Search:Vulnerability:25.05.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

NetPanzer game DoS
updated since 14.07.2005
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 4999
Type: remote
Level: 5/10
Description: Server enters to endless loop on the packet with zero data.

Affected: NETPANZER : netPanzer 0.8

Original document Luigi Auriemma, Endless loop in NetPanzer 0.8 (14.07.2005)

Discuss: Read or add your comments to this news (0 comments)

HP OpenView Network Node Manager unauthorized access
updated since 05.10.2005
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 5301
Type: remote
Level: 6/10

Affected: HP : OpenView Network Node Manager 7.50
HP : OpenView Network Node Manager 7.01

Original document HP, [security bulletin] HPSBMA02098 SSRT5911 rev.1 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation (25.05.2006)

HP, [security bulletin] SSRT051023 rev.5 - HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access (05.10.2005)

Discuss: Read or add your comments to this news (0 comments)

HP-UX Software Distributor unauthorized access
updated since 20.12.2005
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 5556
Type: remote
Level: 6/10

Affected: HP : HP-UX 11.11

Original document HP, [security bulletin] HPSBUX02114 SSRT061115 rev.1 - HP-UX Running Software Distributor Local Elevation of Privilege (25.05.2006)

HP, [security bulletin] SSRT5983 rev.1 - HP-UX Running Software Distributor (SD) Remote Unauthorized Access (20.12.2005)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6178
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: MAMBOSERVER : Mambo Server 4.6
PHPNUKE : PHP-Nuke 7.9
OPENCMS : OpenCms 6.0
DSCHAT : DSChat 1.0
IPLOGGER : IpLogger 1.7
QB : QB 14
SKYESHOUTBOX : SkyeShoutbox 1.2
PHPMYDIRECTORY : phpMyDirectory 10.4
ALSTRASOFT : Article Manager Pro 1.6
DGBOOK : DGbook 1.0
ALSTRASOFT : Web Host Directory 1.2
PUBLICIST : Publicist 0.95
DRUPAL : Drupal 4.7
FRONTRANGE : iHEAT 8.3

Original document SECUNIA, [SA20165] FrontRange iHEAT Host System Access Vulnerability (25.05.2006)

jaime.blasco_(at)_eazel.es, OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting (25.05.2006)

a_linuxer_(at)_yahoo.com, Diesel Joke Site SQL INJECTION (25.05.2006)

Breeeeh_(at)_hotmail.com, YLZH(right.php)Cross Site Scripting (25.05.2006)

document rgod_(at)_autistici.org, Mambo <= 4.6. RC1 xss (25.05.2006)

luny_(at)_youfucktard.com, Publicist v0.95 - XSS And Full Path Errors (25.05.2006)

luny_(at)_youfucktard.com, AlstraSoft Web Host Directory v1.2 (25.05.2006)

luny_(at)_youfucktard.com, Alstrasoft Article Manager Pro v1.6 (25.05.2006)

document luny_(at)_youfucktard.com, AlstraSoft E-Friends - XSS (25.05.2006)

ajannhwt_(at)_hotmail.com, phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!) (25.05.2006)

zerogue_(at)_gmail.com, SkyeShoutbox <= v.1.2.0 XSS (25.05.2006)

zerogue_(at)_gmail.com, Russcom Ping Remote code execution (25.05.2006)

document zerogue_(at)_gmail.com, Russcom PHPImages lack of validation (25.05.2006)

zerogue_(at)_gmail.com, QBv14 XSS (25.05.2006)

zerogue_(at)_gmail.com, IpLogger <= 1.7 XSS (25.05.2006)

zerogue_(at)_gmail.com, DSChat <= 1.0 XSS (25.05.2006)

zerogue_(at)_gmail.com, Chatty improper input sanitizing (25.05.2006)

document Private Private, PHP - Nuke Recherches Module 7.x Version Cross Site Scripting {!} (25.05.2006)

SpiderZ, View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb (25.05.2006)

SpiderZ, View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb (25.05.2006)

Files: Exploits View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb
Exploits Xss freebb
Drupal <= 4.7 attachment mod_mime poc exploit
Discuss: Read or add your comments to this news (0 comments)

Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6179
Type: client
Level: 6/10
Description: It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object.

