 |
|
|
|
| Rocks Clusters privilege escalation | | Published: |  | 24.07.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6390 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | "mount-loop" and "umount-loop" suid application privilege escalation. |
| Sun Solaris information leak | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6392 | | Type: | | local | | Level: | | 6/10 | | Description: | | sysinfo() function leaks kernel memory content. |
| VMWare for Unix weak permissions | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6393 | | Type: | | local | | Level: | | 5/10 | | Description: | | Under specific condition remoteadministration private key file may be created world-readable. |
| Tippingpoint aplianca protection bypass | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6396 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Attacker can force firewall to switch to layer 2 filtering mode. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 24.07.2006 | | Source: | | | | SecurityVulns ID: | | 6389 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | Saudi Hackrz, PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities (24.07.2006) |
| | | mfoxhacker_(at)_gmail.com, [KurdishVanilla CMS <= 1.0.1 (RootDirectory) Remote file inclusion Vuln.] (24.07.2006) |
| | | botan_(at)_linuxmail.org, [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla] (24.07.2006) |
| | | Silitix, DotClear : Multiples Full Path Disclosure (24.07.2006) |
| | | Aesthetico, [MajorSecurity #23] BLOG:CMS <= 4.0.0j - XSS and cookie disclosure (24.07.2006) |
| | | harbl_(at)_hushmail.com, Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability (24.07.2006) |
| | | mail_(at)_blue-spy.net, Com Multibanners Remote File Inclusion (mosConfig_absolute_path) (24.07.2006) |
| | | mail_(at)_sipplah.com, SolpotCrew Advisory #3 - com_trade Remote File Inclusion (mosConfig_absolute_path) (24.07.2006) |
| | | botan_(at)_linuxmail.org, [Kurdish Security # 13] Savant2 Remote File Include Vulnerability [For Mambo, Joomla] (24.07.2006) |
| | | AG Spider, MiniBB Forum <= 1.5a Remote File Include (news.php) (24.07.2006) |
| | | DEBIAN, [SECURITY] [DSA 1119-1] New hiki packages fix denial of service (24.07.2006) |
| | | Aesthetico, [MajorSecurity #24] Fire-Mouse TopList <=v1.1 - Cross Site Scripting (24.07.2006) |
| | | Aesthetico, [MajorSecurity #25] Advanced Guestbook 2.4 for phpBB - Multiple XSS and SQL-Injection Vulnerabilities (24.07.2006) |
| | | omnipresent_(at)_email.it, MicroGuestBook Remote XSS Attack (24.07.2006) |
| | | AG Spider, MiniBB Forum <= 1.5a Remote File Include (search.php-whosOnline.php) (24.07.2006) |
| | | chris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #2 - Advanced Poll ver 2.02 (base_path) Remote File Inclusion (24.07.2006) |
| | | Chris Norton, Unidomedia Chameleon LE/Pro Directory Traversal (24.07.2006) |
| | | Aesthetico, [MajorSecurity #22] Top XL <=1.1 - XSS and cookie disclosure (24.07.2006) |
| | | Aesthetico, [MajorSecurity #21] phpFaber TopSites <=2.0.9 - SQL Injection Vulnerability (24.07.2006) |
| | | Aesthetico, [MajorSecurity #20]SiteDepth CMS <= 3.01 - Remote File Include Vulnerability (24.07.2006) |
| | | RedTeam Pentesting, Advisory: Remote command execution in planetGallery (24.07.2006) |
| | | matdhule_(at)_gmail.com, [ECHO_ADV_40$2006] iManage CMS <= 4.0.12 (absolute_path) Remote File Inclusion (24.07.2006) |
| | | sledge_(at)_paradise.net.nz, AFCommerce Shopping Cart (24.07.2006) |
| | | binary.loc_(at)_gmail.com, osDate 1.1.7 multiple vulnerabilities (24.07.2006) |
| | | tamriel_(at)_gmx.net, hdweGUEST <= 2.1.1 Cross Site Scripting Vulnerabilities (24.07.2006) |
| | | Saudi Hackrz, ExtCalendar Mambo Module <= v2( extcalendar.php ) Remote File Include Vulnerabilities (24.07.2006) |
