HP-UX newgrp privilege escalation
Published:		21.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4286
Type:		local
Level:		5/10

Original document

HP, Security Bulletin SSRT4687 rev.0 HP-UX newgrp(1) local privilege elevation (21.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

My Firewall Plus privilege escalation
Published:		21.12.2004
Source:		VULNWATCH
SecurityVulns ID:		4287
Type:		local
Level:		5/10
Description:		It's possible ot invoke external application with SYSTEM privileges via help subsystem.

Affected:

MYFIREWALL : My Firewall Plus 5.0

Original document

Carsten H. Eiram, [VulnWatch] Secunia Research: My Firewall Plus Privilege Escalation Vulnerability (21.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

WinRAR buffer overflow
Published:		21.12.2004
Source:		UNL0CK
SecurityVulns ID:		4288
Type:		client
Level:		5/10
Description:		Buffer overflow on file deletion.

Affected:

RARSOFT : WinRAR 3.41

Original document

UNLOCK, -= Unl0ck Team Security Advisory =- (21.12.2004)

Discuss:

Read or add your comments to this news (0 comments)

Crystal FTP Pro buffer overflow
Published:		21.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4290
Type:		client
Level:		5/10
Description:		Buffer overflow on oversized file extension in directory listing.

Affected:

CASDK : Crystal FTP Pro 2.8

Original document

Luca Ercoli, Crystal FTP Pro Client Buffer Overflow (21.12.2004)

Files:		rystal FTP Pro 2.8 PoC
Discuss:		Read or add your comments to this news (0 comments)

Sun Java plugin privilege escalation updated since 23.11.2004
Published:		21.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4207
Type:		client
Level:		5/10
Description:		It's possible to access few internal classes.

Affected:		KDE : KDE 3.2
		KDE : KDE 3.3
		SUN : J2SE 1.4

Original document		KDE, KDE Security Advisory: Konqueror Java Vulnerability (21.12.2004)
		IDEFENSE, iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrary Package Access Vulnerability (23.11.2004)
		Jouko Pynnonen, [Full-Disclosure] Sun Java Plugin arbitrary package access vulnerability (23.11.2004)

Discuss:

Read or add your comments to this news (0 comments)

Multiple AIX bugs updated since 21.12.2004
Published:		22.12.2004
Source:		BUGTRAQ
SecurityVulns ID:		4289
Type:		local
Level:		6/10
Description:		lsmcode, diag_exec, invscout, invscoutd invoke external application with relative path, paginit - stack based buffer overflow.

Affected:		IBM : AIX 5.1
		IBM : AIX 5.2
		IBM : AIX 5.3

Original document		IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX invscout Local Command Execution Vulnerability (22.12.2004)
		IDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX chcod Local Privilege Escalation Vulnerability (22.12.2004)
		cees-bart, AIX 5.1/5.2/5.3 local root exploits (21.12.2004)

Files:		AIX 5.1/5.2/5.3 paginit local root exploit
		IBM AIX invscout Local Exploit
Discuss:		Read or add your comments to this news (0 comments)

CGI bugs updated since 21.12.2004
Published:		25.12.2004
Source:
SecurityVulns ID:		4285
Type:		remote
Level:		5/10

Affected:		NAMAZU : Namazu 2.0
		ZEROBOARD : Zeroboard 4.1
		GADUGADU : Gadu-Gadu 6.0
		TLENPL : Tlen.pl 5.23
		GADUGADU : Gadu-Gadu 6.1
		KAYAKO : Kayako eSupport 2.3
		PHPNUKE : PHP-Nuke Workboard 1.0
		2BGAL : 2Bgal 2.5
		PSYCHOSTATS : PsychoStats 2.2
		PHPBLOGGER : PHP-Blogger 1.9

Original document		SSR Team, STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard (25.12.2004)
		SECUNIA, [SA13665] PHP-Blogger Disclosure of Sensitive Information Security Issue (24.12.2004)
		JeiAr, Cross Site Scripting In PsychoStats 2.2.4 Beta && Earlier (24.12.2004)
		SECUNIA, [SA13605] tlen URL Script Insertion Vulnerability (23.12.2004)
		SECUNIA, [SA13619] PsychoStats "login" Cross-Site Scripting Vulnerability (23.12.2004)
		zib zib, 2Bgal : 2.4 & 2.5.1 SQL injection Vulnerability (23.12.2004)
		SECUNIA, [SA13600] Namazu "namazu.cgi" Cross-Site Scripting Vulnerability (22.12.2004)
		SECUNIA, [SA13574] PHP-Nuke Workboard Module Cross-Site Scripting (22.12.2004)
		JeiAr, Multiple Vulnerabilities In Kayako eSupport v2.x (21.12.2004)
		Maciej Soltysiak, Gadu-Gadu Remote DoS (all versions) (21.12.2004)
		Jaroslaw Sajko, Gadu-Gadu Remote DoS (all versions) (21.12.2004)

Discuss:

Read or add your comments to this news (0 comments)