Affected: MICROSOFT : Internet Explorer 5.5
MICROSOFT : Internet Explorer 6.0

Original document Amit Klein (AKsecurity), Write-up by Amit Klein: "IE + some popular forward proxy servers = XSS, defacement (browser cache poisoning)" (25.05.2006)

Amit Klein (AKsecurity), "Exploiting the XmlHttpRequest object in IE" - paper by Amit Klein (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

Kaspersky Antivirus content filtering protection bypass
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6180
Type: local
Level: 4/10
Description: Small reassembly timeout during stateful filtering allows filtering bypass by breaking stream with pauses.

Affected: KASPERSKY : Kaspersky Antivirus 6.0
KASPERSKY : Kaspersky Internet Security 6.0

Original document john_(at)_kak-sam.to, Kaspersky antivirus 6: HTTP monitor bypassing (25.05.2006)

Discuss: Read or add your comments to this news (2 comments)

kphone SIP VoIP software solution weak permissions
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6184
Type: local
Level: 5/10
Description: .qt/kphonerc file is world-readable and contains sensitive information, including SIP accounts.

Affected: KPHONE : kphone 4.2

Original document MANDRIVA, [ MDKSA-2006:089 ] - Updated kphone packages fixes permissions issue with .qt/kphonerc (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

HP-UX xterm unauthorized access
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6185
Type: local
Level: 5/10

Affected: HP : HP-UX 11.00
HP : HP-UX 11.11
HP : HP-UX 11.23

Original document HP, [security bulletin] HPSBUX02075 SSRT051074 rev.5 - HP-UX Running xterm Local Unauthorized Access (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

Apple Xcode unauthorized access
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6189
Type: remote
Level: 5/10
Description: Access restrictions do not work.

Affected: APPLE : Xcode 2.2

Original document SECUNIA, [SA20267] Apple Xcode WebObjects Plugin Access Control Vulnerability (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

netPanzer game server DoS
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6181
Type: remote
Level: 5/10
Description: Assert termination on malformed packet.

Affected: NETPANZER : netPanzer 0.8

Original document Luigi Auriemma, Server termination in netPanzer 0.8 (rev 952) (25.05.2006)

Files: Exploits server termination in netPanzer
Discuss: Read or add your comments to this news (0 comments)

PunkBuster game servers anti-cheat system buffer overflow
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6182
Type: remote
Level: 5/10
Description: Buffer overflow in built-in web server on oversized webkey parameter.

Affected: EVENBALANCE : PunkBuster for servers 1.228

Original document Luigi Auriemma, Buffer-overflow in the WebTool service of PunkBuster for servers (minor than v1.229) (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

HP OpenView Storage Data Protector unauthorized access
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6186
Type: remote
Level: 5/10

Affected: HP : OpenView Storage Data Protector 5.1
HP : OpenView Storage Data Protector 5.5

Original document HP, [security bulletin] HPSBMA02121 SSRT061157 rev.1 - HP OpenView Storage Data Protector Remote Arbitrary Command Execution (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple tor distributed anonymizing service security vulnerabilities
Published: 25.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6188
Type: remote
Level: 6/10
Description: Log entries spoofing, integer overflows, DoS.

Affected: TOR : tor 0.1

Original document SECUNIA, [SA20277] Tor Weakness and Multiple Vulnerabilities (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

PostgreSQL / MySQL extended character sets SQL injections
updated since 25.05.2006
Published: 08.06.2006
Source: BUGTRAQ
SecurityVulns ID: 6187
Type: remote
Level: 6/10
Description: It's possible to use character different from quote sign in different encodings.

Affected: POSTGRESQL : PostgreSQL 8.1

Original document MANDRIVA, [ MDKSA-2006:097 ] - Updated MySQL packages fixes SQL injection vulnerability. (08.06.2006)

POSTGRESQL, PostgreSQL security releases 8.1.4, 8.0.8, 7.4.13, 7.3.15 (26.05.2006)

Justin M. Forbes, [Full-disclosure] rPSA-2006-0080-1 postgresql postgresql-server (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)

Cisco VPN client for Windows privilege escalation
updated since 25.05.2006
Published: 28.07.2006
Source: BUGTRAQ
SecurityVulns ID: 6183
Type: local
Level: 6/10
Description: Privilege escalation with help subsystem.

Affected: CISCO : Cisco VPN Client for Windows 4.8
CISCO : Cisco VPN Client for Windows 4.7

Original document CISCO, [Full-disclosure] Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability (28.07.2006)

CISCO, Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability (25.05.2006)

Discuss: Read or add your comments to this news (0 comments)