 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 18.09.2006 | | Source: |  | | | SecurityVulns ID: |  | 6622 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | ali_(at)_hackerz.ir, easypage.org >> v7 sql injection (18.09.2006) |
| | | HACKERS PAL, Limbo - Lite Mambo CMS Multiple Vulnerabilities (18.09.2006) |
| | | p3rlhax_(at)_gmail.com, Roller Weblogger XSS vulnerability (18.09.2006) |
| | | x0r0n_(at)_hotmail.com, BolinOS v.4.5.5 <= (gBRootPath) Remote File Include Vulnerability (18.09.2006) |
| | | bius_(at)_mac.com, SolpotCrew Advisory #10 - phpBB XS (phpbb_root_path) Remote File Include (18.09.2006) |
| | | bius_(at)_mac.com, SolpotCrew Advisory #11 - ReviewPost 2.5 (RP_PATH) Remote File Inclusion (18.09.2006) |
| | | l0x3_(at)_hotmail.com, ppalCart V(2.5 EE) Remote File Inclusion (18.09.2006) |
| | | HACKERS PAL, MyBB Full path and Cross site scripting vulnerabilities (18.09.2006) |
| | | HACKERS PAL, Signkorn Guestbook <= v1.3 Multiple Remote File Include Vulnerabilities (18.09.2006) |
| | | HACKERS PAL, Jupiter CMS Multiple injections (18.09.2006) |
| | | ajannhwt_(at)_hotmail.com, Complain Center v1(loginprocess.asp) Admin ByPASS SQL Injection (18.09.2006) |
| | | erne_(at)_ernealizm.com, mcLinksCounter v1.1 - Remote File Include Vulnerabilities (18.09.2006) |
| | | ajannhwt_(at)_hotmail.com, ClickBlog! <= v2.0 (default.asp) Admin ByPASS SQL Injection (18.09.2006) |
| | | MustLive, Уязвимости в Subscribe To Comments (18.09.2006) |
IpSwitch WS_FTP Server buffer overflow
updated since 18.09.2006 | | Published: | | 27.09.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6624 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Buffer overflow in XCRC, XSHA1, XMD5, Checksum FTP commands. |
Symantec Norton Personal Firewall / Norton Internet Security buffer overflow
updated since 18.09.2006 | | Published: | | 15.03.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6623 | | Type: | | local | | Level: | | 5/10 | | Description: | | \Device\SymEvent driver interface buffer overflow. |
| Affected: |  | SYMANTEC : Norton Personal Firewall 2006 | | | | SYMANTEC : Norton Internet Security 2006 | | CVE: |  | CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.1.7, and possibly other products using symevent.sys 12.0.0.20, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data, a reintroduction of CVE-2006-4855.) | | | | CVE-2007-1476 (The SymTDI driver in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, and possibly Norton Internet Security 2006 and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.) | | | | CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.) |
|
|
|
|
|
|
|
|
