Search:Vulnerability:25.06.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP, ASP, CGI web applications security vulnerabilities
updated since 20.06.2005
Published: 25.06.2005
Source:
SecurityVulns ID: 4907
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected: EXTOPIA : WebStore
PHPBB : phpBB 2.0
UPB : Ultimate PHP Board 1.9
MAMBOSERVER : Mambo Server 4.5
DUWARE : DUpaypal 3.0
MERCURYBOARD : MercuryBoard 1.1
CLAROLINE : Claroline 1.5
PHPNUKE : PHP-Nuke 7.6
DUWARE : DuPortal 3.4
EDGEWALL : Trac 0.8
UAPPLICATYIONS : Ublog Reload 1.0
BCP : i-Gallery 3.3
FORTIBUS : Fortibus CMS 4.0
NANOBLOGGER : NanoBlogger 3.2
CACTI : Cacti 0.8
CPANEL : cPanel 10.2
WNAILER : W-Nailer 0.34
DUWARE : DUamazon 3.1
DUWARE : DUforum 3.1
DUWARE : DUclassmate 1.2
SIMPLEMACHINES : Simple Machine Forum 1.0
FRB : Forum Russian Board 4.2
WHOISCART : Whois.Cart 2.2
UBB : UBB.threads 6.5
ACTIVEWEBSOFTWAR : ActiveBuyAndSell 6.2
LCM : Legal Case Management System 0.6

Original document SECUNIA, [SA15743] Legal Case Management System Log File Disclosure (25.06.2005)

JeiAr, Infopop UBB Threads Multiple Vulnerabilities (25.06.2005)

fjlj_(at)_wvi.com, PHP nuke XSS vulnerability (25.06.2005)

dedi dwianto, [ECHO_ADV_21$2005] MUltiple Vulnarable In ActiveBuyAndSell (25.06.2005)

document SECUNIA, [SA15805] UBB.threads Multiple Vulnerabilities (24.06.2005)

SECUNIA, [SA15783] Whois.Cart Cross-Site Scripting and Local File Inclusion (24.06.2005)

dedi dwianto, [ECHO_ADV_20$2005] Full path disclosure JAF CMS (24.06.2005)

Alberto Trivero, Remote Command Execution Exploit for Cacti <= 0.8.6d (24.06.2005)

document SECURITEAM, [EXPL] MercuryBoard SQL Injection (User-Agent) (23.06.2005)

SECURITEAM, [EXPL] phpBB Multiple User Registeration DoS (Exploit) (23.06.2005)

SECURITEAM, [EXPL] FRB Remote Command Execution (Exploit) (23.06.2005)

SECURITEAM, [EXPL] Simple Machine Forum SQL Injection (modify) (23.06.2005)

document dedi dwianto, [ECHO_ADV_19$2005] Multiple SQL INJECTION in DUWARE Products (22.06.2005)

zodchiy, W-Nailer 0.34 (22.06.2005)

SECUNIA, [SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability (22.06.2005)

IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Remote File Inclusion Vulnerability (22.06.2005)

document IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti config_settings.php Remote Code Execution Vulnerability (22.06.2005)

IDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 06.22.05: Multiple Vendor Cacti Multiple SQL Injection Vulnerabilities (22.06.2005)

document 4yka_(at)_ghc.ru, MercuryBoard 1.1.4 SQL Injection (22.06.2005)

SECUNIA, [SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability (22.06.2005)

SECUNIA, [SA15762] Fortibus CMS "username" and "ID" SQL Injection Vulnerabilities (21.06.2005)

Hat-Squad Security Team, [Hat-Squad] i-Gallery directory traversal (21.06.2005)

document SECUNIA, [SA15747] Ublog Reload SQL Injection and Cross-Site Scripting (20.06.2005)

Stefan Esser, [Full-disclosure] Advisory 01/2005: Fileupload/download vulnerability in Trac (20.06.2005)

SECURITEAM, [EXPL] eXtropia WebStore Remote Command Execution (web_store.cgi) (20.06.2005)

document SECURITEAM, [EXPL] Mambo Remote Password Hash Retrieval (Exploit) (20.06.2005)

SECURITEAM, [EXPL] Claroline E-Learning Application Remote SQL Injection (Exploit 2) (20.06.2005)

SECURITEAM, [EXPL] Claroline E-Learning Application Remote SQL Injection (20.06.2005)

TaskFall, phpBB 2.0.* Discloses Path (20.06.2005)

Files: Mambo Remote Password Hash Retrieval Exploit
Passwords Decrypter for UPB <= 1.9.6
SMF Modify SQL Injection
Claroline E-Learning Application Remote SQL Exploit
phpBB Multiple User Registeration DoS
MercuryBoard <=1.1.4, MySQL => 4.1 sql injection exploit
Remote Command Execution Exploit for Cacti <= 0.8.6d
Forum Russian Board 4.0 Full command execution exploit
Claroline E-Learning Application Remote SQL Injection (Exploit 2)
Remote Command Execution Vulnerability In Web_store.cgi
Discuss: Read or add your comments to this news (0 comments)

ClamAV antivirus Qantum compression DoS
Published: 25.06.2005
Source: SECUNIA
SecurityVulns ID: 4931
Type: remote
Level: 6/10
Description: Compression with small windows size causes anti virus to crash.

Affected: CLAMAV : ClamAV 0.86

Original document SECUNIA, [SA15811] ClamAV Quantum Decompressor Denial of Service Vulnerability (25.06.2005)

Discuss: Read or add your comments to this news (0 comments)

IBM DB2 universal database protection bypass
Published: 25.06.2005
Source: SECUNIA
SecurityVulns ID: 4932
Type: remote
Level: 5/10
Description: User with only SELECT permissions can can insert, update or delete records.

Affected: IBM : DB2 8.6
IBM : DB2 8.7
IBM : DB2 8.8
IBM : DB2 8.9

Original document SECUNIA, [SA15808] IBM DB2 Universal Data Authorisation Checking Bypass (25.06.2005)

Discuss: Read or add your comments to this news (0 comments)

Sun Solaris traceroute buffer overflow
updated since 25.06.2005
Published: 26.11.2005
Source: BUGTRAQ
SecurityVulns ID: 4930
Type: local
Level: 6/10
Description: Buffer overflow on large number of -g arguments, on malformed -s argument allow raw socket access.

Affected: SUN : Solaris 10

Original document SECUNIA, [SA17708] Sun Solaris traceroute Commandline Buffer Overflow Vulnerability (26.11.2005)

Przemyslaw Frasunek, Solaris 10 /usr/sbin/traceroute vulnerabilities (25.06.2005)

Files: Solaris 10 /usr/sbin/traceroute PoC
Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin