thegreatone2176_(at)_yahoo.com, singapore v0.9.11 cross site scripting and path disclosure (14.06.2005)

document blackshoe_(at)_gmail.com, File Upload Manager Sploits (14.06.2005)

Files: Passwords Decrypter for UPB <= 1.9.6
Discuss: Read or add your comments to this news (0 comments)

fig2vect drawing format convertor buffer overflow
Published: 18.06.2005
Source: SECUNIA
SecurityVulns ID: 4905
Type: local
Level: 5/10
Description: Buffer overflow in pdf_encode_str() while converting text to PDF format.

Affected: FIG2VECT : fig2vect 1.0

Original document SECUNIA, [SA13637] fig2vect "pdf_encode_str()" Buffer Overflow Vulnerability (18.06.2005)

Discuss: Read or add your comments to this news (0 comments)

JBoss application server information leak
Published: 18.06.2005
Source: BUGTRAQ
SecurityVulns ID: 4906
Type: remote
Level: 5/10
Description: Insuficcient request validation allows to obtain server installation, configuration and version information.

Affected: JBOSS : JBoss 3.2
JBOSS : JBoss 4.0

Original document Marc Schoenefeld, JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting (18.06.2005)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod