Linux kernel DoS
Published:		19.09.2006
Source:		BUGTRAQ
SecurityVulns ID:		6625
Type:		local
Level:		5/10
Description:		Special SO_LINGER value for SCTP socket causes system to crash. ELF loader vulnerability on 64-bit system causes system to crash on malformed ELF binary.

Affected:

LINUX : kernel 2.6

Original document		UBUNTU, [Full-disclosure] [USN-347-1] Linux kernel vulnerabilities (19.09.2006)
		UBUNTU, [Full-disclosure] [USN-347-1] Linux kernel vulnerabilities (19.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		19.09.2006
Source:
SecurityVulns ID:		6627
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		ARTMEDIC : Artmedic Links 5.0
		MOODLE : Moodle 1.6
		MYBB : MyBB 1.2
		TECHNODREAMS : Techno Dreams FAQ Manager 1.0
		TECHNODREAMS : Techno Dreams Articles&Papers 2.0
		ECARDPRO : ECardPro 2.0
		PLUMECMS : Plume CMS 1.1
		HITWEB : HitWeb 3.0
		CHARON : Charon Cart 3
		QUADCOMM : Q-Shop 3.5
		ESHIPPINGPRO : EShoppingPro 1.0
		PHOTOPOST : PhotoPost PHP 4.6
CVE:		CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka MyBulletinBoard) 1.2.2 allows remote attackers to send messages to arbitrary users. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.)
		CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.)
		CVE-2006-7021 (PHP remote file inclusion vulnerability in manager/tools/link/dbinstall.php in Plume CMS 1.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter.)

Original document		ali_(at)_hackerz.ir, BizDirectory all version xss (19.09.2006)
		AG- Spider, PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability (19.09.2006)
		Omid, Sql injection in Moodle (19.09.2006)
		HACKERS PAL, MyBB 1.2 Full path and Cross site scripting vulnerabilities (19.09.2006)
		ajannhwt_(at)_hotmail.com, Q-Shop v3.5(browse.asp) Remote SQL Injection Vulnerability (19.09.2006)
		ajannhwt_(at)_hotmail.com, EShoppingPro v1.0(search_run.asp) Remote SQL Injection Vulnerability (19.09.2006)
		ajannhwt_(at)_hotmail.com, Charon Cart v3(Review.asp) Remote SQL Injection Vulnerability (19.09.2006)
		erne_(at)_ernealizm.com, HitWeb v3.0 - Remote File Include Vulnerabilities (19.09.2006)
		D3nGeR_(at)_Gmail.CoM, Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability (19.09.2006)
		HACKERS PAL, PHP-Post Multiple Input Validation Vulnerabilities (19.09.2006)
		simo64_(at)_morx.org, PHPQuiz Multiple Remote Vulnerabilites (19.09.2006)
		ali_(at)_hackerz.ir, NixieAffiliate all version bypass admin and xss (19.09.2006)
		ajannhwt_(at)_hotmail.com, ECardPro v2.0(search.asp) Remote SQL Injection Vulnerability (19.09.2006)
		ajannhwt_(at)_hotmail.com, Techno Dreams Articles&Papers Package <=v2.0(ArticlesTableview.asp) Remote SQL Injection Vulnerability (19.09.2006)
		ajannhwt_(at)_hotmail.com, Techno Dreams FAQ Manager Package v1.0(faqview.asp) Remote SQL Injection Vulnerability (19.09.2006)
		azzcoder_(at)_hotmail.com, AzzCoder => PNphpBB (Latest) Remote File Include (19.09.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 27] Artmedic Links Script Remote File Include Vulnerability (19.09.2006)
		meto5757_(at)_hotmail.com, eSyndiCat Portal System XSS Vuln. (19.09.2006)

Files:		PHPQuiz v.1.2 Remote SQL injection/Code Execution Exploit
		PHP-post remote sql injection make phpshell
Discuss:		Read or add your comments to this news (0 comments)

Busy Box web server directory traversal
Published:		19.09.2006
Source:		BUGTRAQ
SecurityVulns ID:		6628
Type:		remote
Level:		5/10
Description:		Directory traversal with /%2e%2e.

Affected:

BUSYBOX : busy box 1.01

Original document

bug-finder_(at)_hotmail.com, Busy box httpd file traversal vulenrability (19.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

Symantec Antivirus format string security vulnerability updated since 14.09.2006
Published:		19.09.2006
Source:		BUGTRAQ
SecurityVulns ID:		6618
Type:		local
Level:		5/10
Description:		Format string vulnerability in Virus Alert Notification Message templates.

Affected:		SYMANTEC : Symantec AntiVirus Corporate Edition 9.0
		SYMANTEC : Symantec Client Security 3.0
		SYMANTEC : Symantec AntiVirus Corporate Edition 10.0
		SYMANTEC : Symantec AntiVirus Corporate Edition 8.1

Original document		SYMANTEC, Symantec Security Advisory: Symantec AntiVirus Corporate Edition (19.09.2006)
		Deral Heiland, [Full-disclosure] Layered Defense Advisory: Symantec AV Corporate Edition Format String Vulnerability (14.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple gzip security vulnerabilities updated since 19.09.2006
Published:		07.03.2007
Source:		BUGTRAQ
SecurityVulns ID:		6626
Type:		library
Level:		7/10
Description:		Buffer overflow, NULL pointer dereference, inifnite loop.

Affected:		gzip : gzip 1.3
CVE:		CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.)
		CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.)
		CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.)
		CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability.")
		CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.)

Original document		HP, [security bulletin] HPSBUX02195 SSRT061237 rev.1 - HP-UX Running Software Distributor (SD), Remote Denial of Service (DoS) (07.03.2007)
		FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:21.gzip (19.09.2006)

Discuss:

Read or add your comments to this news (0 comments)