Safe'n'Sec host intrusion prevention system privilege escalation
Published:		21.02.2006
Source:		BUGTRAQ
SecurityVulns ID:		5806
Type:		local
Level:		5/10
Description:		Unsafe CreateProcess() call allows to spoof application.

Affected:		STARFORCE : Safe’n’Sec 1.0
		STARFORCE : Safe’n’Sec 1.1

Original document

Thierry Zoller, [TZO-062006] Safe'nVulnerable (21.02.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		21.02.2006
Source:		BUGTRAQ
SecurityVulns ID:		5805
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPMYCHAT : phpMyChat 0.14
		PHPFUSION : PHP-Fusion 6.0
		PHPNUKE : phpNuke 7.8
		GEEKLOG : geeklog 1.4
		TTS : Time Tracking Software 3.0
		ILCHCLAN : ilchClan 1.0
		CHERRYPY : cherrypy 2.1
		GUESTBOOK : Guestbox 0.6
		BARRACUDA : Barracuda Directory 1.1
		POSTNUKE : PostNuke 0.762

Original document		SECUNIA, [SA18937] PostNuke Multiple Vulnerabilities (21.02.2006)
		SECUNIA, [SA18965] Barracuda Directory Multiple Script Insertion Vulnerabilities (21.02.2006)
		SECUNIA, [SA18946] Guestbox Two Vulnerabilities and One Security Issue (21.02.2006)
		SECUNIA, [SA18944] CherryPy "staticfilter" Directory Traversal Vulnerability (21.02.2006)
		SECUNIA, [SA18949] PHP-Fusion Cross-Site Scripting Vulnerabilities (21.02.2006)
		SECUNIA, [SA18951] ilchClan "pid" SQL Injection Vulnerability (21.02.2006)
		Mustafa Can Bjorn IPEKCI, [Full-disclosure] MiniNuke CMS System all versions (pages.asp) SQL Injection (21.02.2006)
		Debasis Mohanty, [Full-disclosure] PHPMyChat Authentication Bypass (21.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] Time Tracking Software Multiple Vulnerabilities (21.02.2006)
		JeiAr, Geeklog Remote Code Execution (21.02.2006)
		Janek Vind, [waraxe-2006-SA#046] - Critical sql injection in phpNuke 7.5-7.8 (21.02.2006)

Discuss:

Read or add your comments to this news (0 comments)