Multiple Linux kernel vulnerabilities
Published:		19.04.2006
Source:		LINUX
SecurityVulns ID:		6025
Type:		remote
Level:		6/10
Description:		Floating-point unit registers information leak, shared memory section elevated access. ip_route_input() multiplcast DoS.

Original document		LINUX, ChangeLog-2.6.16.9 (19.04.2006)
		LINUX, ChangeLog-2.6.16.8 (19.04.2006)
		LINUX, ChangeLog-2.6.16.6 (19.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Cisco IOS XR MPLS pacjets handling security vulnerabilities
Published:		19.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6026
Type:		remote
Level:		5/10
Description:		Multiple crashes on MPLS traffic processing.

Affected:

CISCO : IOS XR 3.2

Original document

CISCO, [Full-disclosure] Cisco Security Advisory: Cisco IOS XR MPLS Vulnerabilities (19.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Symantec Live Update for Macintosh privilege escalation updated since 18.04.2006
Published:		19.04.2006
Source:		SECUNIA
SecurityVulns ID:		6021
Type:		local
Level:		5/10
Description:		suid applications executes external application by relative path.

Affected:		SYMANTEC : LiveUpdate for Macintosh 3.0
		SYMANTEC : LiveUpdate for Macintosh 3.5

Original document		SYMANTEC, [Symantec Security Advisory] LiveUpdate for Macintosh Local Privilege Escalation (19.04.2006)
		SECUNIA, [SA19682] Symantec LiveUpdate for Machintosh Privilege Escalation (18.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		19.04.2006
Source:
SecurityVulns ID:		6023
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MAMBOSERVER : Mambo Server 4.6
		CUREPHP : CuteNews 1.4
		PLEXUM : PlexCart X3
		SWSOFT : Confixx 3.1
		BOARDSOLUTION : Boardsolution 1.12
		FUJU : fuju news 1.0
		PHPSURVEYOR : PHPSurveyor 0.995
		AWSTATS : AWStats 6.5
		PLEXUM : Plexum X5
		BANNERFARM : BannerFarm 2.3
		INTELLILINK : IntelliLink 5.06
		COMMUNIMAIL : CommuniMail 1.2
		VISALE : Visale 1.0
		PHPLISTER : phpLister 0.4
		INTERNETPHOTOSHO : Internet Photoshow 1.3
		PHPNETTOOLS : PHP Net Tools 2.7
		BLACKORPHEUS : Blackorpheus ClanMemberSkript 1.0
		PMTOOL : PMTool 1.2
		TOTALCALENDAR : TotalCalendar 2.0
		ACTUALSCRIPTS : ActualAnalyzer Lite 2.72
		ACTUALSCRIPTS : ActualAnalyzer Gold 7.63
		ACTUALSCRIPTS : ActualAnalyzer Server 8.23
		PHPFABER : phpFaber TopSites 1.9
		WARFORGE : warforge.NEWS 1.0
CVE:		CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure.)

Original document		SECUNIA, [SA19697] warforge.NEWS Multiple Vulnerabilities (19.04.2006)
		SECUNIA, [SA19652] phpFaber TopSites "page" Cross-Site Scripting Vulnerability (19.04.2006)
		susam.pal_(at)_gmail.com, XSS Vulnerability in Guest-book script powered by Community Architect (19.04.2006)
		Aesthetico, [MajorSecurity]ActualAnalyzer - Remote File Include Vulnerability (19.04.2006)
		SECUNIA, [SA19730] TotalCalendar "inc_dir" File Inclusion Vulnerability (19.04.2006)
		SECUNIA, [SA19654] Boardsolution "keyword" Cross-Site Scripting Vulnerability (19.04.2006)
		SECUNIA, [SA19685] PMTool "order" SQL Injection Vulnerabilities (19.04.2006)
		SECUNIA, [SA19726] Internet Photoshow "page" File Inclusion Vulnerability (19.04.2006)
		sn4k3.23_(at)_gmail.com, CuteNews 1.4.1 <= Cross Site Scripting (19.04.2006)
		Defa, [Full-disclosure] Confixx Index.PHP SQL Injection Vulnerability (Exploit - not new vuln) (19.04.2006)
		alireza hassani, [KAPDA::#41] - Mambo/Joomla rss component vulnerability (19.04.2006)
		botan_(at)_linuxmail.org, phpLister v. 0.4.1 XSS Attacking (19.04.2006)
		r0t, Visale XSS vuln. (19.04.2006)
		r0t, CommuniMail XSS vuln. (19.04.2006)
		r0t, IntelliLink Pro XSS vuln. (19.04.2006)
		r0t, BannerFarm XSS vuln. (19.04.2006)
		r0t, PlexCart X3 SQL Injection Vulnerability (19.04.2006)
		r0t, Plexum X5 SQL vuln. (19.04.2006)
		r0t, AWStats 6.5 vuln. (19.04.2006)
		omnipresent_(at)_email.it, phpsurveyor Multiple Vulnerabilities (19.04.2006)

Files:		PHP Net Tools Remote Code Execution Exploit
		Internet PhotoShow Remote File Inclusion Exploit
		Exploits Blackorpheus ClanMemberSkript 1.0 remote sql injection
		Exploits fuju news 1.0 remote sql injection
		Mambo/Joomla Path Disclosure & Remote DOS Exploit
Discuss:		Read or add your comments to this news (0 comments)

FreeBSD floating-point unit information leak
Published:		19.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6024
Type:		local
Level:		5/10
Description:		Internal registers state is not completely saved/restored during context switching.

Affected:		FREEBSD : FreeBSD 4.10
		FREEBSD : FreeBSD 5.3
		FREEBSD : FreeBSD 5.4
		FREEBSD : FreeBSD 4.11
		FREEBSD : FreeBSD 6.0
		FREEBSD : FreeBSD 6.1

Original document

FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:14.fpu (19.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple CiscoWorks Wireless LAN LAN Solution Engine / Cisco User Registration Tool / Cisco Hosting Solution Engine security vulnerabilities updated since 19.04.2006
Published:		20.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6027
Type:		remote
Level:		5/10
Description:		Crossite scripting, command line escape.

Affected:		CISCO : WLSE 2.13
		CISCO : URT 2.5

Original document		CISCO, Re: Multiple vulnerabilities in Linux based Cisco products (20.04.2006)
		assurance.com.au, Multiple vulnerabilities in Linux based Cisco products (20.04.2006)
		CISCO, [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities in the WLSE Appliance (19.04.2006)

Discuss:

Read or add your comments to this news (0 comments)