 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 25.05.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6178 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | SECUNIA, [SA20165] FrontRange iHEAT Host System Access Vulnerability (25.05.2006) |
| | | jaime.blasco_(at)_eazel.es, OpenCms version 6.0.x Xml Content Demo search engine Cross site scripting (25.05.2006) |
| | | a_linuxer_(at)_yahoo.com, Diesel Joke Site SQL INJECTION (25.05.2006) |
| | | Breeeeh_(at)_hotmail.com, YLZH(right.php)Cross Site Scripting (25.05.2006) |
| | | rgod_(at)_autistici.org, Mambo <= 4.6. RC1 xss (25.05.2006) |
| | | luny_(at)_youfucktard.com, Publicist v0.95 - XSS And Full Path Errors (25.05.2006) |
| | | luny_(at)_youfucktard.com, AlstraSoft Web Host Directory v1.2 (25.05.2006) |
| | | luny_(at)_youfucktard.com, Alstrasoft Article Manager Pro v1.6 (25.05.2006) |
| | | luny_(at)_youfucktard.com, AlstraSoft E-Friends - XSS (25.05.2006) |
| | | ajannhwt_(at)_hotmail.com, phpMyDirectory <= 10.4.4 Multiple Remote File Include(new!) (25.05.2006) |
| | | zerogue_(at)_gmail.com, SkyeShoutbox <= v.1.2.0 XSS (25.05.2006) |
| | | zerogue_(at)_gmail.com, Russcom Ping Remote code execution (25.05.2006) |
| | | zerogue_(at)_gmail.com, Russcom PHPImages lack of validation (25.05.2006) |
| | | zerogue_(at)_gmail.com, QBv14 XSS (25.05.2006) |
| | | zerogue_(at)_gmail.com, IpLogger <= 1.7 XSS (25.05.2006) |
| | | zerogue_(at)_gmail.com, DSChat <= 1.0 XSS (25.05.2006) |
| | | zerogue_(at)_gmail.com, Chatty improper input sanitizing (25.05.2006) |
| | | Private Private, PHP - Nuke Recherches Module 7.x Version Cross Site Scripting {!} (25.05.2006) |
| | | SpiderZ, View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb (25.05.2006) |
| | | SpiderZ, View Topic Flood phpBB, MercuryBoard, Vbulletin, Ipb (25.05.2006) |
| Microsoft Internet Explorer XmlHTTPRequest object request and response spoofing | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6179 | | Type: | | client | | Level: | | 6/10 | | Description: | | It's possible to spoof client application request and, under some conditions, server reply by using Microsoft.XMLHTTP object. |
| Kaspersky Antivirus content filtering protection bypass | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6180 | | Type: | | local | | Level: | | 4/10 | | Description: | | Small reassembly timeout during stateful filtering allows filtering bypass by breaking stream with pauses. |
| kphone SIP VoIP software solution weak permissions | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6184 | | Type: | | local | | Level: | | 5/10 | | Description: | | .qt/kphonerc file is world-readable and contains sensitive information, including SIP accounts. |
| HP-UX xterm unauthorized access | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6185 | | Type: | | local | | Level: | | 5/10 |
| Apple Xcode unauthorized access | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6189 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Access restrictions do not work. |
| netPanzer game server DoS | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6181 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Assert termination on malformed packet. |
| PunkBuster game servers anti-cheat system buffer overflow | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6182 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow in built-in web server on oversized webkey parameter. |
| HP OpenView Storage Data Protector unauthorized access | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6186 | | Type: | | remote | | Level: | | 5/10 |
| Multiple tor distributed anonymizing service security vulnerabilities | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6188 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Log entries spoofing, integer overflows, DoS. |
HP-UX Software Distributor unauthorized access
updated since 20.12.2005 | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5556 | | Type: | | remote | | Level: | | 6/10 |
NetPanzer game DoS
updated since 14.07.2005 | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4999 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Server enters to endless loop on the packet with zero data. |
HP OpenView Network Node Manager unauthorized access
updated since 05.10.2005 | | Published: | | 25.05.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5301 | | Type: | | remote | | Level: | | 6/10 |
PostgreSQL / MySQL extended character sets SQL injections
updated since 25.05.2006 | | Published: | | 08.06.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6187 | | Type: | | remote | | Level: | | 6/10 | | Description: | | It's possible to use character different from quote sign in different encodings. |
Cisco VPN client for Windows privilege escalation
updated since 25.05.2006 | | Published: | | 28.07.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6183 | | Type: | | local | | Level: | | 6/10 | | Description: | | Privilege escalation with help subsystem. |
|
|
|
|
|
|
|
|
