Computer Security
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.11.2006
Source:
SecurityVulns ID:6839
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.0
 MGAPPLANIX : mg.applanix 1.3
 DOSEPA : DoSePa 1.0
 UPLOADTOOL : HTTP Upload Tool For PHP 1.0
 MINIOPENCMS : Mini Open CMS 1.0
 POWIE : Powie's PHP Forum 1.29
 POWIE : Powie's PHP MatchMaker 4.05
 MXBB : mxBB calsnails module 1.06
 ECCUBE : EC-CUBE 1.0
Original documentdocumentSECUNIA, [SA22925] EC-CUBE Unspecified Cross-Site Scripting Vulnerability (18.11.2006)
 documentbd0rk_(at)_hackermail.com, mxBB calsnails module 1.06 Remote File Inclusion Vulnerability (18.11.2006)
 documentSHiKaA-_(at)_hotmail.com, Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit (18.11.2006)
 documentSHiKaA-_(at)_hotmail.com, Powie's PHP Forum <= v1.29a (editpoll) Remote SQL Injection Exploit (18.11.2006)
 documentCraig Heffner, HTTP Upload Tool (download.php) Information Disclosure Vulnerability (18.11.2006)
 documentCraig Heffner, DoSePa 1.0.4 (textview.php) Information Disclosure Vulnerability (18.11.2006)
 documentv1per-haCker, mg.applanix (RFI) (18.11.2006)
 documentlaurent gaffié, Dating Site [ login bypass & xss] (18.11.2006)
 documentlaurent gaffié, Infinitytechs Restaurants CM (18.11.2006)
 documentlaurent gaffié, 20/20 datashed [ multiples injection sql ] (18.11.2006)
 documentlaurent gaffié, Aspmforum [ multiples injection sql (get&post)] (18.11.2006)
 documentlaurent gaffié, 20/20 real estate [ multiples injection sql ] (18.11.2006)
 documentlaurent gaffié, 20/20 auto gallery [ multiples injection sql ] (18.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory] (18.11.2006)
 documentGENTOO, [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities (18.11.2006)
 documentlaurent gaffié, Active News Manager [ injection sql (post&get)] (18.11.2006)
Files:MosReporter Joomla Component Remote File Inclusion Exploit
 Mini Open CMS <= 1.0.0 Local File Include Exploit
Discuss:Read or add your comments to this news (0 comments)

HP-UX WBEM DoS
Published:18.11.2006
Source:BUGTRAQ
SecurityVulns ID:6840
Type:remote
Level:5/10
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS) (18.11.2006)
Discuss:Read or add your comments to this news (0 comments)

TFTPD32 TFTP server buffer overflow
Published:18.11.2006
Source:BUGTRAQ
SecurityVulns ID:6841
Type:remote
Level:5/10
Description:Buffer overflow on oversized filename.
Affected:TFTPD32 : TFTPD32 3.01
Original documentdocumentliuqx_(at)_nipc.org.cn, TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability (18.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Sun Java sandbox protection bypass
Published:18.11.2006
Source:SECUNIA
SecurityVulns ID:6843
Type:library
Level:5/10
Description:Swing library functions may access data from different applets.
Affected:SUN : JRE 1.5
 SUN : JDK 1.5
Original documentdocumentSECUNIA, [SA22910] Sun Java JRE Swing Library Applet Security Bypass (18.11.2006)
Discuss:Read or add your comments to this news (0 comments)

NetGear WG111 driver buffer overflow
Published:18.11.2006
Source:METASPLOIT
SecurityVulns ID:6844
Type:remote
Level:7/10
Description:Buffer overflow on beakon frame parsing.
Affected:NETGEAR : NetGear WG111v2 Wireless Driver
Files:NetGear WG111v2 Wireless Driver Long Beacon Overflow (metasploit)
Discuss:Read or add your comments to this news (0 comments)

libpng DoS
updated since 16.11.2006
Published:18.11.2006
Source:SECUNIA
SecurityVulns ID:6836
Type:library
Level:6/10
Description:Out-of-bounds reading in png_set_sPLT().
Affected:libpng : libpng 1.2
 PXELINUX : pxelinux 3.20
 SYSLINUX : syslinux 3.20
 DOXYGEN : doxygen 1.4
 CHROMIUM : chromium 0.9
Original documentdocumentMANDRIVA, [ MDKSA-2006:213 ] - Updated chromium packages to fix embedded libpng vulnerabilities (18.11.2006)
 documentMANDRIVA, [ MDKSA-2006:212 ] - Updated doxygen packages to fix embedded libpng vulnerabilities (18.11.2006)
 documentMANDRIVA, [ MDKSA-2006:210 ] - Updated syslinux packages to fix embedded libpng vulnerabilities (18.11.2006)
 documentSECUNIA, [SA22900] libpng sPLT Chunk Handling Denial of Service (16.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Computer Associates CA Internet Security / CA Personal Firewall privilege escalation
Published:18.11.2006
Source:BUGTRAQ
SecurityVulns ID:6842
Type:local
Level:5/10
Description:Insufficient TDI and NDIS hooked function paramters validation.
Original documentdocumentReversemode, [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. (18.11.2006)
Files:Exploits CA HIPS Engine Drivers Kernel Privilege Escalation #1
 Exploits CA HIPS Engine Drivers Kernel Privilege Escalation
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 



Rating@Mail.ru
test server