Privilege escalation in IBM AIX rm_mlcache_file with file overwrite updated since 18.04.2006
Published:		24.04.2006
Source:		SECUNIA
SecurityVulns ID:		6022
Type:		local
Level:		5/10
Description:		Race conditions on temporary file creation.

Affected:		IBM : AIX 5.1
		IBM : AIX 5.2
		IBM : AIX 5.3

Original document		NSFOCUS, NSFOCUS SA2006-03 : IBM AIX rm_mlcache_file Local Race Condition Vulnerability (24.04.2006)
		SECUNIA, [SA19656] IBM AIX rm_mlcache_file Arbitrary File Overwrite (18.04.2006)

Discuss:

Read or add your comments to this news (0 comments)

csDoom / Vavoom / Zdaemon / Doomsday / Skulltag Doom clone game engines multiple vulnerabilities updated since 27.03.2006
Published:		24.04.2006
Source:		ALUIGI
SecurityVulns ID:		5947
Type:		remote
Level:		5/10
Description:		Buffer overflows, format string vulnerabilities, DoS confitions.

Affected:		CSDOOM : csDoom 0.7
		VAVOOM : Vavoom 1.19
		DOOMSDAY : Doomsday 1.8
		SKULLTAG : Skulltag 0.96

Original document		Luigi Auriemma, [Full-disclosure] Format string bug in Skulltag 0.96f (24.04.2006)
		Luigi Auriemma, [Full-disclosure] Format string in Doomsday 1.8.6 (04.04.2006)
		Luigi Auriemma, Buffer-overflow and in-game crash in Zdaemon 1.08.01 (02.04.2006)
		Luigi Auriemma, Socket unreachable and decompression buffer-overflow in Vavoom 1.19.1 (27.03.2006)
		Luigi Auriemma, Multiple vulnerabilities in csDoom 0.7 (27.03.2006)

Files:		Exploits csDoom <= 0.7 multiple vulnerabilities
		Exploits Skulltag <= 0.96f format string
		Exploits Vavoom <= 1.19.1 multiple vulnerabilities
		Exploits Zdaemon buffer overflow
		Exploits Zdaemon fake player DoS
Discuss:		Read or add your comments to this news (0 comments)

AIX mklvcopy vulnerability updated since 16.03.2006
Published:		24.04.2006
Source:		SECUNIA
SecurityVulns ID:		5899
Type:		remote
Level:		5/10
Description:		Insecure external application execution by relative path.

Affected:

IBM : AIX 5.3

Original document		NSFOCUS, NSFOCUS SA2006-02 : IBM AIX mklvcopy Local Privilege Escalation Vulnerability (24.04.2006)
		SECUNIA, [SA19235] AIX "mklvcopy" Command Unspecified Vulnerability (16.03.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		24.04.2006
Source:
SecurityVulns ID:		6040
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		CLANSYS : Clansys 1.1
		RATEIT : RateIt 2.2
		FLEXBB : FlexBB 0.5
		BKFORUM : BK Forum 4.0
		SCRY : Scry Gallery 1.1
		TOTALCALENDAR : TotalCalendar 2.30

Original document		omnipresent_(at)_email.it, RIblog Remote SQL Injection Exploit (24.04.2006)
		Aesthetico, [MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability (24.04.2006)
		n0m3rcy_(at)_bsdmail.org, BK Forum <= 4.0 Remote SQL Injection (24.04.2006)
		Aditya_(at)_Metaeye.Org, XSS Bug in OpenGear Server Website (24.04.2006)
		n0m3rcy_(at)_bsdmail.org, FileLodge Bolt (showonlineusers.php) Cross-Site Scripting Vulnerbility (24.04.2006)
		Aliaksandr Hartsuyeu, [eVuln] RateIt SQL Injection Vulnerability (24.04.2006)
		arko.dhar_(at)_gmail.com, Scry Gallery XSS Vulnerability (24.04.2006)
		Mustafa Can Bjorn IPEKCI, [Full-disclosure] Advisory: Clansys <= 1.1 PHP Code Insertion Vulnerability. (24.04.2006)

Files:		FlexBB Exploit [ function/showprofile.php ] Remote SQL Injection
Discuss:		Read or add your comments to this news (0 comments)

Fenice OMS Open Media Streaming Server multiple security vulnerabilities
Published:		24.04.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6041
Type:		remote
Level:		5/10
Description:		Buffer overflow on URI parsing, integer overflow on Content-Length.

Affected:

FENICE : Fenice 1.10

Original document

Luigi Auriemma, [Full-disclosure] Buffer-overflow and crash in Fenice OMS 1.10 (24.04.2006)

Files:		Fenice - Open Media Streaming Server remote BOF exploit
		Fenice OMS server (fenice-1.10.tar.gz) remote root exploit
Discuss:		Read or add your comments to this news (0 comments)

OpenTTD, Transport Tycoon Deluxe game clone denial of service
Published:		24.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		6042
Type:		remote
Level:		5/10
Description:		Program abort on getting some error codes from client.

Affected:

OPENTTD : OpenTTD 0.4

Original document

Luigi Auriemma, [Full-disclosure] Denial of service bugs in OpenTTD 0.4.7 (24.04.2006)

Files:		Exploits OpenTTD <= 0.4.7 multiple vulnerabilities
Discuss:		Read or add your comments to this news (0 comments)

Gnome gdm race conditions
Published:		24.04.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6043
Type:		local
Level:		6/10
Description:		Race conditions on handling .ICEauthority file.

Affected:

GNOME : gdm 2.6

Original document

DEBIAN, [Full-disclosure] [SECURITY] [DSA 1040-1] New gdm packages fix local root exploit (24.04.2006)

Discuss:

Read or add your comments to this news (0 comments)