Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		20.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6845
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		ACART : A-Cart 2.0
		ADVANCEDPOLL : Advanced Poll 2.0
		GPHOTOS : GPhotos 1.5
		BLOGCMS : BLOG:CMS 4.1
		VIKINGBOARD : Vikingboard 0.1
		TRAVELSIZEDCMS : travelsized cms 0.4
		OXYGEN : Oxygen 1.1
		ASPNUKE : ASPNuke 0.80
		PHPQUICKGALLERY : PHPQuickGallery 1.9
		PHPWEBTHINGS : phpWebThings 1.5
		PHPEASYDOWNLOAD : PHP Easy Download 1.5

Original document		beks beks beks, Advanced Poll 2.0.7 Remote File Include Vulnerability (20.11.2006)
		nuffsaid, phpWebThings 1.5.2 (editor.php) Remote File Include Vulnerability (20.11.2006)
		Al7ejaz Hacker, PHPQuickGallery <= 1.9 (textFile) Remote File Include Vulnerability (20.11.2006)
		ajannhwt_(at)_hotmail.com, ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability (20.11.2006)
		Advisory_(at)_Aria-Security.net, A-Cart 2.0 SQL Injection (20.11.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security's Research Team] Texas Rank'em SQL Injection Vulnerabilite (20.11.2006)
		bluespy.ok_(at)_gmail.com, PhpBB Module Dimension Remote File Include (20.11.2006)
		Advisory_(at)_Aria-Security.net, [Aria-Security's Research Team] ActiveNews Manager SQL Injection Vulnerabilite (20.11.2006)
		katatafish_(at)_hush.com, BLOG:CMS <= 4.1.3 XSS (20.11.2006)
		laurent gaffié, Vikingboard (0.1.2) [ multiples vulnerability ] (20.11.2006)
		pagvacito, Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING (20.11.2006)
		Advisory_(at)_Aria-Security.net, A-Cart PRO SQL Injection (20.11.2006)
		Aesthetico, [MajorSecurity Advisory #36]dev4u CMS - Multiple SQL Injection and Cross Site Scripting Issues (20.11.2006)
		Aesthetico, [MajorSecurity Advisory #35]Travelsized CMS - Multiple Cross Site Scripting Issues (20.11.2006)

Files:		PhpQuickGallery <= 1.9 Remote File Inclusion Exploit
		Exploits PHP Easy Download <= 1.5 Remote Code Execution Vulnerability
		Exploits Oxygen <= 1.1.3 (O2PHP Bulletin Board) SQL Injection
Discuss:		Read or add your comments to this news (0 comments)

Dovecot IMAP/POP3 server off-by-one buffer overflow
Published:		20.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6846
Type:		remote
Level:		5/10

Affected:

DOVECOT : Dovecot 1.0

Original document

Timo Sirainen, Dovecot IMAP/POP3 server: Off-by-one buffer overflow (20.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Windows Workstation service buffer overflow updated since 14.11.2006
Published:		20.11.2006
Source:		MICROSOFT
SecurityVulns ID:		6827
Type:		remote
Level:		7/10
Description:		Buffer overflow in RPC based service.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP

Original document		EEYE, [Full-disclosure] EEYE: Workstation Service NetpManageIPCConnect Buffer Overflow (14.11.2006)
		MICROSOF, Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270) (14.11.2006)

Files:		MS06-070 Windows WorkStation NetpManageIPCConnect Vulnerability Exploit
		Microsoft Windows Wkssvc NetrJoinDomain2 Stack Overflow(MS06-070) Exploit
		Microsoft Security Bulletin MS06-070 Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
Discuss:		Read or add your comments to this news (0 comments)