Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Live Update for Macintosh privilege escalation
updated since 18.04.2006
Published:19.04.2006
Source:
SecurityVulns ID:6021
Type:local
Threat Level:
5/10
Description:suid applications executes external application by relative path.
Affected:SYMANTEC : LiveUpdate for Macintosh 3.0
 SYMANTEC : LiveUpdate for Macintosh 3.5
Original documentdocumentSYMANTEC, [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation (19.04.2006)
 documentSECUNIA, [SA19682] Symantec LiveUpdate for Machintosh Privilege Escalation (18.04.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.04.2006
Source:
SecurityVulns ID:6023
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MAMBOSERVER : Mambo Server 4.6
 CUREPHP : CuteNews 1.4
 PLEXUM : PlexCart X3
 SWSOFT : Confixx 3.1
 BOARDSOLUTION : Boardsolution 1.12
 FUJU : fuju news 1.0
 PHPSURVEYOR : PHPSurveyor 0.995
 AWSTATS : AWStats 6.5
 PLEXUM : Plexum X5
 BANNERFARM : BannerFarm 2.3
 INTELLILINK : IntelliLink 5.06
 COMMUNIMAIL : CommuniMail 1.2
 VISALE : Visale 1.0
 PHPLISTER : phpLister 0.4
 INTERNETPHOTOSHO : Internet Photoshow 1.3
 PHPNETTOOLS : PHP Net Tools 2.7
 BLACKORPHEUS : Blackorpheus ClanMemberSkript 1.0
 PMTOOL : PMTool 1.2
 TOTALCALENDAR : TotalCalendar 2.0
 ACTUALSCRIPTS : ActualAnalyzer Lite 2.72
 ACTUALSCRIPTS : ActualAnalyzer Gold 7.63
 ACTUALSCRIPTS : ActualAnalyzer Server 8.23
 PHPFABER : phpFaber TopSites 1.9
 WARFORGE : warforge.NEWS 1.0
CVE:CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.)
Original documentdocumentSECUNIA, [SA19697] warforge.NEWS Multiple Vulnerabilities (19.04.2006)
 documentSECUNIA, [SA19652] phpFaber TopSites "page" Cross-Site Scripting Vulnerability (19.04.2006)
 documentsusam.pal_(at)_gmail.com, XSS Vulnerability in Guest-book script powered by Community Architect (19.04.2006)
 documentAesthetico, [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability (19.04.2006)
 documentSECUNIA, [SA19730] TotalCalendar "inc_dir" File Inclusion Vulnerability (19.04.2006)
 documentSECUNIA, [SA19654] Boardsolution "keyword" Cross-Site Scripting Vulnerability (19.04.2006)
 documentSECUNIA, [SA19685] PMTool "order" SQL Injection Vulnerabilities (19.04.2006)
 documentSECUNIA, [SA19726] Internet Photoshow "page" File Inclusion Vulnerability (19.04.2006)
 documentsn4k3.23_(at)_gmail.com, CuteNews 1.4.1 <= Cross Site Scripting (19.04.2006)
 documentDefa, [Full-disclosure] Confixx Index.PHP SQL Injection Vulnerability (Exploit - not new vuln) (19.04.2006)
 documentalireza hassani, [KAPDA::#41] - Mambo/Joomla rss component vulnerability (19.04.2006)
 documentbotan_(at)_linuxmail.org, phpLister v. 0.4.1 XSS Attacking (19.04.2006)
 documentr0t, Visale XSS vuln. (19.04.2006)
 documentr0t, CommuniMail XSS vuln. (19.04.2006)
 documentr0t, IntelliLink Pro XSS vuln. (19.04.2006)
 documentr0t, BannerFarm XSS vuln. (19.04.2006)
 documentr0t, PlexCart X3 SQL Injection Vulnerability (19.04.2006)
 documentr0t, Plexum X5 SQL vuln. (19.04.2006)
 documentr0t, AWStats 6.5 vuln. (19.04.2006)
 documentomnipresent_(at)_email.it, phpsurveyor Multiple Vulnerabilities (19.04.2006)
Files:PHP Net Tools Remote Code Execution Exploit
 Internet PhotoShow Remote File Inclusion Exploit
 Exploits fuju news 1.0 remote sql injection
 Exploits Blackorpheus ClanMemberSkript 1.0 remote sql injection
 Mambo/Joomla Path Disclosure & Remote DOS Exploit

FreeBSD floating-point unit information leak
Published:19.04.2006
Source:
SecurityVulns ID:6024
Type:local
Threat Level:
5/10
Description:Internal registers state is not completely saved/restored during context switching.
Affected:FREEBSD : FreeBSD 4.10
 FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 4.11
 FREEBSD : FreeBSD 6.0
 FREEBSD : FreeBSD 6.1
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:14.fpu (19.04.2006)

Multiple Linux kernel vulnerabilities
Published:19.04.2006
Source:
SecurityVulns ID:6025
Type:remote
Threat Level:
6/10
Description:Floating-point unit registers information leak, shared memory section elevated access. ip_route_input() multiplcast DoS.
Original documentdocumentLINUX, ChangeLog-2.6.16.9 (19.04.2006)
 documentLINUX, ChangeLog-2.6.16.8 (19.04.2006)
 documentLINUX, ChangeLog-2.6.16.6 (19.04.2006)

Multiple Cisco IOS XR MPLS pacjets handling security vulnerabilities
Published:19.04.2006
Source:
SecurityVulns ID:6026
Type:remote
Threat Level:
5/10
Description:Multiple crashes on MPLS traffic processing.
Affected:CISCO : IOS XR 3.2
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities (19.04.2006)

Multiple CiscoWorks Wireless LAN LAN Solution Engine / Cisco User Registration Tool / Cisco Hosting Solution Engine security vulnerabilities
updated since 19.04.2006
Published:20.04.2006
Source:
SecurityVulns ID:6027
Type:remote
Threat Level:
5/10
Description:Crossite scripting, command line escape.
Affected:CISCO : WLSE 2.13
 CISCO : URT 2.5
Original documentdocumentCISCO, Re: Multiple vulnerabilities in Linux based Cisco products (20.04.2006)
 documentassurance.com.au, Multiple vulnerabilities in Linux based Cisco products (20.04.2006)
 documentCISCO, [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance (19.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod