Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:22.11.2006
Source:
SecurityVulns ID:6847
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:POSTNUKE : PostNuke 0.7
 CUREPHP : CuteNews 1.4
 ETOMITE : Etomite CMS 0.6
 PERLFORUMS : Pearl Forums 2.4
 MGAPPLANIX : mg.applanix 1.3
 MXBB : mxBB calsnails module 1.06
 CONTENTNOW : ContentNow CMS 1.39
 IXPRIMCMS : Ixprim CMS 1.2
 TELAEN : Telaen 1.1
 RAPIDCLASSIFIED : Rapid Classified 3.1
 PHPOLL : PHPOLL 0.96
 RIALTO : Rialto 1.6
 SHOPPINGCATALOG : Shopping_Catalog 0.9
 DISCHUNARY : dicshunary 0.1
 ENOMPHP : enomphp 4.0
 DODOSMAIL : DodosMail 2.0
 LOUDMOUTH : LoudMouth 2.4
 BIRDBLOG : BirdBlog 1.4
 WABBIT : Wabbit PHP Gallery 0.9
 MALBUM : mAlbum 0.3
 LTWCALENDAR : ltwCalendar 4.2
 SEDITIO : Seditio 1.10
 LDU : LDU 8.0
 PHOTOCART : PhotoCart 3.9
 EARK : e-Ark 1.0
 PHPPC : phpPC 1.04
Original documentdocumentiss4m, phpPC 1.04 Multiples Remote File Inclusion (22.11.2006)
 documentDr Max Virus, Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities (22.11.2006)
 documentirvian, PhotoCart 3.9 (adminprint.php) Remote File Include Vulnerability (22.11.2006)
 documentsni-labs_(at)_sni-labs.com, Vulnerability in PostNuke (22.11.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: LDU <= 8.x Remote SQL Injection Vulnerability. (22.11.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability. (22.11.2006)
 documentlaurent gaffié, JiRos Links Manager[injection sql & xss permanent] (22.11.2006)
 documentlaurent gaffié, creadirectory [injection sql & xss] (22.11.2006)
 documentlaurent gaffié, Link Exchange Lite [injection sql] (22.11.2006)
 documentlaurent gaffié, aBitWhizzy [local file include] (22.11.2006)
 documentalireza hassani, [KAPDA]::Security analysis of cutenews 1.4.5 (22.11.2006)
 documentlaurent gaffié, The Classified Ad System [multiple xss & injection sql] (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, ltwCalendar => 4.2.1 Remote File Include Vulnerabilities (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, my little weblog => Cross Site Scripting (22.11.2006)
 documentlaurent gaffié, Classified System [injection sql] (22.11.2006)
 documenttux025_(at)_gmail.com, mAlbum v0.3 Multiple vulnerabilitizzz (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Wabbit PHP Gallery => 0.9 Remote Traversal Directory (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, BirdBlog => v1.4.0 Cross Site Scripting (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, LoudMouth => 2.4 Remote File Include Vulnerabilities (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, Telaen => 1.1.0 Remote File Include Vulnerability (22.11.2006)
 documentlaurent gaffié, klf-realty [injection sql] (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, enomphp => 4.0 Remote Traversal Directory (22.11.2006)
 documentAdvisory_(at)_Aria-Security.net, gNews Publisher SQL Injection Vulnerabilites (22.11.2006)
 documentlaurent gaffié, Rialto 1.6[admin login bypass & multiples injections sql] (22.11.2006)
 documentlaurent gaffié, eClassifieds [injection sql] (22.11.2006)
 documentthe_3dit0r_(at)_yahoo.com, PHPOLL => 0.96 Cross Site Scripting (22.11.2006)
 documentlaurent gaffié, ehomes [multiples injections sql] (22.11.2006)
 documentajannhwt_(at)_hotmail.com, ASPNuke <= 0.80 (register.asp) Remote SQL Injection Vulnerability (22.11.2006)
 documentbluespy.ok_(at)_gmail.com, PhpBB Module Dimension Remote File Include (22.11.2006)
 documentvitux.manis_(at)_gmail.com, Ixprim CMS 1.2 Remote File Include Vulnerability (22.11.2006)
 documentrevenge, ContentNow CMS 1.39 Sql Injection + Path Disclosure Vulnerabilities (22.11.2006)
 documentrevenge, ContentNow CMS 1.39 'pageid' Sql Injection + Path Disclosure Vulnerabilities (22.11.2006)
 documentrevenge, Etomite CMS 0.6.1.2 Vulnerabilities + ContenNow 1.39 Vulnerabilities + Exploits (22.11.2006)
Files:Exploits Etomite CMS Remote Command Execution
 Exploits Etomite CMS "id" SQL Injection
 Exploits ContentNow "pageid" Sql Injection
 Telaen => 1.1.0 Remote File Include Vulnerability Exploit
 Shopping_Catalog Remote File Include exploit
 dicshunary 0.1 alpha Remote File Inclusion Exploit
 DodosMail <= 2.0.1(dodosmail.php) Remote File Inclusion Exploit
 mg.applanix <= 1.3.1 Remote File Include Exploit
 mxBB calsnails module 1.06 Remote File Inclusion Exploit
 MyAlbum <= 3.02 (langs_dir) Remote File Inclusion Exploit
 e-Ark project Remote File Inclusion Exploit

CA BrightStor ARCserve Backup buffer overflow
Published:22.11.2006
Source:
SecurityVulns ID:6848
Type:remote
Threat Level:
6/10
Description:Buffer overflow on parsing TCP/6502 data.
Affected:CA : Brightstor ARCserve Backup 11.5
Original documentdocumentadvisories_(at)_lssec.com, LS-20061113 - CA BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability (22.11.2006)

My Firewall Plus privilege escalation
Published:22.11.2006
Source:
SecurityVulns ID:6849
Type:local
Threat Level:
5/10
Description:explorer.exe is launched with local system privileges.
Affected:MYFIREWALL : My Firewall Plus 5.0
Original documentdocumentSECUNIA, Secunia Research: My Firewall Plus Privilege Escalation Vulnerability (22.11.2006)

VMWare VirtualClient cryptography protection bypass
Published:22.11.2006
Source:
SecurityVulns ID:6850
Type:m-i-t-m
Threat Level:
5/10
Description:SSL server certificate is not checked by client.
Affected:VMWARE : VirtualCenter 2.0
Original documentdocumentVMWARE, VMSA-2006-0010 - SSL sessions not authenticated by VC Clients (22.11.2006)

PassGo SSO Plus weak permissions
Published:22.11.2006
Source:
SecurityVulns ID:6851
Type:local
Threat Level:
5/10
Description:Weak installation folder permissions.
Affected:PASSGO : SSO Plus 2.1
Original documentdocumentSECUNIA, Secunia Research: PassGo SSO Plus Insecure Default Directory Permissions (22.11.2006)

XMPlay buffer overflow
Published:22.11.2006
Source:
SecurityVulns ID:6852
Type:client
Threat Level:
6/10
Description:Buffer overflow on .ASX and .M3U files parsing.
Affected:UN4SEEN : XMPlay 3.3
Files:0-day XMPlay 3.3.0.4 .ASX Filename Buffer Overflow Exploit
 0-day XMPlay 3.3.0.4 .M3U Filename Buffer Overflow Exploit

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod