Search:Vulnerability:24.07.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

BT Voyager wireless routers information leak
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6394
Type: remote
Level: 5/10
Description: It's possible to access backup configuration file and PPP account data without authentication.

Affected: BT : Voyager 2091

Original document pagvacito, bugtraq@securityfocus.com (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

Novell firewall client privilege escalation
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6395
Type: local
Level: 5/10
Description: "Save Configuration As..." dialog allows execute application with Local System privilege.

Affected: NOVELL : Novell Client Firewall 2.0

Original document SECUNIA, [SA21161] Novell Client Firewall Privilege Escalation Vulnerability (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

Cheese Tracker buffer overflow
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6397
Type: client
Level: 5/10
Description: Buffer overflow on XM format files parsing.

Affected: CHEESTRACKER : Cheese Tracker 0.9

Original document Luigi Auriemma, Buffer-overflow in the XM loader of Cheese Tracker 0.9.9 (24.07.2006)

Files: Exploits Cheese Tracker <= 0.9.9 possible code execution
Discuss: Read or add your comments to this news (0 comments)

libdumb library buffer overflow
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6398
Type: library
Level: 5/10
Description: Buffer overflow on parsing IR music files format.

Affected: DUMB : libdumb 0.9

Original document DEBIAN, [Full-disclosure] [SECURITY] [DSA 1123-1] New libdumb packages fix arbitrary code execution (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

Rocks Clusters privilege escalation
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6390
Type: local
Level: 5/10
Description: "mount-loop" and "umount-loop" suid application privilege escalation.

Affected: ROCKSCLUSTERS : Rocks Clusters 4.1

Original document Xavier, Rocks Clusters <=4.1 local root (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

Sun Solaris information leak
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6392
Type: local
Level: 6/10
Description: sysinfo() function leaks kernel memory content.

Affected: SUN : Solaris 10

Original document IDEFENSE, iDefense Security Advisory 07.20.06: Sun Microsystems Solaris sysinfo() Kernel Memory Disclosure Vulnerability (24.07.2006)

Files: Exploits Solaris <= 10 sysinfo() kernel memory information leak
Discuss: Read or add your comments to this news (0 comments)

VMWare for Unix weak permissions
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6393
Type: local
Level: 5/10
Description: Under specific condition remoteadministration private key file may be created world-readable.

Original document VMWARE, VMSA-2006-0003 VMware possible incorrect permissions on SSL key files (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

Tippingpoint aplianca protection bypass
Published: 24.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6396
Type: remote
Level: 6/10
Description: Attacker can force firewall to switch to layer 2 filtering mode.

Original document Andres Riancho, [CYBSEC] TippingPoint detection bypass (24.07.2006)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 24.07.2006
Source:
SecurityVulns ID: 6389
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : phpBB 2.0
PROXY2 : Advanced Poll 2.02
HIKIWIKI : Hiki 0.6
DELUXEBB : DeluxeBB 1.07
MINIBB : MiniBB 1.5
SOFTCOMPLEX : phpEventCalendar 1.4
SWSOFT : Plesk control panel 8.0
OWASP : WebScarab 20060621-0003
MAMBO : ExtCalendar Mambo Module
HDWEGUEST : hdweGUEST 2.1
IMANAGE : iManage CMS 4.0
PLANETC : planetGallery 22.05.2006
SITEDEPTH : SiteDepth CMS 3.01
PHPFABER : TopSites 2.0
TOPXL : Top XL 1.1
LOUDBLOG : LoudBlog 0.5
CHAMELEON : Chameleon LE 1.203
PHPBB : Advanced Guestbook for phpBB 2.4
BLACKBOARD : Blackboard Academic Suite 6.2
VANILLA : Vanilla CMS 1.0
BLOGCMS : BLOG:CMS 4.0
FSCRIPTS : Fantastic Guestbook 2.0
PHORUM : Phorum 5.1
CALENDARMODULE : Calendar Module 1.5
ICEWARP : IceWarp Web Mail 5.6
KEYIF : Keyif Portal 2.0
MAMBO : New Article Mambo Component 1.0
OSDATE : OSdate 1.1
FIREMOUSE : Fire-Mouse TopList 1.1
PHPLIVE : PHP Live! 3.2
INVISION : Invision Power Board 2.1
PHPPOST : PHP-Post 1.0
VISNETIC : Visnetic Mail Server 8.3
SQUERY : SQuery 4.5
MYBB : MyBB 1.1
VBZOOM : VBZooM 1.11
ESKOLAR : Eskolar CMS 0.9
LISTMESSENGER : ListMessenger 0.9
MAMBO : Calendar Mambo Module1.5
PHPPOST : PHP-Post 0.21

Original document Saudi Hackrz, PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities (24.07.2006)

mfoxhacker_(at)_gmail.com, [KurdishVanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.] (24.07.2006)

botan_(at)_linuxmail.org, [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] (24.07.2006)

document Silitix, DotClear : Multiples Full Path Disclosure (24.07.2006)

Aesthetico, [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure (24.07.2006)

harbl_(at)_hushmail.com, Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability (24.07.2006)

document mail_(at)_blue-spy.net, Com Multibanners Remote File Inclusion (mosConfig_absolute_path) (24.07.2006)

mail_(at)_sipplah.com, SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) (24.07.2006)

botan_(at)_linuxmail.org, [Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] (24.07.2006)

document AG Spider, MiniBB Forum <= 1.5a Remote File Include (news.php) (24.07.2006)

DEBIAN, [SECURITY] [DSA 1119-1] New hiki packages fix denial of service (24.07.2006)

Aesthetico, [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting (24.07.2006)

Aesthetico, [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities (24.07.2006)

document omnipresent_(at)_email.it, MicroGuestBook Remote XSS Attack (24.07.2006)

AG Spider, MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) (24.07.2006)

chris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion (24.07.2006)

document Chris Norton, Unidomedia Chameleon LE/Pro Directory Traversal (24.07.2006)

Aesthetico, [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure (24.07.2006)

Aesthetico, [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability (24.07.2006)

Aesthetico, [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability (24.07.2006)

document RedTeam Pentesting, Advisory: Remote command execution in planetGallery (24.07.2006)

matdhule_(at)_gmail.com, [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion (24.07.2006)

sledge_(at)_paradise.net.nz, AFCommerce Shopping Cart (24.07.2006)

binary.loc_(at)_gmail.com, osDate 1.1.7 multiple vulnerabilities (24.07.2006)

document tamriel_(at)_gmx.net, hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities (24.07.2006)

Saudi Hackrz, ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities (24.07.2006)

security_(at)_moritz-naumann.com, WebScarab <= 20060621-0003 cross site scripting (24.07.2006)

document Jessica Hope, DeluxeBB mutiple vulnerabilities (24.07.2006)

farhadkey_(at)_kapda.ir, [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability (24.07.2006)

tamriel_(at)_gmx.net, Professional PHP Tools Guestbook Multiple Vulnerabilities (24.07.2006)

document ssteam.pl_(at)_gmail.com, Cross Site Scripting Vulnerability in Zoho Virtual Office (24.07.2006)

matdhule_(at)_gmail.com, New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities (24.07.2006)

matdhule_(at)_gmail.com, Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities (24.07.2006)

document x0r0n_(at)_hotmail.com, ListMessenger v0.9.3 Remote File Inclusion Vulnerability (24.07.2006)

x0r0n_(at)_hotmail.com, Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download (24.07.2006)

SECUNIA, Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities (24.07.2006)

document SECUNIA, Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities (24.07.2006)

vuln.invent_(at)_gmail.com, Plesk Control Panel <= 8.0.0 XSS vulnerability (24.07.2006)

chris_hasibuan_(at)_yahoo.com, PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion (24.07.2006)

document matdhule_(at)_gmail.com, Calendar Module <= 1.5.7 Remote File Include Vulnerabilities (24.07.2006)

rst_(at)_ghc.ru, Invision Power Board 2.1 <= 2.1.6 sql injection (24.07.2006)

omnipresent_(at)_email.it, Fantastic Guestbook v2.0.1 Advisory (24.07.2006)

Breeeeh_(at)_hotmail.com, VBZooM <=V1.11 "sub-join.php" SQL Injection (24.07.2006)

document Chironex Fleckeri, SubberZ[Lite] - Remote File Include (24.07.2006)

Breeeeh_(at)_hotmail.com, VBZooM <=V1.11 " ignore-pm.php" SQL Injection (24.07.2006)

matdhule_(at)_gmail.com, MiniBB Forum <= 1.5a Remote File Include Vulnerabilities (24.07.2006)

Breeeeh_(at)_hotmail.com, VBZooM <=V1.11 " reply.php" SQL Injection (24.07.2006)

document Breeeeh_(at)_hotmail.com, VBZooM "sendmail.php" SQL Injection (24.07.2006)

securityconnection_(at)_gmail.com, Phorum 5.1.14 XSS SQL injection Vulnerability (24.07.2006)

Xavier, Rocks Clusters <=4.1 local root (24.07.2006)

Breeeeh_(at)_hotmail.com, MyGallery "Room.php" SQL Injection (24.07.2006)

document renatrix_(at)_gmail.com, XSS phpBB 2.0.21 in administration (24.07.2006)

Breeeeh_(at)_hotmail.com, saphp "add.php" forumid Parameter SQL Injection (24.07.2006)

Files: Exploits LoudBlog <= 0.5 'id' SQL injection / admin credentials disclosure
Eskolar CMS 0.9.0.0 Blind SQL Injection Exploit and bypass admin logon vulnerability
SQuery <= 4.5(libpath) Remote File Inclusion Exploit
MyBulletinBoard (MyBB) <= 1.1.5 'CLIENT-IP' SQL injection / create new admin exploit
boastMachine <= 3.1 SQL Injection Exploit
Invision Power Board v2.1 <= 2.1.6 sql injection exploit
Discuss: Read or add your comments to this news (0 comments)

Shockwave crossite scripting
updated since 24.07.2006
Published: 17.08.2006
Source: BUGTRAQ
SecurityVulns ID: 6391
Type: client
Level: 6/10
Description: Crossite access to cookies and document data is possible.

Original document Amit Klein (AKsecurity), Technical note by Amit Klein: "Sending arbitrary HTTP requests with Flash 7/8 (+IE 6.0)" (17.08.2006)

Amit Klein (AKsecurity), Technical note: under some conditions, it's possible to steal HTTP credentials using Flash (15.08.2006)

Amit Klein (AKsecurity), Sending multipart/form-data requests from Flash (with arbitrary headers) (11.08.2006)

document Amit Klein (AKsecurity), Write-up by Amit Klein: "Forging HTTP request headers with Flash" (25.07.2006)

spammeanddie_(at)_msn.com, Crtical Shockwave Embeded XSS Execution (24.07.2006)

Discuss: Read or add your comments to this news (1 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin