Search:Vulnerability:25.04.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Novell secure logging and auditing product DoS
Published: 25.04.2005
Source: FULL-DISCLOSURE
SecurityVulns ID: 4725
Type: remote
Level: 5/10

Affected: NOVELL : Novell Nsure Audit 1.0

Original document CIRT.DK Mailinglists, [Full-disclosure] [CIRT.DK - Advisory] Novell Nsure Audit 1.0.1 Denial of Service (25.04.2005)

Discuss: Read or add your comments to this news (0 comments)

Adobe Acrobat Reader ActiveX information leak
Published: 25.04.2005
Source: BUGTRAQ
SecurityVulns ID: 4727
Type: remote
Level: 5/10
Description: It's possible to check file existance with LoadFile method.

Affected: ADOBE : Acrobat Reader 7.0

Original document Hyperdose Security, Local file detection found through Adobe Reader ActiveX control (25.04.2005)

Discuss: Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities
updated since 25.04.2005
Published: 01.05.2005
Source:
SecurityVulns ID: 4724
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected: PHPBB : phpBB 2.0
HORDE : IMP 3.2
METALINKS : MetaCart e-Shop 8
METALINKS : MetaCart2
METALINKS : MetaBid Auctions
GRAYMUR : GrayCMS 1.1
DREAM4 : koobi-cms 4.2
CLARONLINE : Claroline RC1
HORDE : Forwards 2.2
HORDE : mnemo 1.1
HORDE : chora 1.2
HORDE : nag 1.1
HORDE : Horde passwd 2.2
HORDE : turba 1.2
HORDE : Horde accounts 2.1
HORDE : Kronolith 1.1
HORDE : Horde vacation 2.2
OXPUS : phpBB Notes Mod
OCEAN12 : Ocean12 Mailing list manager 1.06
ALL4WWW : All4WWW-Homepagecreator 1.0
PHPCOIN : phpCOIN 1.2
MYPHP : MyPHP Forum 3.0
COMERSUS : Comersus ASP Shopping Cart 6.01
PHPMYADMIN : phpMyAdmin 2.6
PHPNUKE : PHP-Nuke 7.6
INVISION : Invision Power Board 2.0
WOLTLAB : Woltlab Burning Board 2.3
YAZAPORT : E-Cart 1.1
WEBAPP : WebAPP 0.9
BKDEV : BK Forum 4
ACSBLOG : ACSblog 0.8
ACSBLOG : ACSblog 1.0
ACSBLOG : ACSblog 1.1
ARTMEDIC : artmedic_links 5
CARTWIZ : CartWIZ 1.1
PHPMYVISITES : phpMyVisites 1.3
STOREPORTAL : StorePortal 2.63

Original document SECUNIA, [SA15173] enVivo!CMS SQL Injection Vulnerabilities (01.05.2005)

GENTOO, [Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation (01.05.2005)

SECURITEAM, [UNIX] All4WWW-Homepagecreator site Parameter Command Execution (01.05.2005)

Luis Fernando, Multiples Full Path Disclosure in php-nuke 7.6 (and below) (30.04.2005)

document dcrab_(at)_hackerscenter.com, Multiple Sql injections in phpCoin v1.2.2 and below (30.04.2005)

Zinho, [HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection (30.04.2005)

JeiAr, phpBB Notes Mod SQL Injection Vulnerability (30.04.2005)

durito, �� WebAPP v0.9.9. (30.04.2005)

document SECUNIA, [SA15073] Vacation Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15080] Kronolith Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15081] Accounts Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

document SECUNIA, [SA15074] Turba Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15075] Passwd Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15077] Horde IMP Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

document SECUNIA, [SA15079] Nag Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15083] Chora Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15078] Mnemo Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

document SECUNIA, [SA15082] Forwards Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

Sieg Fried, ZRCSA-200501 - Multiple vulnerabilities in Claroline (28.04.2005)

CENSORED, SQL-injections in koobi-cms (28.04.2005)

Terencentanio Enache, myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof' (27.04.2005)

document Zinho, [HSC Security Group] Comersus v6 Script injection (27.04.2005)

Kold, GrayCMS php code injection (27.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaBid Auctions (27.04.2005)

dcrab_(at)_hackerscenter.com, MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities (27.04.2005)

document dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K (27.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart2 for PayPal (27.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart e-Shop V-8 (27.04.2005)

document Zinho, [Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability (27.04.2005)

CENSORED, SQL-injections in Invision Power Board v2.0.1 (27.04.2005)

fireboy fireboy, remote command execution in text.cgi script (26.04.2005)

fireboy fireboy, index.cgi script XSS + file show (26.04.2005)

document fireboy fireboy, remote command execution in forum.pl script (26.04.2005)

fireboy fireboy, remote command execution in ad.cgi script (26.04.2005)

admin_(at)_batznet.com, WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) (26.04.2005)

fireboy fireboy, remote command execution in includer.cgi script (26.04.2005)

document fireboy fireboy, remote command execution in citat.pl script (26.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in StorePortal 2.63 (26.04.2005)

fireboy fireboy, remote command execution in include.cgi script (26.04.2005)

fireboy fireboy, remote command execution in inserter.cgi script (26.04.2005)

document Max Cerny, [exploit] phpMyVisites 1.3 local file retrieval (26.04.2005)

Nicolas Montoza, E-Cart v1.1 Remote Command Execution (25.04.2005)

dcrab_(at)_hackerscenter.com, Multiple Sql injection and XSS in CartWIZ ASP Cart (25.04.2005)

Adam n30n Simuntis, artmedic_links5 remote file access exploit (25.04.2005)

document HaCkZaTaN, -==phpBB 2.0.14 Multiple Vulnerabilities==- (25.04.2005)

farhad koosha, ACSblog bug (25.04.2005)

dcrab_(at)_hackerscenter.com, Multiple Sql injection vulnerabilities in BK Forum v.4 (25.04.2005)

durito, �� WebAPP Web Automated Perl Portal System v0.9.9. (25.04.2005)

Discuss: Read or add your comments to this news (0 comments)

Nokia Affix Bluetooth multiple vulnerabilities
updated since 25.04.2005
Published: 28.08.2005
Source: FULL-DISCLOSURE
SecurityVulns ID: 4726
Type: remote
Level: 5/10
Description: Integer overflow on socket creation. Buffer overflow in btftp client. btsrv/btobex unfiltered shell characters problem. popen() unfiltered shell characters.

Affected: NOKIA : Affix 2.1
NOKIA : Affix 3.2

Original document Kevin Finisterre, DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()' (28.08.2005)

Kevin Finisterre, [Full-disclosure] MA[2005-0712b] - 'Nokia Affix Bluetooth btsrv/btobex poor use of system()' (12.07.2005)

Kevin Finisterre, [Full-disclosure] DMA[2005-0712a] - 'Nokia Affix Bluetooth btftp client buffer overflow' (12.07.2005)

document Kevin Finisterre, [Full-disclosure] DMA[2005-0423a] - 'Nokia Affix Bluetooth Integer Underflow' (25.04.2005)

Files: Remote Nokia Affix btftp client exploit
Discuss: Read or add your comments to this news (0 comments)