Computer Security
[EN] no-pyccku

Apache mod_rewrite buffer overflow
updated since 28.07.2006
SecurityVulns ID:6420
Threat Level:
Description:Off-by-one overflow on mod_rewrite LDAP schema if "RewriteEngine on".
Affected:APACHE : Apache 2.0
Original documentdocumentJacobo Avariento, POC & exploit for Apache mod_rewrite off-by-one (21.08.2006)
 documentAPACHE, [Full-disclosure] [Announcement] Apache HTTP Server 2.2.3 (2.0.59, 1.3.37) Released (28.07.2006)
 documentUBUNTU, [Full-disclosure] [USN-328-1] Apache vulnerability (28.07.2006)
Files:Exploit for Apache mod_rewrite off-by-one
 Exploit for Apache mod_rewrite off-by-one(Win32)
 apache mod rewrite exploit (win32)

RealVNC integer overflow
SecurityVulns ID:6521
Threat Level:
Description:Integer overflow in clipboard processing functions readClientCutText()/readServerCutText().
Affected:REALVNC : RealVNC 4.1
Original documentdocumentNiall FitzGibbon, [Full-disclosure] RealVNC 4.1.2 minor heap corruption/DoS vulnerability (authentication required) (21.08.2006)

Multiple WFTPD FTP server buffer overflows
SecurityVulns ID:6522
Threat Level:
Description:Buffer overflows in multiple commands.
Affected:TEXAS : WFTPD 3.23
Original documentdocumentSECURITEAM, [NT] WFTPD Multiple Buffer Overflows (CWD, DELE, MDTM, MKD, RMD, MLST, RNFR, SIZE, XCWD, XMKD, XRMD) (21.08.2006)
Files:WFTPD server 3.23 (SIZE) 0day remote buffer overflow exploit

Easy File Sharing FTP Server buffer overflow
SecurityVulns ID:6523
Threat Level:
Description:Buffer overflow on oversized USER command.
Affected:EFSSOFT : Easy File Sharing FTP Server 2.0
Original documentdocumentSECURITEAM, [EXPL] Easy File Sharing FTP Server PASS Buffer Overflow (Exploit) (21.08.2006)
Files:Easy File Sharing FTP Server 2.0 (PASS) 0day PoC exploit

Multiple Linux kernel DoS condiotions
SecurityVulns ID:6524
Threat Level:
Description:DoS with SG driver, HID0[31] bit clearing problem on PPC970 processors.
Affected:LINUX : kernel 2.4
 LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA21555] Linux Kernel SG Driver Denial of Service Vulnerability (21.08.2006)
 documentSECUNIA, [SA21563] Linux Kernel Uncleared HID0[31] Denial of Service (21.08.2006)

honeyd honeypot demon DoS
SecurityVulns ID:6525
Threat Level:
Description:ARP packets processing DoS.
Affected:HONEYD : honeyd 1.5
Original documentdocumentSECUNIA, [SA21591] Honeyd ARP Denial of Service Vulnerability (21.08.2006)

Ichitaro Document Viewer buffer overflow
SecurityVulns ID:6526
Threat Level:
Affected:ICHITARO : Ichitaro 2006
 ICHITARO : Ichitaro 2005
Original documentdocumentSECUNIA, [SA21552] Ichitaro Document Viewer Buffer Overflow Vulnerability (21.08.2006)

2wire gateways DoS
SecurityVulns ID:6527
Threat Level:
Description:Incomplete HTTP request for Web-interface causes device to crash.
Original documentdocumentpreth00nker_(at), DoS 2wire Gateway (21.08.2006)
Files:PoC of DoS 2wire_Gateway

Multiple Microsoft Windows Server service security vulnerabilities
updated since 11.07.2006
SecurityVulns ID:6363
Threat Level:
Description:Kernel mode heap overflow on mailslots processing. Information leak from SMB buffers.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows 2003 Server
Original documentdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2006-0714: Microsoft SRV.SYS SMB_COM_TRANSACTION Denial of Service (16.08.2006)
 documentGerardo Richarte, Mailslot bug (MS06-035) vs non-Mailslot bug (CVE-2006-3942) (16.08.2006)
 documentEEYE, [Full-disclosure] EEYE: Free scanning tool for critical MS06-040 flaw (10.08.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883) (08.08.2006)
 documentX-FORCE, ISS Protection Brief: Vulnerability in Server Driver could result in Denial of Service (29.07.2006)
 documentMCAFEE, [Full-disclosure] Microsoft SMB Information Disclosure Vulnerability CVE-2006-1315 (12.07.2006)
 documentTIPPINGPOINT, TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability (11.07.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159) (11.07.2006)
Files:Microsoft SRV.SYS Mailslot Ring0 Memory Corruption(MS06-035) Exploit
 Microsoft NetpIsRemote() MSO6-040 Overflow exploit (MetaSploit)
 Microsoft Windows CanonicalizePathName() Remote Code Execution Exploit
 MS06-040 Remote Code Execution Proof of Concept
 Microsoft Security Bulletin MS06-035 Vulnerability in Server Service Could Allow Remote Code Execution (917159)
 Microsoft Security Bulletin MS06-040 Vulnerability in Server Service Could Allow Remote Code Execution (921883)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.08.2006
SecurityVulns ID:6520
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WOLTLAB : Woltlab Burning Board 2.3
 JELSOFT : vBulletin 3.5
 TIKIWIKI : tikiwiki 1.9
 FANTASTICNEWS : Fantastic News 2.1
 CPANEL : cPanel 10.8
 ONEORZERO : OneOrZero Helpdesk 1.6
 TOENDA : ToendaCMS 1.0
 MAMBO : mtg_myhomepage Component For Mambo 4.5
 JOOMLA : Joomla x-shop 1.7
 JOOMLA : Joomla Rssxt 1.0
 JOOMLA : Joomla Kochsuite 0.9
 JOOMLA : Joomla MamboWiki 0.9
 JOOMLA : Joomla poll 1.0
 MAMBO : Mambo Ako Comments 1.1
 MAMBO : Mambo com_cropimage 1.0
 SONIUM : Sonium Enterprise Adressbook 0.2
 SOLMETRA : Spaw Editor 1.7
 SOLMETRA : Spaw Editor 1.6
 XENOBB : XenoBB 2.2
 SPORTSPHOOL : SportsPHool 1.0
 PHLYMAIL : PHlyMail Lite 3.4
 LBLOG : LBlog 1.05
 WEBADMIN : WebAdmin 3.25
 MAMBO : MAMBO bigAPE-Backup 1.1
 TUTTINOVA : Tutti Nova 1.6
 DOLPHIN : Dolphin 5.2
 DOIKA : Doika guestbook 2.5
 CITYFORFREE : indexcity 1.0
 EMPIRE : Empire CMS 3.7
 DRUPAL : Drupal Easylinks 4.7
 DRUPAL : Drupal E-Commerce 4.7
 MAILWF : mail f/w 8.2
Original documentdocumentSECUNIA, [SA21543] mail f/w system Mail Header Injection Vulnerability (23.08.2006)
 documentSECUNIA, [SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities (23.08.2006)
 documentSECUNIA, [SA21603] Drupal Easylinks Module Script Insertion and SQL Injection (23.08.2006)
 documentSECUNIA, [SA21584] Empire CMS "check_path" File Inclusion Vulnerability (23.08.2006)
 documentSECUNIA, [SA21536] TikiWiki "highlight" Cross-Site Scripting Vulnerability (23.08.2006)
 documentSECUNIA, [SA21565] indexcity SQL Injection and Script Insertion Vulnerabilities (23.08.2006)
 documentSECUNIA, [SA21549] Doika Guestbook "page" Script Insertion Vulnerability (23.08.2006)
 documentSECUNIA, [SA21560] Links Manager SQL Injection and Script Insertion Vulnerabilites (23.08.2006)
 documentSECUNIA, [SA21535] Dolphin "dir[inc]" File Inclusion Vulnerability (23.08.2006)
 documenth4ck3riran_(at), ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include (21.08.2006)
 documentoutlaw_(at), Mambo Component - EstateAgent Remote File Inclusion (21.08.2006)
 documentoutlaw_(at), Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln (21.08.2006)
 documentoutlaw_(at), Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln (21.08.2006)
 documentSECUNIA, [SA21572] Tutti Nova "TNLIB_DIR" File Inclusion Vulnerabilities (21.08.2006)
 documentSECUNIA, [SA21571] Fantastic News "CONFIG[script_path]" File Inclusion Vulnerability (21.08.2006)
 documentSECUNIA, [SA21574] Mambo bigAPE-Backup Component File Inclusion Vulnerability (21.08.2006)
 documentSECUNIA, [SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure (21.08.2006)
 documentSECUNIA, [SA21578] phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability (21.08.2006)
 documentSECUNIA, [SA21596] LBlog "id" SQL Injection Vulnerability (21.08.2006)
 documentSECUNIA, [SA21582] PHlyMail Lite "_PM_[path][handler]" File Inclusion Vulnerability (21.08.2006)
 documentSECUNIA, [SA21593] NES Game & NES System "phphtmllib" File Inclusion (21.08.2006)
 documentSECUNIA, [SA21594] SportsPHool "mainnav" File Inclusion Vulnerability (21.08.2006)
 documentSECUNIA, [SA21592] cPanel Multiple Cross-Site Scripting Vulnerabilities (21.08.2006)
 documentZeberuS_(at)_ZeberuS.Com, WoltLab Burning Board 2.3.5(WBB) in XSS (21.08.2006)
 documentChironex Fleckeri, LBlog <= "comments.asp" SQL Injection Exploit (21.08.2006)
 documentbotan_(at), [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability (21.08.2006)
 documentoutlaw_(at), Modification For OpenSEF Remote file Inclusion (21.08.2006)
 documentphilipp.niedziela_(at), Sonium Enterprise Adressbook Version 0.2 (folder) RFI (21.08.2006)
 documentvampire_chiristof_(at), OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS (21.08.2006)
 documentdicomdk_(at), UPDATE vBulletin Version 3.5.4 exploit (21.08.2006)
 documentpreth00nker_(at), Multiple xxs cPanel 10 (21.08.2006)
 documentoutlaw_(at), mambo-phphop Product Scroller Module R.F.I (21.08.2006)
 documentcrackers_child_(at), Mambo jim Component Remote Include Vulnerability (21.08.2006)
 documentcrackers_child_(at), contentpublisher Mambo Component Remote File Include Vulnerabilities (21.08.2006)
 documentbilkopat_(at), Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability (21.08.2006)
 documentx0r0n_(at), Mambo com_cropimage 1.0 Component Remote Include Vulnerability (21.08.2006)
 documentoutlaw_(at), Mambo CatalogShop Remote File Inclusion (21.08.2006)
 documentoutlaw_(at), Ako Comments (mod) Remote File Inclusion (21.08.2006)
 documenterne_(at), Joomla RFİ ( ERNE ) (21.08.2006)
 documentalireza hassani, [KAPDA::#55] - Joomla poll component vulnerability (21.08.2006)
 documentcamino_(at), Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability (21.08.2006)
 documentcamino_(at), Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability (21.08.2006)
 documentcrackers_child_(at), anjel Mambo Component Remote File Include (21.08.2006)
 documentcrackers_child_(at), Joomla Rssxt <= 1.0 Remote File Include Vulnerability (21.08.2006)
 documentcrackers_child_(at), Joomla x-shop <= 1.7 Remote File Include Vulnerability (21.08.2006)
 documentoutlaw_(at), mtg_myhomepage Component For Mambo R.F.I (21.08.2006)
Files:vBulletin Version 3.5.4 exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod