 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 19.10.2006 | | Source: |  | | | SecurityVulns ID: |  | 6726 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | CorryL, {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit (19.10.2006) |
| | | CarcaBotx_(at)_yahoo.com, PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit (19.10.2006) |
| | | mahmood ali, PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability (19.10.2006) |
| | | mahmood ali, CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability (19.10.2006) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion (19.10.2006) |
| | | xp1o_(at)_msn.com, zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit (19.10.2006) |
| | | disfigure, Simplog 0.9.3.1 SQL Injection (19.10.2006) |
| | | disfigure, Boonex Dolphin 5.2 Remote File Inclusion (19.10.2006) |
| | | disfigure, Comdev One Admin 4.1 Remote File Inclusion (19.10.2006) |
| | | wacky_(at)_ihack.pl, phpAdsNew include bug! (19.10.2006) |
| | | erdc_(at)_echo.or.id, [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability (19.10.2006) |
| | | 3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?user_id? Script Insertion (19.10.2006) |
| | | 3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?file? Script Insertion (19.10.2006) |
| | | 3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?action? Script Insertion (19.10.2006) |
| | | the-free_kernel_(at)_b0rizq.net, [Xss] IN phplist v 2.10.2 (19.10.2006) |
| | | KaBaRa.HaCk.eGy_(at)_Gmail.com, osprey 1.0 (ListRecords.php) Remote File Include Vulnerability (19.10.2006) |
| | | mahmood ali, PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability (19.10.2006) |
| | | mahmood ali, PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability (19.10.2006) |
| | | erne_(at)_ernealizm.com, patchlodel-0.7.3 - Remote File Include Vulnerabilities (19.10.2006) |
| | | xx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in PHP-Wyana (2) (19.10.2006) |
| F5 Firepass crossite scripting | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6729 | | Type: | | remote | | Level: | | 5/10 | | Description: | | my.acctab.php3 sid parameter crossite scripting. |
| libksba DoS | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6730 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS on parsing X.509 certificate with trailing information. |
| Multiple HighWall IDS security vulnerabilities | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6733 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossie scripting and SQL injection in Web interface. |
| Asterisk remote buffer overflow | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6735 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on parsing Cisco Skinny VoIP protocol. |
| Weak IBM Lotus Notes client permissions | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6736 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Application folder has Everyone:Full Control permissions. |
| Affected: |  | IBM : Lotus Notes 6.5 | | | | IBM : Lotus Notes 7.0 | | CVE: |  | CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.) |
| HTTP header injection in Macromedia Flash plugin | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6731 | | Type: | | client | | Level: | | 5/10 |
| Opera buffer overflow | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6732 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on oversized URL. |
| Multiple Airmagnet security vulnerabilities | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6734 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting and SQL injection in Web interface. |
Multiple ClamAV antivirus security vulnerabilities
updated since 16.10.2006 | | Published: | | 19.10.2006 | | Source: | | SECUNIA | | SecurityVulns ID: | | 6725 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflow on PE files parsing, DoS on CHM parsing. |
| XSession race conditions | | Published: | | 19.10.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6727 | | Type: | | local | | Level: | | 5/10 | | Description: | | Race conditions allows different user to see error messages. |
Nvidia for Linux / Solaris graphic drivers buffer overflow
updated since 19.10.2006 | | Published: | | 03.11.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6728 | | Type: | | library | | Level: | | 5/10 | | Description: | | Integer overflow in _nv000053X function leads to buffer overflow. |
|
|
|
|
|
|
|
|
