Search:Vulnerability:19.10.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 19.10.2006
Source:
SecurityVulns ID: 6726
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : phpBB 2.0
PHPADSNEW : phpAdsNew 2.0
ZORUM : zorum 3.5
PHPLIST : phplist 2.10
SIMPLOG : simplog 0.9
TORRENTXLUX : TorrentFlux 2.1
LODEL : patchlodel 0.7
PHPFORGE : PHP Forge 3b2
OSPREY : osprey 1.0
COMDEV : Comdev One Admin 4.1
BOONEX : Boonex Dolphin 5.2
PPOPN : P-Book
CSFORUM : CS-Forum 0.82
PHPRECIPEBOOK : PHPRecipeBook 2.35
WEVWEB : DEV Web Manager System 1.5
JOOMLA : Joomla BSQ Sitestats 1.8
JOOMLA : Joomla BSQ Sitestats 2.0

Original document CorryL, {x0n3-h4ck} DEV Web Manager System <= 1.5 XSS Exploit (19.10.2006)

CarcaBotx_(at)_yahoo.com, PHPRecipeBook <= 2.35 ((g_rb_basedir)) Remote File Include Exploit (19.10.2006)

mahmood ali, PhpBB<=2.0.10 (groupcp.php) Remote File Include Vulnerability (19.10.2006)

mahmood ali, CS-Forum 0.82 (ajouter.php) Remote File Include Vulnerability (19.10.2006)

document erdc_(at)_echo.or.id, [ECHO_ADV_46$2006] P-Book <= 1.17 (pb_lang) Remote File Inclusion (19.10.2006)

xp1o_(at)_msn.com, zorum_3_5 <=(dbproperty.php) Remote File Inclusion Exploit (19.10.2006)

disfigure, Simplog 0.9.3.1 SQL Injection (19.10.2006)

disfigure, Boonex Dolphin 5.2 Remote File Inclusion (19.10.2006)

document disfigure, Comdev One Admin 4.1 Remote File Inclusion (19.10.2006)

wacky_(at)_ihack.pl, phpAdsNew include bug! (19.10.2006)

erdc_(at)_echo.or.id, [ECHO_ADV_55$2006]Phpmybibli <=2.1 Multiple Remote File Inclusion Vulnerability (19.10.2006)

3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?user_id? Script Insertion (19.10.2006)

document 3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?file? Script Insertion (19.10.2006)

3cab7cc7_(at)_srasg.stevenroddis.com.au, TorrentFlux ?action? Script Insertion (19.10.2006)

the-free_kernel_(at)_b0rizq.net, [Xss] IN phplist v 2.10.2 (19.10.2006)

KaBaRa.HaCk.eGy_(at)_Gmail.com, osprey 1.0 (ListRecords.php) Remote File Include Vulnerability (19.10.2006)

document mahmood ali, PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability (19.10.2006)

mahmood ali, PHP Forge 3b2 (/inc/inc.php) Remote File Include Vulnerability (19.10.2006)

erne_(at)_ernealizm.com, patchlodel-0.7.3 - Remote File Include Vulnerabilities (19.10.2006)

document xx_hack_xx_2004_(at)_hotmail.com, Full Path Disclosure in PHP-Wyana (2) (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

F5 Firepass crossite scripting
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6729
Type: remote
Level: 5/10
Description: my.acctab.php3 sid parameter crossite scripting.

Affected: F5 : FirePass 1000

Original document research_(at)_procheckup.com, PR06-03b: F5 Firepass 1000 SSL VPN version 5.5 vulnerable to Cross-Site Scripting (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

libksba DoS
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6730
Type: remote
Level: 5/10
Description: DoS on parsing X.509 certificate with trailing information.

Affected: LIBKSBA : libksba 0.9

Original document UBUNTU, [USN-365-1] libksba vulnerability (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple HighWall IDS security vulnerabilities
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6733
Type: remote
Level: 5/10
Description: Crossie scripting and SQL injection in Web interface.

Original document noreply_(at)_ptsecurity.ru, Multiple vulnerabilities in Highwall Enterprise and Highwall Endpoint management interface (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Asterisk remote buffer overflow
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6735
Type: remote
Level: 7/10
Description: Buffer overflow on parsing Cisco Skinny VoIP protocol.

Affected: ASTERISK : Asterisk 1.0
ASTERISK : Asterisk 1.2

Original document Adam Boileau, Security-Assessment.com Advisory: Asterisk remote heap overflow (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Weak IBM Lotus Notes client permissions
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6736
Type: remote
Level: 5/10
Description: Application folder has Everyone:Full Control permissions.

Affected: IBM : Lotus Notes 6.5
IBM : Lotus Notes 7.0
CVE: CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and .0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.)

Original document SECUNIA, Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple ClamAV antivirus security vulnerabilities
updated since 16.10.2006
Published: 19.10.2006
Source: SECUNIA
SecurityVulns ID: 6725
Type: remote
Level: 7/10
Description: Buffer overflow on PE files parsing, DoS on CHM parsing.

Affected: CLAMAV : ClamAV 0.88

Original document IDEFENSE, Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability (19.10.2006)

IDEFENSE, Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability (19.10.2006)

SECUNIA, [SA22370] Clam AntiVirus CHM Unpacker and PE Rebuilding Vulnerabilities (16.10.2006)

Discuss: Read or add your comments to this news (0 comments)

XSession race conditions
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6727
Type: local
Level: 5/10
Description: Race conditions allows different user to see error messages.

Affected: XINIT : xinit 1.0

Original document UBUNTU, [USN-364-1] Xsession vulnerability (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

HTTP header injection in Macromedia Flash plugin
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6731
Type: client
Level: 5/10

Affected: MACROMEDIA : Flash Pleayer plugin 9.0

Original document Rapid 7 Security Advisories, Rapid7 Advisory R7-0026: HTTP Header Injection Vulnerabilities in the Flash Player Plugin (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Opera buffer overflow
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6732
Type: remote
Level: 7/10
Description: Buffer overflow on oversized URL.

Affected: OPERA : Opera 9.0
OPERA : Opera 9.01

Original document IDEFENSE, iDefense Security Advisory 10.17.06: Opera Software Opera Web Browser URL Parsing Heap Overflow Vulnerability (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple Airmagnet security vulnerabilities
Published: 19.10.2006
Source: BUGTRAQ
SecurityVulns ID: 6734
Type: remote
Level: 5/10
Description: Crossite scripting and SQL injection in Web interface.

Original document noreply_(at)_ptsecurity.ru, Airmagnet management interfaces multiple vulnerabilities (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)

Nvidia for Linux / Solaris graphic drivers buffer overflow
updated since 19.10.2006
Published: 03.11.2006
Source: BUGTRAQ
SecurityVulns ID: 6728
Type: library
Level: 5/10
Description: Integer overflow in _nv000053X function leads to buffer overflow.

Affected: NVIDIA : NVIDIA Driver For Linux 1.0
NVIDIA : NVIDIA Driver For Solaris 1.0

Original document SECUNIA, [SA22676] Sun Solaris NVIDIA Graphics Driver Buffer Overflow Vulnerability (03.11.2006)

Rapid 7 Security Advisories, Rapid7 Advisory R7-0025: Buffer Overflow in NVIDIA Binary Graphics Driver For Linux (19.10.2006)

Discuss: Read or add your comments to this news (0 comments)