Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.11.2006
Source:
SecurityVulns ID:6856
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WBB : Woltlab Burning Board Lite 1.0
 PHPNUKE : PHP-Nuke 7.9
 CAHIERDETEXTES : Cahier de texte 2.0
 ACONMAN : a-ConMan 3.2
 ACTIVEPHPBOOKMAR : Active PHP Bookmarks 1.2
 SIMPLEPHPGALLERY : Simple PHP Gallery 1.1
 ASPLISTPICS : ASP ListPics 5.0
 PHPNUKE : PHP-Nuke Mermaid Module 1.2
 CPANEL : cPanel 11
 CPANEL : WebHost Manager 3.1
Original documentdocumentAdvisory_(at)_Aria-Security.net, WebHost Manager (WHM) Multiple Cross-Site Scripting (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, CPanel 11 Multiple Cross-Site Scription (25.11.2006)
 documentcrackers_child_(at)_sibersavascilar.com, PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit (25.11.2006)
 documentgmdarkfig_(at)_gmail.com, Cahier de texte V2.0 SQL Code Execution Exploit (25.11.2006)
 documentpaisterist.nst_(at)_gmail.com, PHP-Nuke <= 7.9 News module "sid" SQL Injection vulnerabilities (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] Ultimate Survey Pro SQL Injection (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] iNews News Manager SQL Injection (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] MidiCart ASP Shopping Cart SQL Injection (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] ASP ListPics 5.0 SQL Injection (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] Fixit iDMS Pro Image Gallery SQL Injection (25.11.2006)
 documentAdvisory_(at)_Aria-Security.net, [Aria-Security Team] MidiCart ASP Plus Shopping Cart SQL Injection (25.11.2006)
 documentretrog_(at)_alice.it, Wolflab Burning Board Lite 1.0.2 two sql injections (25.11.2006)
 documentAl7ejaz Hacker, mmgallery Multiple vulnerabilities (25.11.2006)
 documentAl7ejaz Hacker, Cross site scripting & fullpath disclosure (25.11.2006)
 documentphilip anselmo, Active PHP Bookmarks (apb.php) Remote file include (25.11.2006)
 documenterdc_(at)_echo.or.id, [ECHO_ADV_61_2006] a-ConMan <= v3.2beta Remote File Inclusion (25.11.2006)
Files:PHP-Nuke Mermaid Module V1.2 (formdisp.php) Remote File Include Exploit

Apache mod_auth_kerberos DoS
Published:25.11.2006
Source:
SecurityVulns ID:6857
Type:remote
Threat Level:
5/10
Description:Off-by-one overflow in der_get_oid.
Affected:APACHE : mod_auth_kerb 5.0
Original documentdocumentMANDRIVA, [ MDKSA-2006:218 ] - Updated apache-mod_auth_kerb packages fixes DoS vulnerability (25.11.2006)

fvwm-menu-directory shell characters injection
Published:25.11.2006
Source:
SecurityVulns ID:6858
Type:local
Threat Level:
5/10
Description:Shell characters injection thorugh browed directories names is possible.
Affected:FVWM : fvwm 2.5
Original documentdocumentGENTOO, [ GLSA 200611-17 ] fvwm: fvwm-menu-directory fvwm command injection (25.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod