 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 20.05.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6163 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | luny_(at)_youfucktard.com, Xtremescripts Topsites v1.1 (20.05.2006) |
| |  | Mster-X_(at)_hotmail.com, RaceEventManagement <--v0.7.6 SQL injection & XSS (20.05.2006) |
| |  | i6d_(at)_hotmail.com, ActualAnalyzer Server <=8.23 - Remote File Include Vulnerability (20.05.2006) |
| |  | i6d_(at)_hotmail.com, phpBazar <= 2.1.0 Multiple vulnerabilites (20.05.2006) |
| |  | luny_(at)_youfucktard.com, Jemscripts Download Control v1.0 (20.05.2006) |
| |  | luny_(at)_youfucktard.com, Yourfreeworld Styleish Text Ads Script (20.05.2006) |
| |  | luny_(at)_youfucktard.com, Yourfreeworld.com Short Url & Url Tracker Script (20.05.2006) |
| |  | omnipresent_(at)_email.it, Newswriter v1.0 Remote XSS Exploit (20.05.2006) |
| |  | omnipresent_(at)_email.it, CANews Remote Multiple Vulnerability (20.05.2006) |
| |  | omnipresent_(at)_email.it, Dayfox Blog Insecure Password Storage (20.05.2006) |
| |  | omnipresent_(at)_email.it, Dayfox Blog Insecure Password Storage (20.05.2006) |
| Sun ONE Web server crossite scripting | | Published: |  | 20.05.2006 | | Source: |  | SECUNIA | | SecurityVulns ID: |  | 6165 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Crossite scripting on URL with quote sign. |
| Windows limited service account privilege escalation | | Published: |  | 20.05.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6166 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | By using security tokens located in process memory it's possible to escalate privileges from limited service account, such as Network Service or Microsoft SQL Service account. |
Microsoft Word memory corruption updated since 20.05.2006 | | Published: |  | 13.06.2006 | | Source: |  | CERT | | SecurityVulns ID: |  | 6164 | | Type: |  | client | | Level: |  | 9/10 | | Description: |  | Malformув object pointer memory corruption is used in-the-wild for malware distribution. |
|
|
|
|
|
|
|
|