| | | Moritz Naumann, WebScarab <= 20060621-0003 cross site scripting (24.07.2006) |
| | | Jessica Hope, DeluxeBB mutiple vulnerabilities (24.07.2006) |
| | | farhadkey_(at)_kapda.ir, [KAPDA::#52] - PHP-Post 1.0 Cookie Modification Privilege Escalation Vulnerability (24.07.2006) |
| | | tamriel_(at)_gmx.net, Professional PHP Tools Guestbook Multiple Vulnerabilities (24.07.2006) |
| | | ssteam.pl_(at)_gmail.com, Cross Site Scripting Vulnerability in Zoho Virtual Office (24.07.2006) |
| | | matdhule_(at)_gmail.com, New Article Mambo Component <= 1.0 (com_articles.php) Remote File Include Vulnerabilities (24.07.2006) |
| | | matdhule_(at)_gmail.com, Calendar Mambo Module <= 1.5.7 Remote File Include Vulnerabilities (24.07.2006) |
| | | x0r0n_(at)_hotmail.com, ListMessenger v0.9.3 Remote File Inclusion Vulnerability (24.07.2006) |
| | | x0r0n_(at)_hotmail.com, Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download (24.07.2006) |
| | | SECUNIA, Secunia Research: VisNetic Mail Server Two File Inclusion Vulnerabilities (24.07.2006) |
| | | SECUNIA, Secunia Research: IceWarp Web Mail Two File Inclusion Vulnerabilities (24.07.2006) |
| | | vuln.invent_(at)_gmail.com, Plesk Control Panel <= 8.0.0 XSS vulnerability (24.07.2006) |
| | | chris_hasibuan_(at)_yahoo.com, PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion (24.07.2006) |
| | | matdhule_(at)_gmail.com, Calendar Module <= 1.5.7 Remote File Include Vulnerabilities (24.07.2006) |
| | | rst_(at)_ghc.ru, Invision Power Board 2.1 <= 2.1.6 sql injection (24.07.2006) |
| | | omnipresent_(at)_email.it, Fantastic Guestbook v2.0.1 Advisory (24.07.2006) |
| | | Breeeeh_(at)_hotmail.com, VBZooM <=V1.11 "sub-join.php" SQL Injection (24.07.2006) |
| | | Chironex Fleckeri, SubberZ[Lite] - Remote File Include (24.07.2006) |
| | | Breeeeh_(at)_hotmail.com, VBZooM <=V1.11 " ignore-pm.php" SQL Injection (24.07.2006) |
| | | matdhule_(at)_gmail.com, MiniBB Forum <= 1.5a Remote File Include Vulnerabilities (24.07.2006) |
| | | Breeeeh_(at)_hotmail.com, VBZooM <=V1.11 " reply.php" SQL Injection (24.07.2006) |
| | | Breeeeh_(at)_hotmail.com, VBZooM "sendmail.php" SQL Injection (24.07.2006) |
| | | securityconnection_(at)_gmail.com, Phorum 5.1.14 XSS SQL injection Vulnerability (24.07.2006) |
| | | Xavier, Rocks Clusters <=4.1 local root (24.07.2006) |
| | | Breeeeh_(at)_hotmail.com, MyGallery "Room.php" SQL Injection (24.07.2006) |
| | | renatrix_(at)_gmail.com, XSS phpBB 2.0.21 in administration (24.07.2006) |
| | | Breeeeh_(at)_hotmail.com, saphp "add.php" forumid Parameter SQL Injection (24.07.2006) |
| BT Voyager wireless routers information leak | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6394 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to access backup configuration file and PPP account data without authentication. |
| Novell firewall client privilege escalation | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6395 | | Type: | | local | | Level: | | 5/10 | | Description: | | "Save Configuration As..." dialog allows execute application with Local System privilege. |
| Cheese Tracker buffer overflow | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6397 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on XM format files parsing. |
| libdumb library buffer overflow | | Published: | | 24.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6398 | | Type: | | library | | Level: | | 5/10 | | Description: | | Buffer overflow on parsing IR music files format. |
Shockwave crossite scripting
updated since 24.07.2006 | | Published: | | 17.08.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6391 | | Type: | | client | | Level: | | 6/10 | | Description: | | Crossite access to cookies and document data is possible. |
|
|
|
|
|
|
|
|
