Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) updated since 21.08.2006
Published:		23.08.2006
Source:
SecurityVulns ID:		6520
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		WOLTLAB : Woltlab Burning Board 2.3
		JELSOFT : vBulletin 3.5
		JOOMLA : Joomla x-shop 1.7
		JOOMLA : Joomla Rssxt 1.0
		JOOMLA : Joomla Kochsuite 0.9
		JOOMLA : Joomla MamboWiki 0.9
		JOOMLA : Joomla poll 1.0
		MAMBO : Mambo Ako Comments 1.1
		MAMBO : Mambo com_cropimage 1.0
		SONIUM : Sonium Enterprise Adressbook 0.2
		SOLMETRA : Spaw Editor 1.7
		SOLMETRA : Spaw Editor 1.6
		XENOBB : XenoBB 2.2
		SPORTSPHOOL : SportsPHool 1.0
		PHLYMAIL : PHlyMail Lite 3.4
		LBLOG : LBlog 1.05
		WEBADMIN : WebAdmin 3.25
		MAMBO : MAMBO bigAPE-Backup 1.1
		TUTTINOVA : Tutti Nova 1.6
		DOLPHIN : Dolphin 5.2
		DOIKA : Doika guestbook 2.5
		CITYFORFREE : indexcity 1.0
		EMPIRE : Empire CMS 3.7
		DRUPAL : Drupal Easylinks 4.7
		DRUPAL : Drupal E-Commerce 4.7
		MAILWF : mail f/w 8.2
		TIKIWIKI : tikiwiki 1.9
		FANTASTICNEWS : Fantastic News 2.1
		CPANEL : cPanel 10.8
		ONEORZERO : OneOrZero Helpdesk 1.6
		TOENDA : ToendaCMS 1.0
		MAMBO : mtg_myhomepage Component For Mambo 4.5

Original document		SECUNIA, [SA21543] mail f/w system Mail Header Injection Vulnerability (23.08.2006)
		SECUNIA, [SA21604] Drupal E-commerce Module Script Insertion Vulnerabilities (23.08.2006)
		SECUNIA, [SA21603] Drupal Easylinks Module Script Insertion and SQL Injection (23.08.2006)
		SECUNIA, [SA21584] Empire CMS "check_path" File Inclusion Vulnerability (23.08.2006)
		SECUNIA, [SA21536] TikiWiki "highlight" Cross-Site Scripting Vulnerability (23.08.2006)
		SECUNIA, [SA21565] indexcity SQL Injection and Script Insertion Vulnerabilities (23.08.2006)
		SECUNIA, [SA21549] Doika Guestbook "page" Script Insertion Vulnerability (23.08.2006)
		SECUNIA, [SA21560] Links Manager SQL Injection and Script Insertion Vulnerabilites (23.08.2006)
		SECUNIA, [SA21535] Dolphin "dir[inc]" File Inclusion Vulnerability (23.08.2006)
		h4ck3riran_(at)_yahoo.com, ToendaCMS <= 1.0.3 -(tcms_administer_site) Remote File Include (21.08.2006)
		outlaw_(at)_aria-security.net, Mambo Component - EstateAgent Remote File Inclusion (21.08.2006)
		outlaw_(at)_aria-security.net, Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln (21.08.2006)
		outlaw_(at)_aria-security.net, Mambo Component - Display MOSBot Manager Remote File Inclusion Vuln (21.08.2006)
		SECUNIA, [SA21572] Tutti Nova "TNLIB_DIR" File Inclusion Vulnerabilities (21.08.2006)
		SECUNIA, [SA21571] Fantastic News "CONFIG[script_path]" File Inclusion Vulnerability (21.08.2006)
		SECUNIA, [SA21574] Mambo bigAPE-Backup Component File Inclusion Vulnerability (21.08.2006)
		SECUNIA, [SA21558] WebAdmin Account Manipulation and Arbitrary File Disclosure (21.08.2006)
		SECUNIA, [SA21578] phpCodeGenie "BEAUT_PATH" File Inclusion Vulnerability (21.08.2006)
		SECUNIA, [SA21596] LBlog "id" SQL Injection Vulnerability (21.08.2006)
		SECUNIA, [SA21582] PHlyMail Lite "_PM_[path][handler]" File Inclusion Vulnerability (21.08.2006)
		SECUNIA, [SA21593] NES Game & NES System "phphtmllib" File Inclusion (21.08.2006)
		SECUNIA, [SA21594] SportsPHool "mainnav" File Inclusion Vulnerability (21.08.2006)
		SECUNIA, [SA21592] cPanel Multiple Cross-Site Scripting Vulnerabilities (21.08.2006)
		ZeberuS_(at)_ZeberuS.Com, WoltLab Burning Board 2.3.5(WBB) in XSS (21.08.2006)
		Chironex Fleckeri, LBlog <= "comments.asp" SQL Injection Exploit (21.08.2006)
		botan_(at)_linuxmail.org, [Kurdish Security # 23] Spaw Editor Remote Include Vulnerability (21.08.2006)
		outlaw_(at)_aria-security.net, Modification For OpenSEF Remote file Inclusion (21.08.2006)
		philipp.niedziela_(at)_gmx.de, Sonium Enterprise Adressbook Version 0.2 (folder) RFI (21.08.2006)
		vampire_chiristof_(at)_yahoo.com, OneOrZero Helpdesk V1.6.4.1 susceptible to SQL injection and XSS (21.08.2006)
		dicomdk_(at)_gmail.com, UPDATE vBulletin Version 3.5.4 exploit (21.08.2006)
		preth00nker_(at)_gmail.com, Multiple xxs cPanel 10 (21.08.2006)
		outlaw_(at)_aria-security.net, mambo-phphop Product Scroller Module R.F.I (21.08.2006)
		crackers_child_(at)_sibersavascilar.com, Mambo jim Component Remote Include Vulnerability (21.08.2006)
		crackers_child_(at)_sibersavascilar.com, contentpublisher Mambo Component Remote File Include Vulnerabilities (21.08.2006)
		bilkopat_(at)_hotmail.com, Mambo mambelfish Component <= 1.1 Remote File Include Vulnerability (21.08.2006)
		x0r0n_(at)_hotmail.com, Mambo com_cropimage 1.0 Component Remote Include Vulnerability (21.08.2006)
		outlaw_(at)_aria-security.net, Mambo CatalogShop Remote File Inclusion (21.08.2006)
		outlaw_(at)_aria-security.net, Ako Comments (mod) Remote File Inclusion (21.08.2006)
		erne_(at)_ernealizm.com, Joomla RFİ ( ERNE ) (21.08.2006)
		alireza hassani, [KAPDA::#55] - Joomla poll component vulnerability (21.08.2006)
		camino_(at)_sexmagnet.com, Joomla MamboWiki Component <= 0.9.4 (MamboLogin.php) Remote File Inclusion Vulnerability (21.08.2006)
		camino_(at)_sexmagnet.com, Joomla Kochsuite Component <= 0.9.4 (config.kochsuite.php) Remote File Inclusion Vulnerability (21.08.2006)
		crackers_child_(at)_sibersavascilar.com, anjel Mambo Component Remote File Include (21.08.2006)
		crackers_child_(at)_sibersavascilar.com, Joomla Rssxt <= 1.0 Remote File Include Vulnerability (21.08.2006)
		crackers_child_(at)_sibersavascilar.com, Joomla x-shop <= 1.7 Remote File Include Vulnerability (21.08.2006)
		outlaw_(at)_aria-security.net, mtg_myhomepage Component For Mambo R.F.I (21.08.2006)

Files:		vBulletin Version 3.5.4 exploit
Discuss:		Read or add your comments to this news (0 comments)

Linux SCTP privilege escalation
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6528
Type:		local
Level:		6/10

Affected:		LINUX : kernel 2.4
		LINUX : kernel 2.6

Original document

Avert, Linux Kernel SCTP Privilege Elevation Vulnerability (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

AK-Systems terminal unauthorized access
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6531
Type:		remote
Level:		5/10
Description:		Passwordless VNC access to device is possible.

Affected:		AKSYSTEMS : AK Windows терминал MP
		AKSYSTEMS : AK Windows терминал GP
		AKSYSTEMS : AK Windows терминал VPL

Original document

Victor Sudakov, unauthorized VNC access in AK-Systems Windows Terminals (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		23.08.2006
Source:
SecurityVulns ID:		6533
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		BLACKBOARD : Blackboard Learning System 6
		PHLYMAIL : PHlyMail Lite 3.4
		SIMPLEBLOG : SimpleBlog 2.0
		PHPROJEKT : PHProjekt 0.6

Original document		king-hacker_(at)_hotmail.fr, faille include in "VeriTECH" isreal (23.08.2006)
		Pr070n_(at)_gmail.com, BlackBoard Multiple Vulnerabilities (XSS) (23.08.2006)
		D3nGeR_(at)_Gmail.CoM, PHProjekt v0.6.1 Remote File Inclusion Vulnerability (2) (23.08.2006)
		D3nGeR_(at)_Gmail.CoM, PHlyMail Lite [PM_[path][lib]=] Remote File Include Vulnerability (23.08.2006)
		MC Iglo, Tons of SQL-injections and XSS in Eichhorn Portal and vendor page (23.08.2006)
		night_warrior-_(at)_hotmail.com, DieselPay İndex.php Cross-Site Scripting Vulnerability (23.08.2006)
		night_warrior-_(at)_hotmail.com, Smart Traffic Remote File Include Vulnerability (23.08.2006)
		night_warrior-_(at)_hotmail.com, Diesel Paid Mail getad.php Cross-Site Scripting Vulnerability (23.08.2006)
		night_warrior-_(at)_hotmail.com, Diesel Job Site forgot.php Cross-Site Scripting (23.08.2006)
		Chironex Fleckeri, SimpleBlog 2.0 <= "comments.asp" SQL Injection Exploit (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Cool Messenger Server SQL injection
Published:		23.08.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6534
Type:		remote
Level:		5/10
Description:		SQL injection with username.

Affected:

COOLMESSENGER : Cool Messenger Server 5.5

Original document

TAN Chew Keong, [Full-disclosure] [vuln.sg] Cool Messenger Server SQL Injection Vulnerability (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Cisco PIX / Adaptive Security Appliances / Firewall Services Module password reset
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6536
Type:		local
Level:		5/10
Description:		Under some conditions user password can be reset to some known value.

Affected:		CISCO : PIX 7.0
		CISCO : PIX 7.1
		CISCO : ASA 7.0
		CISCO : ASA 7.1
		CISCO : FWSM 3.1

Original document

CISCO, [Full-disclosure] Cisco Security Advisory: Unintentional Password Modification in Cisco Firewall Products (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Cisco VPN 3000 unauthorized FTP access
Published:		23.08.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6537
Type:		remote
Level:		6/10
Description:		It's possible to remove files and execute some FTP commands without authentication.

Affected:		CISCO : Cisco VPN 3005
		CISCO : Cisco VPN 3015
		CISCO : Cisco VPN 3030
		CISCO : Cisco VPN 3060
		CISCO : Cisco VPN 3020

Original document

CISCO, [Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator FTP Management Vulnerabilities (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

PowerZip buffer overflow
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6535
Type:		client
Level:		5/10
Description:		Buffer overflow on ZIP archive parsing.

Affected:

POWERZIP : PowerZip 7.06

Files:		PowerZip 7.06 Exploit
Discuss:		Read or add your comments to this news (0 comments)

Multiple Sun Solaris security vulnerabilities
Published:		23.08.2006
Source:		SECUNIA
SecurityVulns ID:		6538
Type:		local
Level:		6/10
Description:		Privilege escalation with Role-Based Access Control, privilege escalation with 'format' if granted "File System Management" or similar role.

Affected:		SUN : Solaris 8
		SUN : Solaris 9
		SUN : Solaris 10

Original document

SECUNIA, [SA21581] Sun Solaris RBAC Profile Privilege Escalation Vulnerabilities (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Alt-N MDaemon POP3 server buffer overflow
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6529
Type:		remote
Level:		7/10
Description:		Buffer overflow on oversized username with '@' character in USER/APOP command.

Affected:

ALT-N : MDaemon 9.05

Original document

infocus, Microsoft Outlook Express 6.00.2800.1409 (23.08.2006)

Files:		PoC for Mdaemon POP3 preauth heap overflow
		MDaemon Pre Authentication (USER) Heap Overflow
Discuss:		Read or add your comments to this news (0 comments)

Alt-N WebAdmin directory traversal
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6530
Type:		remote
Level:		5/10
Description:		Directory traversal in few applications of administration server.

Affected:

ALT-N : WebAdmin 3.24

Original document

TTG, TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

DoS против Symantec Enterprise Security Manager
Published:		23.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6532
Type:		remote
Level:		5/10
Description:		Malcrafted request can be used to lockup server and agent.

Affected:

SYMANTEC : Enterprise Security Manager 6.5

Original document

Avert, Symantec Enterprise Security Manager Denial-of-Service Vulnerability (23.08.2006)

Discuss:

Read or add your comments to this news (0 comments)