Mozilla XPCOMM Race Conditions
Published:		22.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		5022
Type:		library
Level:		5/10
Description:		Race conditions on object deletion prior to complete page download laed to application crash.

Original document

JeiAr, Mozilla XPCOM Library Race Condition (22.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple DNRD Domain Name Relay Daemon vulnerabilities
Published:		22.07.2005
Source:		SECUNIA
SecurityVulns ID:		5025
Type:		remote
Level:		5/10
Description:		Multiple buffer overflow

Affected:

DNRD : dnrd 2.19

Original document

SECUNIA, [SA16142] Domain Name Relay Daemon Two Vulnerabilities (22.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Greasemonkey Firefox extension information leak
Published:		22.07.2005
Source:		SECUNIA
SecurityVulns ID:		5026
Type:		remote
Level:		5/10
Description:		Privileged functions are available with GM_xmlhttpRequest().

Affected:

GREASEMONKEY : Greasemonkey 0.3

Original document

SECUNIA, [SA16128] Firefox Greasemonkey Extension Disclosure of Sensitive Information (22.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Avast! antivirus ACE archives vulnerabilities
Published:		22.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		5027
Type:		remote
Level:		6/10
Description:		Directory traversal, buffer overflow.

Affected:

AVAST : avast! Antivirus 4.

Original document

SECUNIA, [SA15776] avast! Antivirus ACE File Handling Two Vulnerabilities (22.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple MySQL database management system vulnerabilities
Published:		22.07.2005
Source:		SECUNIA
SecurityVulns ID:		5028
Type:		remote
Level:		6/10
Description:		Multiple DoS, vulnerable zlib version is used.

Affected:

MYSQL : MySQL 4.1

Original document

SECUNIA, [SA16170] MySQL Multiple Vulnerabilities (22.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Xerox WorkCentre Pro multiple vulnerabilities updated since 08.07.2005
Published:		22.07.2005
Source:		SECUNIA
SecurityVulns ID:		4972
Type:		remote
Level:		5/10
Description:		Multiple Web interface vulnerabilities: authentication bypass, DoS, crossite scripting.

Affected:		XEROX : WorkCentre 35
		XEROX : WorkCentre 45
		XEROX : WorkCentre 55
		XEROX : WorkCentre 65
		XEROX : WorkCentre 75
		XEROX : WorkCentre 90
		XEROX : WorkCentre 165
		XEROX : WorkCentre 175
		XEROX : WorkCentre 32
		XEROX : WorkCentre 40
		XEROX : WorkCentre Color 2128
		XEROX : WorkCentre Color 2636
		XEROX : WorkCentre Color 3545
		XEROX : WorkCentre M35
		XEROX : WorkCentre M45
		XEROX : WorkCentre M55
		XEROX : WorkCentre M165
		XEROX : WorkCentre M175

Original document		SECUNIA, [SA16167] Xerox MicroServer Web Server Multiple Vulnerabilities (22.07.2005)
		SECUNIA, [SA15970] Xerox WorkCentre Pro Multiple Vulnerabilities (08.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

KF Webserver protection bypass
Published:		22.07.2005
Source:		SECURITEAM
SecurityVulns ID:		5023
Type:		remote
Level:		5/10
Description:		By requesting resource like http://[victim_address]/All%20Disk%20Drives/C:/ it's p[ossible to access protected directory.

Affected:

KEYFOCUS : KF Web Server 2.5

Original document

SECURITEAM, [NT] KF WebServer Directory Traversal Vulnerability (22.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

BIG-IP multiple problems updated since 13.07.2005
Published:		22.07.2005
Source:		SECUNIA
SecurityVulns ID:		4996
Type:		remote
Level:		5/10
Description:		Certificates handling problem allows to bypass authentication process.

Affected:		F5 : 3-DNS Controller 4.5
		F5 : 3-DNS Controller 4.6
		F5 : BIG-IP 9.1
		F5 : BIG-IP 9.0

Original document		SECUNIA, [SA16159] F5 Networks BIG-IP / 3-DNS Multiple Vulnerabilities (22.07.2005)
		SECUNIA, [SA16008] BIG-IP Unspecified SSL Authentication Security Bypass (13.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities updated since 18.07.2005
Published:		22.07.2005
Source:
SecurityVulns ID:		5014
Type:		remote
Level:		5/10

