Computer Security
[EN] securityvulns.ru no-pyccku


Multiple ClamAV antivirus security vulnerabilities
updated since 16.10.2006
Published:19.10.2006
Source:
SecurityVulns ID:6725
Type:remote
Threat Level:
7/10
Description:Buffer overflow on PE files parsing, DoS on CHM parsing.
Affected:CLAMAV : ClamAV 0.88
Original documentdocumentIDEFENSE, Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability (19.10.2006)
 documentIDEFENSE, Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability (19.10.2006)
 documentSECUNIA, [SA22370] Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities (16.10.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:19.10.2006
Source:
SecurityVulns ID:6726
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : phpBB 2.0
 PHPADSNEW : phpAdsNew 2.0
 ZORUM : zorum 3.5
 PHPLIST : phpList 2.10
 SIMPLOG : simplog 0.9
 TORRENTXLUX : TorrentFlux 2.1
 LODEL : patchlodel 0.7
 PHPFORGE : PHP Forge 3b2
 OSPREY : osprey 1.0
 COMDEV : Comdev One Admin 4.1
 BOONEX : Boonex Dolphin 5.2
 PPOPN : P-Book
 CSFORUM : CS-Forum 0.82
 PHPRECIPEBOOK : PHPRecipeBook 2.35
 WEVWEB : DEV Web Manager System 1.5
 JOOMLA : Joomla BSQ Sitestats 1.8
 JOOMLA : Joomla BSQ Sitestats 2.0
Original documentdocumentCorryL, {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit (19.10.2006)
 documentCarcaBotx_(at)_yahoo.com, PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit (19.10.2006)
 documentmahmood ali, PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability (19.10.2006)
 documentmahmood ali, CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability (19.10.2006)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion (19.10.2006)
 documentxp1o_(at)_msn.com, zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit (19.10.2006)
 documentdisfigure, Simplog 0.9.3.1 SQL Injection (19.10.2006)
 documentdisfigure, Boonex Dolphin 5.2 Remote File Inclusion (19.10.2006)
 documentdisfigure, Comdev One Admin 4.1 Remote File Inclusion (19.10.2006)
 documentwacky_(at)_ihack.pl, phpAdsNew include bug! (19.10.2006)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability (19.10.2006)
 document3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?user_id? Script Insertion (19.10.2006)
 document3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?file? Script Insertion (19.10.2006)
 document3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?action? Script Insertion (19.10.2006)
 documentthe-free_kernel_(at)_b0rizq.net, [Xss] IN phplist v 2.10.2 (19.10.2006)
 documentKaBaRa.HaCk.eGy_(at)_Gmail.com, osprey 1.0 (ListRecords.php) Remote File Include Vulnerability (19.10.2006)
 documentmahmood ali, PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability (19.10.2006)
 documentmahmood ali, PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability (19.10.2006)
 documenterne_(at)_ernealizm.com, patchlodel-0.7.3 - Remote File Include Vulnerabilities (19.10.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in PHP-Wyana (2) (19.10.2006)

XSession race conditions
Published:19.10.2006
Source:
SecurityVulns ID:6727
Type:local
Threat Level:
5/10
Description:Race conditions allows different user to see error messages.
Affected:XINIT : xinit 1.0
Original documentdocumentUBUNTU, [USN-364-1] Xsession vulnerability (19.10.2006)

F5 Firepass crossite scripting
Published:19.10.2006
Source:
SecurityVulns ID:6729
Type:remote
Threat Level:
5/10
Description:my.acctab.php3 sid parameter crossite scripting.
Affected:F5 : FirePass 1000
Original documentdocumentProCheckUp Research, PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting (19.10.2006)

libksba DoS
Published:19.10.2006
Source:
SecurityVulns ID:6730
Type:remote
Threat Level:
5/10
Description:DoS on parsing X.509 certificate with trailing information.
Affected:LIBKSBA : libksba 0.9
Original documentdocumentUBUNTU, [USN-365-1] libksba vulnerability (19.10.2006)

HTTP header injection in Macromedia Flash plugin
Published:19.10.2006
Source:
SecurityVulns ID:6731
Type:client
Threat Level:
5/10
Affected:MACROMEDIA : Flash Pleayer plugin 9.0
Original documentdocumentRapid 7 Security Advisories, Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin (19.10.2006)

Opera buffer overflow
Published:19.10.2006
Source:
SecurityVulns ID:6732
Type:remote
Threat Level:
7/10
Description:Buffer overflow on oversized URL.
Affected:OPERA : Opera 9.0
 OPERA : Opera 9.01
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability (19.10.2006)

Multiple HighWall IDS security vulnerabilities
Published:19.10.2006
Source:
SecurityVulns ID:6733
Type:remote
Threat Level:
5/10
Description:Crossie scripting and SQL injection in Web interface.
Original documentdocumentnoreply_(at)_ptsecurity.ru, Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface (19.10.2006)

Multiple Airmagnet security vulnerabilities
Published:19.10.2006
Source:
SecurityVulns ID:6734
Type:remote
Threat Level:
5/10
Description:Crossite scripting and SQL injection in Web interface.
Original documentdocumentnoreply_(at)_ptsecurity.ru, Airmagnet management interfaces multiple vulnerabilities (19.10.2006)

Asterisk remote buffer overflow
Published:19.10.2006
Source:
SecurityVulns ID:6735
Type:remote
Threat Level:
7/10
Description:Buffer overflow on parsing Cisco Skinny VoIP protocol.
Affected:ASTERISK : Asterisk 1.0
 ASTERISK : Asterisk 1.2
Original documentdocumentAdam Boileau, Security-Assessment.com Advisory: Asterisk remote heap overflow (19.10.2006)

Weak IBM Lotus Notes client permissions
Published:19.10.2006
Source:
SecurityVulns ID:6736
Type:remote
Threat Level:
5/10
Description:Application folder has Everyone:Full Control permissions.
Affected:IBM : Lotus Notes 6.5
 IBM : Lotus Notes 7.0
CVE:CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.)
Original documentdocumentSECUNIA, Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions (19.10.2006)

Nvidia for Linux / Solaris graphic drivers buffer overflow
updated since 19.10.2006
Published:03.11.2006
Source:
SecurityVulns ID:6728
Type:library
Threat Level:
5/10
Description:Integer overflow in _nv000053X function leads to buffer overflow.
Affected:NVIDIA : NVIDIA Driver For Linux 1.0
 NVIDIA : NVIDIA Driver For Solaris 1.0
Original documentdocumentSECUNIA, [SA22676] Sun Solaris NVIDIA Graphics Driver Buffer Overflow Vulnerability (03.11.2006)
 documentRapid 7 Security Advisories, Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux (19.10.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod