SCO Unixware ptrace privilege escalation updated since 22.02.2006
Published:		25.02.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		5814
Type:		local
Level:		5/10
Description:		ptrace can be attached to suid application.

Affected:

SCO : UnixWare 7.1

Original document		IDEFENSE, iDefense Security Advisory 02.24.06: SCO Unixware Setuid ptrace Local Privilege Escalation Vulnerability (25.02.2006)
		SCO, [Full-disclosure] SCOSA-2006.9 UnixWare 7.1.3 UnixWare 7.1.4 : Setuid ptrace Local Privilege Escalation Vulnerability (22.02.2006)

Files:		SCO Unixware 7.1.3 ptrace local root exploit
Discuss:		Read or add your comments to this news (0 comments)

WinAmp player buffer overflow updated since 30.01.2006
Published:		25.02.2006
Source:		FSIRT
SecurityVulns ID:		5711
Type:		client
Level:		7/10
Description:		Buffer overflow on oversized computer name in UNC path of .pls on .m3u file entry. Buffer overflow on oversized WMA playlist file entry. Vulnerability can be exploited for hidden trojan installation.

Affected:		NULLSOFT : Winamp 5.12
		NULLSOFT : Winamp 5.13

Original document		advisories_(at)_irmplc.com, IRM 018: Winamp 5.13 m3u Playlist Buffer Overflow (25.02.2006)
		NSFOCUS, NSFOCUS SA2006-01 : Winamp m3u File Processing Buffer Overflow Vulnerability (24.02.2006)
		Sowhat ., [Full-disclosure] Winamp .m3u fun again ;) (16.02.2006)
		b0f www . b0f . net, New winamp m3u/pls .WMA & .M3U Extension overflows (14.02.2006)
		IDEFENSE, iDefense Security Advisory 02.01.06: Winamp m3u Parsing Stack Overflow Vulnerability (02.02.2006)
		IDEFENSE, iDefense Security Advisory 02.01.06: Winamp m3u/pls .WMA Extension Buffer Overflow Vulnerability (02.02.2006)
		CERT, US-CERT Technical Cyber Security Alert TA06-032A -- Winamp Playlist Buffer Overflow (02.02.2006)

Files:		Winamp 5.12 Playlist UNC Path Computer Name Overflow Perl Exploit
		Winamp 5.12 Remote Buffer Overflow Universal Exploit
Discuss:		Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		25.02.2006
Source:
SecurityVulns ID:		5828
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		MYPHPNUKE : myPHPNuke 1.8
		MAMBO : Mambo 4.5
		GUESTEXT : Guestext 1.0
		CILEM : CilemNews 1.1
		JGSXA : Woltlab Burning Board JGS-Gallery MOD 4.0
		VPMI : Virtual Program Management Intranet 3.3

Original document		SECUNIA, [SA18842] VPMi Enterprise "UpdateID0" SQL Injection Vulnerability (25.02.2006)
		Mustafa Can Bjorn IPEKCI, Advisory: Woltlab Burning Board 2.x (JGS-Gallery MOD <= 4.0) multiple XSS vulnerabilities (25.02.2006)
		Mustafa Can Bjorn IPEKCI, Advisory: MyPHPNuke <= 1.8.8 multiple XSS vulnerabilities (25.02.2006)
		Mustafa Can Bjorn IPEKCI, Advisory: CilemNews System <= 1.1 Remote SQL Injection Vulnerability (25.02.2006)
		JeiAr, Mambo Multiple Vulnerabilities (25.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] Guestex XSS Vulnerability (25.02.2006)
		Aliaksandr Hartsuyeu, [eVuln] Guestex Shell Command Execution Vulnerability (25.02.2006)

Discuss:

Read or add your comments to this news (0 comments)