Computer Security

Search:Vulnerability:25.08.2002
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PHP safe mode bypass
updated since 02.07.2001
Published:25.08.2002
Source:BUGTRAQ
SecurityVulns ID:1301
Type:remote
Level:5/10
Description:Shell metacharcters are not checked in mail command
Affected:PHP : PHP 4.0
 PHP : PHP 4.2
Original documentdocumentWojciech Purczynski, PHP: Bypass safe_mode and inject ASCII control chars with mail() (25.08.2002)
 documentJoost Pol, php breaks safe mode (02.07.2001)
Discuss:Read or add your comments to this news (0 comments)

CGI bugs
updated since 15.08.2002
Published:25.08.2002
Source:BUGTRAQ
SecurityVulns ID:2229
Type:remote
Level:5/10
Affected:CGI : L-Forum 2.4
 CGI : mantisbt 0.17
 CAFELOG : b2 Weblog Tool 2.06
 CGI : php-affiliate 1.0
 CGI : Web Shop Manager 1.1
 ICEWARP : IceWarp Webmail 3.3
 PHPNUKE : PHP-Nuke 5.6
 CGI : Bonsai
 TOMAHAWK : SteelArrow
 PROHOST : FUDforum 2.0
 ACHIEVO : Achievo 0.7
 ACHIEVO : Achievo 0.8
 ACHIEVO : Achievo 0.9
 BLAZIX : Blazix 1.2
Original documentdocumentAuriemma Luigi, Blazix 1.2 jsp view and free protected folder access (25.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs' (25.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-06] Private bugs accessible in Mantis (25.08.2002)
 documentJeroen Latour, Arbitrary code execution problem in Achievo (23.08.2002)
 documentUlf Harnhammar, FUDforum file access and SQL Injection (20.08.2002)
 documentNGSSoftware Insight Security Research, Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B) (20.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation (20.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis (20.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis (20.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed (20.08.2002)
 documentJeroen Latour, [Mantis Advisory/2002-04] Arbitrary code execution vulnerability in Mantis (20.08.2002)
 documentStan Bubrouski, Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities (20.08.2002)
 document<-delusion->, PHP-Nuke v5.6 - Users can compromise admin accts. (16.08.2002)
 documentUlf Harnhammar, L-Forum XSS and upload spoofing (16.08.2002)
 documentDarC KonQuesT, IceWarp Webmail XSS (16.08.2002)
 documentTacettin Karadeniz, Web Shop Manager Security Vulnerability (16.08.2002)
 documentMOD, Input validation attack in php-affiliate-v1.0 (16.08.2002)
 documentMatthew Murphy, Multiple Vulnerabilities in CafeLog Weblog Package (15.08.2002)
 documentJoao Gouveia, mantisbt security flaw (15.08.2002)
 documentMatthew Murphy, L-Forum Vulnerability - SQL Injection (15.08.2002)
Discuss:Read or add your comments to this news (0 comments)

Utstarcom backdoor
Published:25.08.2002
Source:BUGTRAQ
SecurityVulns ID:2250
Type:remote
Level:5/10
Description:Builtin priveleged accounts field/*field and guru/*3nouguru.
Affected:UTSTARCOM : B-NAS 1000
 UTSTARCOM : B-RAS 1000
Original documentdocumentScott T. Cameron, UTStarcom B-NAS 1000 / B-RAS 1000 Major Security Flaw (25.08.2002)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru