Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		23.05.2006
Source:
SecurityVulns ID:		6170
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		XOOPS : xoops 2.0
		PUNBB : PunBB 1.2
		PHPCOMMUNITYCALE : phpCommunityCalendar 4.0
		PHPWCMS : phpwcms 1.2
		MYBB : MyBB 1.1
		PHPRAID : phpRaid 2.9
		HIOX : Hiox Guestbook 3.1
		CAPTIVATE : Captivate 1.0
		DESTINEY : Destiney Links Script 2.1
		DESTINEY : Destiney Rated Images Script 0.5
		POWERPLACE : PHP Easy Galerie 1.1
		CODEAVALANCHE : CANews 1.2
		ARTMEDIC : Artmedic Newsletter 4.1
		PERLPODDER : perlpodder 0.4
		PRODDER : Prodder 0.4
		FUSION : Fusion News 1.0
		UBB : UBB.threads 6.4
		NUCLEUSCMS : nucleus 3.22
		DOCEBO : Docebo 3.0
CVE:		CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php in Docebo 3.0.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[where_framework] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability. This issue is similar to CVE-2006-2576 and CVE-2006-3107, but the vectors are different.)

Original document		Kacper, Docebo 3.0.3/DoceboCMS,DoceboKms,DoceboLms,DoceboCore,DoceboScs - Remote File Include Vulnerabilities (23.05.2006)
		MILW0RM, phpCommunityCalendar 4.0.3 Multiple Vulnerabilites (23.05.2006)
		MILW0RM, UBB.threads >= 6.4.x Remote File Inclusion (23.05.2006)
		RedTeam Pentesting, Prodder Remote Arbitrary Command Execution (23.05.2006)
		RedTeam Pentesting, Perlpodder Remote Arbitrary Command Execution (23.05.2006)
		c.j.schmitz_(at)_gmx.de, Remote Code Execution in artmedic Newsletter 4.1 [log.php] (23.05.2006)
		TeufeL Online, phpRaid "view.php" XSS Vulnerability (23.05.2006)
		outlaw_(at)_aria-security.net, Beoped Portal XSS (23.05.2006)
		omnipresent_(at)_email.it, CANews Multiple Vulnerabilities (23.05.2006)
		alireza hassani, mybb v1.1.1(rss.php) SQL Injection Exploit (23.05.2006)
		alireza hassani, [KAPDA::#43] - phpwcms multiple vulnerabilities (23.05.2006)
		craziest_(at)_gmail.com, PHP Easy Galerie Index.PHP Remote File Include Vulnerability (23.05.2006)
		luny_(at)_youfucktard.com, Captivate 1.0 - XSS Vuln (23.05.2006)
		luny_(at)_youfucktard.com, Destiney Links Script v2.1.2 (23.05.2006)
		luny_(at)_youfucktard.com, Destiney Rated Images Script v0.5.0 - XSS Vulnv (23.05.2006)
		k4p0k4p0_(at)_hotmail.com, PunBB 1.2.11 Cross site scripting (23.05.2006)
		luny_(at)_youfucktard.com, Hiox Guestbook 3.1 (23.05.2006)

Files:		XOOPS <= 2.0.13.2 'xoopsOption[nocommon]' exploit
		Fusion News v.1.0 Remote File Inclusion Exploit
		Nucleus <= 3.22 arbitrary remote inclusion exploit
Discuss:		Read or add your comments to this news (0 comments)

Mozilla / Firefox / Netscape exceptions information leak
Published:		23.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6171
Type:		client
Level:		4/10
Description:		On exception raise message contains path to application installation and sometimes user's profile path.

Affected:		MOZILLA : Mozilla 1.7
		MOZILLA : Firefox 1.0
		NETSCAPE : Netscape 8.1
		MOZILLA : Firefox 1.5

Original document

MILW0RM, Firefox 1.5.0.3 Flaw - Page can obtain path to Mozilla installation or profile by examining JavaScript exceptions (23.05.2006)

Files:		Mozilla exception information leak demonstration
Discuss:		Read or add your comments to this news (0 comments)

Java applets stack overflow
Published:		23.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6173
Type:		remote
Level:		5/10
Description:		Recursive array definition leads to stack overflow.

Affected:		SUN : JDK 1.4
		ORACLE : JRE 1.4
		SUN : JRE 1.5
		SUN : JDK 1.5

Original document

Marc Schoenefeld, Generic Browser Crash with Java 1.4.2_11, Java 1.5.0_06 (23.05.2006)

Files:		Java recursive array memory DoS
Discuss:		Read or add your comments to this news (0 comments)

Novell eDirectory Novell Directory Service buffer overflow
Published:		23.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6175
Type:		remote
Level:		7/10
Description:		iMonitor NDS Server buffer overflow (HTTP TCP/8028, HTTPS TCP/8038) on oversized URI in NDS path.

Affected:		NOVELL : eDirectory 8.8
		NOVELL : iMonitor 2.4

Original document

ZDI, ZDI-06-016: Novell eDirectory 8.8 NDS Server Buffer Overflow Vulnerability (23.05.2006)

Files:		Exploits eDirectory 8.8 iMonitor Remote Stack Overflow (metaframe)
Discuss:		Read or add your comments to this news (0 comments)

Novell client unauthorized clipboard access
Published:		23.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6172
Type:		local
Level:		5/10
Description:		Copy/Paste cliboard operations are available from console unlock screen.

Affected:		NOVELL : Novell Client for Windows 4.8
		NOVELL : Novell Client for Windows 4.9

Original document

Eitan Caspi, Novell Client login form enables reading and writing from and to the clipboard of the logged-in user (23.05.2006)

Discuss:

Read or add your comments to this news (0 comments)

HP-UX DoS
Published:		23.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6174
Type:		local
Level:		5/10

Affected:

HP : HP-UX 11.00

Original document

security-alert_(at)_hp.com, [security bulletin] HPSBUX02120 SSRT051057 rev.1 - HP-UX Local Denial of Service (DoS) (23.05.2006)

Discuss:

Read or add your comments to this news (0 comments)

EMC Retrospect backup client buffer overflow
Published:		23.05.2006
Source:		BUGTRAQ
SecurityVulns ID:		6176
Type:		remote
Level:		7/10
Description:		Buffer overflow on parsing TCP/497 packet.

Affected:

EMC : Retrospect 7.5 Client for Windows

Original document

ACROS Security, ACROS Security: Buffer Overflow In EMC (previously Dantz) Retroclient Service (23.05.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Linksys/ ZyXel / Edimax / Sitecom routers UPnP problems updated since 23.05.2006
Published:		14.10.2006
Source:		SECURITYVIEWS
SecurityVulns ID:		6177
Type:		remote
Level:		7/10
Description:		UPnP AddPortMapping request requires no authentication. It makes it possible to create mapping between any external port and internal IP/port. Additionally, insufficient paramters validation allows code execution on router itself.

Affected:		LINKSYS : WRT54G
		ZYXEL : P-335WT
		EDIMAX : BR-6104K
		SITECOM : WL-153 MIMO XR
		LINKSYS : WRT54GX2

Original document

SECUNIA, [SA22326] Linksys WRT54GXv2 Insecure Universal Plug and Play Configuration (14.10.2006)

Files:		How does the UPnP flaw works
Discuss:		Read or add your comments to this news (0 comments)