Computer Security
[EN] securityvulns.ru no-pyccku


libtiff buffer overflow
Published:26.05.2006
Source:
SecurityVulns ID:6192
Type:library
Threat Level:
6/10
Description:Stack-based buffer overflow in tiffsplit.
Affected:LIBTIFF : libtiff 3.8
Original documentdocumentA. Alejandro Hernández, tiffsplit (libtiff <= 3.8.2) bss & stack buffer overflow... (26.05.2006)
Files:libtiff tiffsplic PoC

Microsoft Internet Explorer memory corruption
Published:26.05.2006
Source:
SecurityVulns ID:6193
Type:client
Threat Level:
6/10
Description:resizeBy() method negative values memory corruption.
Affected:MICROSOFT : Internet Explorer 6.0
Original documentdocumentr k, [Full-disclosure] Internet Explorer Ver 6.0.2800.1106 vulnerability (26.05.2006)
Files:Exploits MSIE ResizeBy() negative values

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.04.2006
Published:26.05.2006
Source:
SecurityVulns ID:6028
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:RECHNUNGSZENTRAL : RechnungsZentrale 2
 PHPSURVEYOR : PHPSurveyor 0.995
 AWSTATS : AWStats 6.5
 PORTALPACK : Portal Pack 6.0
 AASIMEDIA : Net Clubs Pro 4.0
 GREENMINUTE : Green Minute 1.0
 MDNEWS : MD News 1.0
 NT : N.T. 1.1
 PCPIN : PCPIN Chat 5.0
 ASPSITEM : ASPSitem 1.83
 WWWTHREAD : WWWThread RC 3
 MANICWEB : MWGuest 2.1
 INVISION : Invision Power Board 2.1
Original documentdocumentMarko Seppänen, Article suggestion: "wannabe security group members" doing harm to software developers (26.05.2006)
 documentAliaksandr Hartsuyeu, [eVuln] MWGuest XSS Vulnerability (20.04.2006)
 documentr0t, AWStats 6.5.x multiple vuln. (20.04.2006)
 documentSECUNIA, [SA19717] W2B Online Banking "SID" Cross-Site Scripting Vulnerability (20.04.2006)
 documentSECUNIA, [SA19684] I-Rater Platinum "include_path" Parameter File Inclusion Vulnerability (20.04.2006)
 documentbotan_(at)_linuxmail.org, ContentBoxx Login.php Cross-Site Scripting (20.04.2006)
 documento.y.6_(at)_hotmail.com, WWWThread RC 3 MultBugs (20.04.2006)
 documentn0m3rcy_(at)_bsdmail.org, Shbablek Mail Vulnerablitiy - Cross-Site Scripting (20.04.2006)
 documentqex_(at)_bsdmail.org, ThWboard <= 3 Beta 2.84 SQL Injection (20.04.2006)
 documentinfo_(at)_g-0.org, RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities (20.04.2006)
 documentMustafa Can Bjorn IPEKCI, ASPSitem <= 1.83 Remote SQL Injection Vulnerability (20.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] N.T. Version 1.1.0 XSS and PHP Code Insertion Vulnerabilities (20.04.2006)
 documentAliaksandr Hartsuyeu, [eVuln] MD News Authentication Bypass and SQL Injection Vulnerabilities (20.04.2006)
 documentbotan_(at)_linuxmail.org, EasyGallery Cross-Site Scripting (20.04.2006)
 documentr0t, W2B Online Banking vuln. (20.04.2006)
 documentr0t, Green Minute SQL inj. vuln. (20.04.2006)
 documentr0t, Net Clubs Pro XSS vuln (20.04.2006)
 documentr0t, Portal Pack 6 XSS vuln. (20.04.2006)
 documentr0t, IPB <= 2.1.5 SQL inj. vuln. (20.04.2006)
Files:PCPIN Chat <= 5.0.4 "login/language" remote cmmnds xctn
 ASPSitem <= 1.83 Remote SQL Injection Exploit
 PHPSurveyor <= 0.995 'save.php/surveyid' remote cmmnds xctn

Suid utilities (vixie-cron, shadow, ppp) user limits privilege escalation
updated since 26.05.2006
Published:06.07.2006
Source:
SecurityVulns ID:6191
Type:local
Threat Level:
8/10
Description:setuid() return code is not checked. It makes it possible to execute code with root privileges by exhausting user limits.
Affected:PPP : ppp 2.4
 Shadow : shadow 4.0
 VIXIE : cron 4.1
Original documentdocumentUBUNTU, [Full-disclosure] [USN-310-1] ppp vulnerability (06.07.2006)
 documentUBUNTU, [Full-disclosure] [USN-308-1] shadow vulnerability (06.07.2006)
 documentJustin M. Forbes, rPSA-2006-0082-1 vixie-cron (26.05.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod