Computer Security
[EN] securityvulns.ru no-pyccku


Dr.Web antivirus buffer overflow
Published:20.09.2006
Source:
SecurityVulns ID:6631
Type:client
Threat Level:
7/10
Description:Buffer overflow on oversized LHA archive directory name.
Affected:DRWEB : Dr.Web 4.33
Original documentdocumentJean-Sébastien Guay-Leroux, [Full-disclosure] Dr.Web 4.33 antivirus LHA long directory name heap overflow (20.09.2006)
Files:Exploits Dr.Web 4.33 antivirus LHA directory name heap overflow for linux

Multiple OSU httpd security vulnerabilities
Published:20.09.2006
Source:
SecurityVulns ID:6632
Type:remote
Threat Level:
5/10
Description:Physical path and directory content disclosure.
Affected:OSU : OSU httpd 3.11
Original documentdocumentrfdslabs_(at)_rfdslabs.com.br, [RLSA_02-2006] OSU httpd for OpenVMS path and directory disclosure - is this a bug or a feature? (20.09.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:20.09.2006
Source:
SecurityVulns ID:6633
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:AEDATING : aeDating 4.1
 ECARDPRO : ECardPro 2.0
 INNOVATEBOARD : Innovate Portal v.0
 PTNEWS : PT News 1.7
 SITEATSCHOOL : [email protected] 2.4
 neon : Neon WebMail for Java 5.07
 BCWB : BCWB 0.99
 DIGITALWEBSHOP : Digital WebShop 1.128
 TEKMAN : Tekman Portal 1.0
 SDB : Simple Discussion Board 0.1
 MYREVIEW : MyReview 1.9
 EXPONENT : Exponent CMS 0.96
 MOREGROUPWARE : more.groupware 0.7
 PNPHPBB : PNphpBB2 1.2
 ALSTRASOFT : AlstraSoft Efriends 4.85
 PHPPOST : PHP-Post 1.01
 AMAZINGLP : Amazing Little Poll 1.3
 CMTEXTS : CMtextS 1.0
 QUALITEAM : Qualiteam X-Cart Pro 4.1
Original documentdocumentSECUNIA, [SA22005] Qualiteam X-Cart cmpi.php Variable Overwriting Vulnerability (20.09.2006)
 documentSECUNIA, [SA21911] BizDirectory "message" Cross-Site Scripting Vulnerability (20.09.2006)
 documentSECUNIA, [SA22013] ECardPro "keyword" SQL Injection Vulnerability (20.09.2006)
 documentSECUNIA, [SA21988] CMtextS admin.txt Password Disclosure (20.09.2006)
 documentSECUNIA, [SA21997] Amazing Little Poll "lp_settings.inc" Password Disclosure (20.09.2006)
 documentSECUNIA, [SA22014] PHP-Post Multiple Vulnerabilities (20.09.2006)
 documentMILW0RM, PNphpBB2 <= 1.2g (phpbb_root_path) Remote File Include Vulnerability (20.09.2006)
 documentSnIpEr_SA, Pie Cart Pro => (Inc_Dir) Remote File Inclusion Exploit (20.09.2006)
 documentSaudi Hackrz, Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit (20.09.2006)
 documentCeNGiZ-HaN, Simple Discussion Board Multiple F.le Inclusion Vulnerability (20.09.2006)
 documentfixtr_(at)_bsdmail.com, Tekman Portal v1.0 (tr) SQL Injection Vulnerability (20.09.2006)
 documentajannhwt_(at)_hotmail.com, Digital WebShop = v1.128 Multiple Remote File Include Vulnerabilities (20.09.2006)
 documentajannhwt_(at)_hotmail.com, Bcwb 0.99(root_path)Remote File Include Vulnerability (20.09.2006)
 documentSECUNIA, [SA21956] Gnuturk Portal "t_id" Parameter SQL Injection Vulnerability (20.09.2006)
 documentSECUNIA, [SA21955] aeDating "dir[inc]" File Inclusion Vulnerabilities (20.09.2006)
 documentcdg393, [Full-disclosure] A.I-Pifou (Cookie) Local File Inclusion (20.09.2006)
 documentcontact_(at)_secureshapes.com, [Full-disclosure] DotNetNuke HTML Code Injection (20.09.2006)
 documentTAN Chew Keong, [Full-disclosure] [vuln.sg] Neon WebMail for Java Multiple Vulnerabilities (20.09.2006)
 documentsimo64_(at)_morx.org, [email protected] 2.4.02 and below Multiple remote Command Execution Vulnerabilities (20.09.2006)
 documentmeto5757_(at)_hotmail.com, NextAge Cart Cross-Site Scripting multiple Vulnerabilities (20.09.2006)
 documentSnake.Apollyon_(at)_Yahoo.com, PT News 1.7.8 (Search.php) XSS Vulnerability (20.09.2006)
 documentSaudi Hackrz, Pie Cart Pro => (Home_Path) Remote File Inclusion Exploit (20.09.2006)
 documentmeto5757_(at)_hotmail.com, Innovate Portal v2.0 Index.PHP Xss Vuln. (20.09.2006)
Files:Site\@school remote file upload Xploit
 MyReview 1.9.4 SQL Injection exploit
 Exponent CMS 0.96.3 stable (possibly other versions) "view" arbitrary local inclusion / remote commands xctn exploit
 Exploits more.groupware 0.7.4 remote sql injection
 AlstraSoft Efriends 4.85 Remote Command Execution Exploit

Citrix Access Gateway authentication bypass
Published:20.09.2006
Source:
SecurityVulns ID:6634
Type:remote
Threat Level:
5/10
Description:Unauthenticated access is possible if Advanced Access Control is used with LDAP authentication.
Affected:CITRIX : Citrix Access Gateway 4.2
Original documentdocumentSECUNIA, [SA21941] Citrix Access Gateway Advanced Access Control Authentication Bypass (20.09.2006)

WS_FTP FTP client buffer overflow
Published:20.09.2006
Source:
SecurityVulns ID:6635
Type:client
Threat Level:
5/10
Description:Buffer overflow on PASV command response parsing.
Affected:IPSWITCH : WS_FTP LE 5.08
Files:WS_FTP LE 5.08 (PASV response) 0day buffer overflow exploit

Cisco Guard crossite scripting
Published:20.09.2006
Source:
SecurityVulns ID:6636
Type:remote
Threat Level:
5/10
Affected:CISCO : Cisco Guard Appliance 5.1
 CISCO : Cisco Guard Appliance 5.0
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Guard enables Cross Site Scripting (20.09.2006)

Cisco Intrusion Prevention System DoS and protection bypass
Published:20.09.2006
Source:
SecurityVulns ID:6637
Type:remote
Threat Level:
5/10
Description:Malformed SSLv2 handshake DoS, fragmented packets filtering evasion.
Affected:CISCO : Cisco IPS 5.1
 CISCO : Cisco IPS 5.0
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Intrusion Prevention System Management Interface Denial of Service and Fragmented Packet Evasion Vulnerabilities (20.09.2006)

Cisco routers unauthorized SNMP access
Published:20.09.2006
Source:
SecurityVulns ID:6638
Type:remote
Threat Level:
6/10
Description:Read/write DOCSIS community exists on non-DOCSIS routers.
Affected:CISCO : Cisco IAD2430
 CISCO : Cisco IAD2431
 CISCO : Cisco IAD2432
 CISCO : Cisco VG224
 CISCO : Cisco MWR 1900
 CISCO : Cisco MWR 1941
Original documentdocumentCISCO, Cisco Security Advisory: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms (20.09.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod