Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.02.2006
Source:
SecurityVulns ID:5815
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:NOAH : Classifieds 1.3
 PHPX : phpx 3.5
 DEVWMS : DEV web management system 1.5
 CUBECART : CubeCart 3.0
 RUNCMS : Runcms 1.3
 INFOVISTA : Infovista PortalSE 2.0
 TECASCRIPTS : Teca Diary PE 1.0
 MIRO : Oi! Email Marketing 3.0
 FCKEDITOR : FCKeditor 2.2
 NOCC : NOCC Webmail 1.0
 THINKHOST : iUser Ecommerce 2.1
 PHPLIB : PHPLIB 7.4
 WEBINSTA : WEBInsta Limbo 1.0
 CALCIUM : Calcium 3.10
 ICAL : iCal 3.10
Original documentdocumentSECUNIA, [SA19001] iCal "Calendar Text" Script Insertion Vulnerability (24.02.2006)
 documentSECUNIA, [SA19007] Calcium "EventText" Script Insertion Vulnerability (24.02.2006)
 documentSECUNIA, [SA18723] WEBInsta Limbo Contact Form Script Insertion Vulnerability (24.02.2006)
 documentSECUNIA, [SA18688] PHPX "url" XCode Script Insertion Vulnerability (24.02.2006)
 documentSECUNIA, [SA18714] DEV web management system "City/Region" Script Insertion (24.02.2006)
 documentSECUNIA, [SA16902] PHPLIB Unspecified Code Execution Vulnerability (24.02.2006)
 documentSECUNIA, [SA18903] iUser Ecommerce common.php File Inclusion Vulnerability (24.02.2006)
 documentSECUNIA, [SA19003] iUser Ecommerce Unspecified Vulnerabilities (24.02.2006)
 documentrgod_(at)_autistici.org, NOCC Webmail <= 1.0 multiple vulnerabilities (24.02.2006)
 documentNSA Group, NSA Group Security Advisory NSAG-№195-23.02.2006 Vulnerability FCKeditor 2.0 FC (24.02.2006)
 documentNSA Group, NSA Group Security Advisory NSAG-№196-23.02.2006 Vulnerability FCKeditor 2.2 (24.02.2006)
 documentNSA Group, NSA Group Security Advisory NSAG-№197-23.02.2006 Vulnerability CubeCart 3.0.0 – 3.0.6 (24.02.2006)
 documenth4cky0u, HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection (24.02.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Teca Diary PE SQL Injection Vulnerability (24.02.2006)
 documentalireza hassani, [KAPDA::#29]Noah's classifieds multiple vulnerabilities (24.02.2006)
 documentroozbeh afrasiabi, [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability (24.02.2006)
 documentadvisories_(at)_irmplc.com, IRM 017: Multiple Vulnerabilities in Infovista Portal SE (24.02.2006)
Files:NOCC Webmail <= 1.0 remote commands execution exploit through arbitrary local inclusion & attachment filename prediction

Metamail mail processor buffer overflow
Published:24.02.2006
Source:
SecurityVulns ID:5816
Type:remote
Threat Level:
6/10
Description:Buffer overflow on message parsing.
Affected:METAMAIL : metamail 2.7
Original documentdocumentMANDRIVA, [ MDKSA-2006:047 ] - Updated metamail packages fix vulnerability (24.02.2006)

The Bat mail agent buffer overflow
Published:24.02.2006
Source:
SecurityVulns ID:5817
Type:client
Threat Level:
6/10
Description:Buffer overflow on oversied Subject field.
Affected:RITLABS : The Bat! 3.60
Original documentdocumentNSA Group, NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability The Bat v. 3.60.07 (24.02.2006)

IPSwitch WhatsUp network managment application DoS
Published:24.02.2006
Source:
SecurityVulns ID:5818
Type:remote
Threat Level:
5/10
Description:Malformed requests to Web interface lead to CPU exhaustion.
Affected:IPSWITCH : WhatsUp Professional 2006
Original documentdocumentJosh Zlatin, IpSwitch WhatsUp Professional 2006 DoS (24.02.2006)

Mozilla Thunderbird code execution
Published:24.02.2006
Source:
SecurityVulns ID:5819
Type:remote
Threat Level:
5/10
Description:IFRAME SRC attribute allows javascript execution.
Affected:MOZILLA : Thunderbird 1.0
Original documentdocumentRenaud Lifchitz, Mozilla Thunderbird : Remote Code Execution & Denial of Service (24.02.2006)

Visnetic AntiVirus Plug-in for MailServer privilege escalation
Published:24.02.2006
Source:
SecurityVulns ID:5821
Type:local
Threat Level:
5/10
Description:External application choosen by user is invoked with Local System privileges.
Affected:DEERFIELD : Visnetic AntiVirus Plug-in for MailServer 4.6
Original documentdocumentSECUNIA, Secunia Research: Visnetic AntiVirus Plug-in for MailServer Privilege Escalation (24.02.2006)

WinAce archiver ARJ archives buffer overflow
Published:24.02.2006
Source:
SecurityVulns ID:5822
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized ARJ header.
Affected:WINACE : WinACE 2.60
Original documentdocumentSECUNIA, Secunia Research: WinACE ARJ Archive Handling Buffer Overflow (24.02.2006)

Adobe Macromedia Shockwave ActiveX element buffer overflow
Published:24.02.2006
Source:
SecurityVulns ID:5823
Type:client
Threat Level:
6/10
Description:Buffer overflow in ActiveX element.
Original documentdocumentZDI, ZDI-06-002: Adobe Macromedia ShockWave Code Execution (24.02.2006)

POPFile mail classification tool DoS
Published:24.02.2006
Source:
SecurityVulns ID:5824
Type:client
Threat Level:
5/10
Description:Service crash on e-mail headers parsing.
Affected:POPFILE : POPFile 0.22
Original documentdocumentSECUNIA, [SA18975] POPFile Email Message Handling Denial of Service (24.02.2006)

MUTE file sharing peering networks server spoofing
Published:24.02.2006
Source:
SecurityVulns ID:5825
Type:client
Threat Level:
5/10
Description:By spoofing mWebCache it's possible to make client to connect to specified IP address.
Affected:MUTE : Mute 0.4
Original documentdocumentSECUNIA, [SA18980] MUTE P2P File Sharing Host Selection Weakness (24.02.2006)

Perl Crypt::CBC module weak cryptography
Published:24.02.2006
Source:
SecurityVulns ID:5827
Type:library
Threat Level:
6/10
Description:Invalid Initialization vector generation algorithm for block cyphers with blocks different from 8 bytes (Rijndael).
Affected:PERL : Crypt::CBC 2.16
Original documentdocumentLincoln Stein, Vulnerability in Crypt::CBC Perl module, versions <= 2.16 (24.02.2006)

Multiple ArGoSoft Mail Server Pro security vulnerabilities
updated since 24.02.2006
Published:28.02.2006
Source:
SecurityVulns ID:5826
Type:remote
Threat Level:
6/10
Description:Information leak with POP3 _DUMP command, directory traversal with IMAP RENAME command, directory traversal and crossite scripting with Web interface.
Affected:ARGOSOFT : ArGoSoft Mail Server Pro 1.8
Original documentdocumentSECUNIA, Secunia Research: ArGoSoft Mail Server Pro viewheaders Script Insertion (28.02.2006)
 documentNSA Group, NSA Group Security Advisory NSAG-№200-24.02.2006 Vulnerability ArGoSoft Mail Server Pro IMAP (24.02.2006)
 documentNSA Group, NSA Group Security Advisory NSAG-№198-23.02.2006 Vulnerability ArGoSoft Mail Server Pro (24.02.2006)

zoo buffer overflow
updated since 24.02.2006
Published:16.03.2006
Source:
SecurityVulns ID:5820
Type:local
Threat Level:
5/10
Affected:ZOO : zoo 2.10
Original documentdocumentGENTOO, [ GLSA 200603-12 ] zoo: Buffer overflow (16.03.2006)
 documentJean-Sébastien Guay-Leroux, zoo contains exploitable buffer overflows (24.02.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod