Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:18.11.2006
Source:
SecurityVulns ID:6839
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WORDPRESS : WordPress 2.0
 MGAPPLANIX : mg.applanix 1.3
 DOSEPA : DoSePa 1.0
 UPLOADTOOL : HTTP Upload Tool For PHP 1.0
 MINIOPENCMS : Mini Open CMS 1.0
 POWIE : Powie's PHP Forum 1.29
 POWIE : Powie's PHP MatchMaker 4.05
 MXBB : mxBB calsnails module 1.06
 ECCUBE : EC-CUBE 1.0
Original documentdocumentSECUNIA, [SA22925] EC-CUBE Unspecified Cross-Site Scripting Vulnerability (18.11.2006)
 documentbd0rk_(at)_hackermail.com, mxBB calsnails module 1.06 Remote File Inclusion Vulnerability (18.11.2006)
 documentSHiKaA-_(at)_hotmail.com, Powie's PHP MatchMaker <= v4.05 (matchdetail) Remote SQL Injection Exploit (18.11.2006)
 documentSHiKaA-_(at)_hotmail.com, Powie's PHP Forum <= v1.29a (editpoll) Remote SQL Injection Exploit (18.11.2006)
 documentCraig Heffner, HTTP Upload Tool (download.php) Information Disclosure Vulnerability (18.11.2006)
 documentCraig Heffner, DoSePa 1.0.4 (textview.php) Information Disclosure Vulnerability (18.11.2006)
 documentv1per-haCker, mg.applanix (RFI) (18.11.2006)
 documentlaurent gaffié, Dating Site [ login bypass & xss] (18.11.2006)
 documentlaurent gaffié, Infinitytechs Restaurants CM (18.11.2006)
 documentlaurent gaffié, 20/20 datashed [ multiples injection sql ] (18.11.2006)
 documentlaurent gaffié, Aspmforum [ multiples injection sql (get&post)] (18.11.2006)
 documentlaurent gaffié, 20/20 real estate [ multiples injection sql ] (18.11.2006)
 documentlaurent gaffié, 20/20 auto gallery [ multiples injection sql ] (18.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security] CPanel Network Tools Cross Site Scripting [Advisory] (18.11.2006)
 documentGENTOO, [ GLSA 200611-10 ] WordPress: Multiple vulnerabilities (18.11.2006)
 documentlaurent gaffié, Active News Manager [ injection sql (post&get)] (18.11.2006)
Files:MosReporter Joomla Component Remote File Inclusion Exploit
 Mini Open CMS <= 1.0.0 Local File Include Exploit

HP-UX WBEM DoS
Published:18.11.2006
Source:
SecurityVulns ID:6840
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentHP, [security bulletin] HPSBMA02088 SSRT051026 rev. 2 - HP-UX running WBEM Services Denial of Service (DoS) (18.11.2006)

TFTPD32 TFTP server buffer overflow
Published:18.11.2006
Source:
SecurityVulns ID:6841
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized filename.
Affected:TFTPD32 : TFTPD32 3.01
Original documentdocumentliuqx_(at)_nipc.org.cn, TFTPD32 v3.01 TFTP Server Long File Name Buffer Overflow Vulnerability (18.11.2006)

Computer Associates CA Internet Security / CA Personal Firewall privilege escalation
Published:18.11.2006
Source:
SecurityVulns ID:6842
Type:local
Threat Level:
5/10
Description:Insufficient TDI and NDIS hooked function paramters validation.
Original documentdocumentReversemode, [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. (18.11.2006)
Files:Exploits CA HIPS Engine Drivers Kernel Privilege Escalation
 Exploits CA HIPS Engine Drivers Kernel Privilege Escalation #1

Sun Java sandbox protection bypass
Published:18.11.2006
Source:
SecurityVulns ID:6843
Type:library
Threat Level:
5/10
Description:Swing library functions may access data from different applets.
Affected:SUN : JRE 1.5
 SUN : JDK 1.5
Original documentdocumentSECUNIA, [SA22910] Sun Java JRE Swing Library Applet Security Bypass (18.11.2006)

NetGear WG111 driver buffer overflow
Published:18.11.2006
Source:
SecurityVulns ID:6844
Type:remote
Threat Level:
7/10
Description:Buffer overflow on beakon frame parsing.
Affected:NETGEAR : NetGear WG111v2 Wireless Driver
Files:NetGear WG111v2 Wireless Driver Long Beacon Overflow (metasploit)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod