Yahoo messenger multiple security vulnerabilities
Published:		20.02.2005
Source:		VULNWATCH
SecurityVulns ID:		4502
Type:		client
Level:		5/10
Description:		Filename spoofing, local privilege escalation with Audio Setup Wizard.

Affected:

YAHOO : Yahoo Messenger 6.0

Original document		SECUNIA, [VulnWatch] Secunia Research: Yahoo! Messenger Audio Setup Wizard Privilege Escalation (20.02.2005)
		SECUNIA, [VulnWatch] Secunia Research: Yahoo! Messenger File Transfer Filename Spoofing (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

Bidwatcher eBay watching and bidding tool format string bug
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4503
Type:		client
Level:		4/10
Description:		Format string bug on server reply processing.

Affected:

BIDWATCHER : bidwatcher 1.3

Original document

DEBIAN, [SECURITY] [DSA 687-1] New bidwatcher packages fix format string vulnerability (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

gProFTPD ProFTPD FTP server monitoring tool format tring bug
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4504
Type:		client
Level:		5/10
Description:		Format string bug during server log file parsing.

Affected:

GPROFTPD : GProFTPD 8.1

Original document

GENTOO, [ GLSA 200502-26 ] GProFTPD: gprostats format string vulnerability (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple TrackerCam webcam http server vulnerabilities
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4505
Type:		remote
Level:		5/10
Description:		Buffer overflow, directory traversal, information disclosure, crossite scripting, DoS.

Affected:

TRACKERCAM : TrackerCam 5.12

Original document

Luigi Auriemma, Multiple vulnerabilities in TrackerCam 5.12 (20.02.2005)

Files:		TrackerCam 5.12 buffer overflow exploit
Discuss:		Read or add your comments to this news (0 comments)

glFTPD FTP server plugin directory traversal
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4506
Type:		remote
Level:		5/10
Description:		Обратный путь в каталогах в плагинах sitenfo.sh, sitezipchk.sh, siteziplist.sh.

Affected:

GLFTPD : Glftpd 2.0

Original document

Paul Craig - Pimp Industries, Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

gFTP FTP client directory traversal
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4507
Type:		client
Level:		5/10
Description:		Directory traversal during downloading file from server.

Affected:

GFTP : gFTP 2.0

Original document

GENTOO, [ GLSA 200502-27 ] gFTP: Directory traversal vulnerability (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

webfsd web server integer overflow
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4508
Type:		remote
Level:		5/10
Description:		Integer overflow on directory listing.

Affected:

WEBFSD : webfsd 1.21

Original document

yan feng, webfsd fun. opensource is god .lol windows (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Thomson TCW690 security vulnerabilities.
Published:		20.02.2005
Source:		BUGTRAQ
SecurityVulns ID:		4509
Type:		remote
Level:		5/10
Description:		It's possible to access web interface without username and password. Denial of Service.

Affected:

THOMSON : TCW690

Original document		MurDoK, [Full-Disclosure] Thomson TCW690 Denial Of Service Vulnerability (20.02.2005)
		MurDoK, Thomson TCW690 POST Password Validation Vulnerability (20.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

WinFTP FTP Server buffer overflows updated since 12.02.2005
Published:		20.02.2005
Source:		UNL0CK
SecurityVulns ID:		4481
Type:		remote
Level:		5/10
Description:		Buffer overflows in different FTP commands.

Affected:

WINFTP : WinFTP 1.6

Original document		Donato Ferrante, [Full-disclosure] Unicode Buffer Overflow in WinFtp Server 1.6.8 (17.08.2005)
		Dark, #11 by unl0ck team (12.02.2005)

Discuss:

Read or add your comments to this news (0 comments)

PHP/ASP/CGI web applications security bugs updated since 14.02.2005
Published:		20.02.2005
Source:
SecurityVulns ID:		4482
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, spam sending, etc.

Affected:		WEBCALENDAR : WebCalendar 0.9
		PHPBB : phpBB 2.0
		ZEROBOARD : Zeroboard 4.1
		VBULLETIN : vBulletin 3.0
		OSCOMMERCE : osCommerce 2.2
		INVISION : Invision Power Board 1.3
		PHPNUKE : PHP-Nuke 7.4
		CUBECART : CubeCart 2.0
		KAYAKO : Kayako eSupport 2.3
		SITEMAN : Siteman 1.1
		MERCURYBOARD : MercuryBoard 1.1
		ELOG : elog 2.5
		CITRUSDB : CitrusDB 0.3
		AWSTATS : AWStats 6.3
		OPENCONF : Openconf 1.04
		PHPNUKE : PHP-Nuke 7.6
		OPENWEBMAIL : Open WebMail 2.50
		DCPPORTAL : DCP-Portal 6.1
		PANEWS : paNews 2.0
		NEWSBRUISER : NewsBruiser 2.6
		BIBORB : BibORB 1.3
		PAFAQ : paFAQ Beta4
		BIZMAILFORM : BizMail 2.1
		PMACHINE : PMachine 2.4

Original document		kingcope_(at)_gmx.net, [Full-Disclosure] pMachine Pro / pMachine Free Remote Code Execution (20.02.2005)
		albanian haxorz, Multiples vulnerability in ZeroBoard, (20.02.2005)
		Jason Frisvold, BizMail 2.1 Spam Exploit (20.02.2005)
		jtm297_(at)_optonline.net, Possible phpBB <=2.0.11 bug or sql injection? (18.02.2005)
		Pedram hayati, [PersianHacker.NET 200505-07] paFAQ Beta4 Sql Injection (18.02.2005)
		Scovetta Labs, [ SCL-2005.001 ] - WebCalendar: SQL Injection from encoded cookie (18.02.2005)
		Daniel A., Invision Power Boards 1.3.1 FINAL XSS Exploit (18.02.2005)
		matrix_killer ma3x, phpbb 2.0.11 bug (18.02.2005)
		Patrick Hof, [Full-Disclosure] Advisory: Multiple Vulnerabilities in BibORB (17.02.2005)
		SECUNIA, [SA13937] MercuryBoard "f" Cross-Site Scripting Vulnerability (17.02.2005)
		SECUNIA, [SA14262] NewsBruiser Comment System Security Bypass Vulnerability (17.02.2005)
		SECUNIA, [SA14263] Siteman Site Owner Registration Security Bypass Vulnerability (17.02.2005)
		Pedram hayati, [PersianHacker.NET 200505-06] paNews v2.0b4 XSS Vulnerability (17.02.2005)
		SECUNIA, [SA14284] Mercuryboard "debug" Debug Information Disclosure (16.02.2005)
		Exoduks, [hackgen-2005-#003] - SQL injection bugs in DCP-Portal (16.02.2005)
		John Cobb, [NOBYTES.COM: #3] osCommerce 2.2-MS2 - XSS Vulnerability (16.02.2005)
		Seth Woolley, [Full-Disclosure] Kayako eSupport v2.3.1 Support Tracker XSS Vulnerability (15.02.2005)
		SECUNIA, [SA14253] Open WebMail Login Page Cross-Site Scripting Vulnerability (15.02.2005)
		Janek Vind, [Full-Disclosure] [waraxe-2005-SA#040] - Full path disclosure and XSS in PhpNuke 6.x-7.6 (15.02.2005)
		Maximillian Dornseif, [Full-Disclosure] Advisory: Authentication bypass in CitrusDB (15.02.2005)
		Maximillian Dornseif, [Full-Disclosure] Advisory: Cross Site Scripting Vulnerability in Openconf Conference Management Software (15.02.2005)
		Maximillian Dornseif, [Full-Disclosure] Advisory: SQL-Injection in CitrusDB (15.02.2005)
		Maximillian Dornseif, [Full-Disclosure] Advisory: Upload Authorization bypass in CitrusDB (15.02.2005)
		Maximillian Dornseif, [Full-Disclosure] Advisory: Directory traversal in CitrusDB (15.02.2005)
		John Cobb, [NOBYTES.COM: #2] CubeCart 2.0.4 - Multiple Vulnerabilities (15.02.2005)
		AL3NDALEEB, vbulletin 3.0.x PHP code execution (15.02.2005)
		foster_(at)_ghc.ru, AWStats <= 6.4 Multiple vulnerabilities (15.02.2005)
		SECURITEAM, [EXPL] PHP-Nuke POST Method Admin Variable Privilege Escalation (14.02.2005)
		Maximillian Dornseif, [Full-Disclosure] Credit Card data disclosure in CitrusDB (14.02.2005)
		SECURITEAM, [EXPL] ELOG Remote Shell Exploit (14.02.2005)

Files:		phpNUKE v7.4 exploit
		AWStats Remote Command Execution exploit
		ELOG Remote Shell Exploit <= 2.5.6
Discuss:		Read or add your comments to this news (0 comments)