Affected:		PHPBB : phpBB 2.0
		OPENBB : OpenBB 1.0
		UPB : Ultimate PHP Board 1.9
		CUTEPHP : CuteNews 1.3
		VPASP : VP-ASP 5.0
		PHPNEWS : PHPNews 1.2
		HOSTINGCONTROLLE : Hosting Controller 6.1
		PHPFUSION : PHP-Fusion 6.0
		PHPPGADMIN : phppgadmin 3.5
		PHPSLASH : phpSlash 0.7
		PHPSLASH : phpslash 0.8
		PHPPAGEPROTECT : PHPPageProtect 1.0
		CALOGIC : CaLogic 1.2
		PHPFINANCE : PHPFinance 0.3
		SEOBOARD : Seo-Board 1.0
		E107 : e107 0.6171
		REVIEWPOST : ReviewPost PHP PRO 2.0
		DVBBS : Dvbbs 7.1
		PHPSURVEYOR : PHP Surveyor 0.98
		CONTREXX : Contrexx 1.0
		HITACHI : Groupmax Web Workflow Server Set for Active Server Pages 6.52
		HITACHI : Groupmax Form for Active Server Pages 3.10
		PYROX : Pyrox Search 1.05
		CMSIMPLE : CMSimple 2.4
		DXXO : dxxo Count Web Statistics
		PHPSITESEARCH : PHPSiteSearch 1.7
		SENDCARD : sendcard 3.0
		CYBERSOURCE : Business Center

Original document		No Sue Please, [Full-disclosure] User privilege escalation exploit. (22.07.2005)
		SECUNIA, [SA16165] sendcard "id" SQL Injection Vulnerability (22.07.2005)
		SECUNIA, [SA16148] PHPNews "user" and "password" SQL Injection Vulnerability (22.07.2005)
		SECUNIA, [SA16149] phpBB BBcode "url" Script Insertion Vulnerability (22.07.2005)
		SECUNIA, [SA16156] PHPSiteSearch "query" Cross-Site Scripting Vulnerability (22.07.2005)
		SECUNIA, [SA16143] dxxo Count Web Statistics SQL Injection Vulnerability (22.07.2005)
		SECUNIA, [SA16144] Ultimate PHP Board Cross-Site Scripting and Script Insertion (22.07.2005)
		SECUNIA, [SA16147] CMSimple "search" Cross-Site Scripting Vulnerability (22.07.2005)
		SECUNIA, [SA16154] Pyrox Search "whatdoreplace" Cross-Site Scripting Vulnerability (22.07.2005)
		SECUNIA, [SA16135] Hitachi Groupmax Form and Web Workflow Server Set Denial of Service (22.07.2005)
		Christopher Kunz, [Full-disclosure] Advisory 11/2005: Multiple vulnerabilities in Contrexx (22.07.2005)
		morning_wood, [Full-disclosure] PHPTopSites (22.07.2005)
		r_i_t_b_15_(at)_yahoo.com, SQL Injection in Chinese ASP Webcounter (21.07.2005)
		ghc_(at)_ghc.ru, PHPNews SQL injection vulnerability (21.07.2005)
		PHPBB, phpBB 2.0.17 released (21.07.2005)
		thegreatone2176_(at)_yahoo.com, Multiple Vulnerabilities in PHP Surveyor (21.07.2005)
		SECUNIA, [SA16096] PHP-Fusion BBcode "color" CSS Code Insertion Vulnerability (20.07.2005)
		SECURITEAM, [EXPL] phpSlash Account Hijacking (Exploit) (20.07.2005)
		SECUNIA, [SA16131] DVBBS "showerr.asp" Cross-Site Scripting Vulnerability (20.07.2005)
		SECUNIA, [SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability (20.07.2005)
		SECUNIA, [SA16129] CuteNews "selected_search_arch" Cross-Site Scripting Vulnerability (20.07.2005)
		SECUNIA, [SA16117] e107 Nested BBcode Script Insertion Vulnerability (20.07.2005)
		SECURITEAM, [EXPL] OpenBB CID SQL Injection (Exploit) (20.07.2005)
		SECUNIA, [SA16051] SEO-Board "smilies_popup.php" Cross-Site Scripting (19.07.2005)
		SECUNIA, [SA13276] PHPFinance Logon Bypass Vulnerability (19.07.2005)
		SECUNIA, [SA16090] CaLogic "CLPATH" Arbitrary File Inclusion Vulnerability (19.07.2005)
		SECUNIA, [SA16110] PHPPageProtect Cross-Site Scripting Vulnerabilities (19.07.2005)
		DEBIAN, [SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability (19.07.2005)
		SECUNIA, [SA16115] Hosting Controller Multiple Vulnerabilities (18.07.2005)
		SECUNIA, [SA16104] VP-ASP Shopping Cart SQL Injection Vulnerabilities (18.07.2005)

Files:		OpenBB CID SQL Injection Exploit
Discuss:		Read or add your comments to this news (0 comments)

Small HTTP Server FTP Server directory traversal
Published:		22.07.2005
Source:		SECURITEAM
SecurityVulns ID:		5024
Type:		remote
Level:		5/10

Affected:

SMALL : Small HTTP server 3.05

Original document

SECURITEAM, [NT] sHTTP FTPServer Directory Traversal (22.07.2005)

Files:		sHTTP FTPServer Directory Traversal
Discuss:		Read or add your comments to this news (0 comments)