 |
|
|
|
| Acer TravelMate notebooks smart cards protection bypass | | Published: |  | 26.09.2005 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 5247 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | It's possible to bypass screen locking with help system. |
| PowerArchiver buffer overflow | | Published: | | 26.09.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5248 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on ARJ and ACE archives parsing. |
| Qpopper poppassd shared library privilege escalation | | Published: | | 26.09.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 5253 | | Type: | | local | | Level: | | 7/10 | | Description: | | User can specify shared library path for suid application. |
| Stoney FTPd buffer overflow | | Published: | | 26.09.2005 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 5251 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow in PORT FTP command. |
| Multiple MultiTheftAuto game server vulnerabilities | | Published: | | 26.09.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5256 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS (unallocated memory access), anonymous message-of-the-day (mod) modification. |
| 7-Zip archiver buffer overflow | | Published: | | 26.09.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5249 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on parsing ARJ archives. |
| Courier mail server crossite scripting | | Published: | | 26.09.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5250 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Internet Explorer Conditional Comments crossite scripting with sqwebmail. |
| Linux kernel fget() DoS | | Published: | | 26.09.2005 | | Source: | | SECUNIA | | SecurityVulns ID: | | 5258 | | Type: | | local | | Level: | | 5/10 | | Description: | | sockfd_put() call is missed in routing_ioctl(), leading to resource consumption and system crash. |
| Ruby safe level protection bypass | | Published: | | 26.09.2005 | | Source: | | SECUNIA | | SecurityVulns ID: | | 5260 | | Type: | | library | | Level: | | 5/10 | | Description: | | Error in eval.c in enforcing safe level protection. |
| Microsoft Windows win32k.sys DoS | | Published: | | 26.09.2005 | | Source: | | ****** | | SecurityVulns ID: | | 5245 | | Type: | | local | | Level: | | 5/10 | | Description: | | WM_CLOSE event for active drop-down menu causes system to crash. |
| wzdftpd unfiltered shell characters problem | | Published: | | 26.09.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5252 | | Type: | | remote | | Level: | | 6/10 | | Description: | | popen() unfiltered characters on SITE EXEC command. |
| Mozilla / Netscape / Firefox browsers buffer overflow | | Published: | | 26.09.2005 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 5254 | | Type: | | client | | Level: | | 6/10 | | Description: | | Buffer oveflow on "zero-width non-joiner" sequence of Arabic Unicode characters. |
| SecureW2 weak encryption | | Published: | | 26.09.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 5255 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Weak PRNG generation algorithm for TLS pre-master key. |
| MacOS X malloc() privilege escalation | | Published: | | 26.09.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 5257 | | Type: | | library | | Level: | | 7/10 | | Description: | | With MallocLogFile it's possible to overwrite any system file with application which uses malloc() function. |
| HylaFax symbolic links problem | | Published: | | 26.09.2005 | | Source: | | SECUNIA | | SecurityVulns ID: | | 5259 | | Type: | | local | | Level: | | 5/10 | | Description: | | Symbolic links problem on temporary file creation in xferfaxstats script. |
Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 26.09.2005 | | Published: | | 30.09.2005 | | Source: | | | | SecurityVulns ID: | | 5246 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | durito, просмотр файлов в JShop Server 1.3.0 (30.09.2005) |
| | | SECURITEAM, [UNIX] MAXdev MD-Pro Multiple Vulnerabilities (Code Execution, Path Disclosure and CSS) (29.09.2005) |
| | | Nenad Jovanovic, [Full-disclosure] Serendipity: Account Hijacking / CSRF Vulnerability (29.09.2005) |
| | | Moritz Naumann, [Full-disclosure] SquirrelMail Address Add Plugin XSS (29.09.2005) |
| | | retrogod_(at)_aliceposta.it, PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure (29.09.2005) |
| | | SECUNIA, [SA16963] CJ Web2Mail Cross-Site Scripting Vulnerabilities (28.09.2005) |
| | | SECUNIA, [SA16966] CJ Tag Board Cross-Site Scripting Vulnerabilities (28.09.2005) |
| | | SECUNIA, [SA16970] CJ LinkOut "123" Cross-Site Scripting Vulnerability (28.09.2005) |
| | | SECUNIA, [SA16945] jPortal Download Search SQL Injection Vulnerability (28.09.2005) |
| | | ghc_(at)_ghc.ru, SEO borad: SQL injection (28.09.2005) |
| | | x1ngbox_(at)_gmail.com, lucidCMS 1.0.11 is susceptible to a cross site scripting attack (28.09.2005) |
| | | Jose Antonio, Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities (28.09.2005) |
| | | SECUNIA, [SA16934] IPB Riverdark RSS Syndicator Module Cross-Site Scripting (27.09.2005) |
| | | SECUNIA, [SA16949] SEO-Board admin.php SQL Injection Vulnerability (27.09.2005) |
| | | SECUNIA, [SA16899] Movable Type Multiple Weaknesses and Vulnerabilities (26.09.2005) |
| | | SECUNIA, [SA16923] Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities (26.09.2005) |
| | | SECUNIA, [SA16908] PunBB Two Vulnerabilities (26.09.2005) |
| | | SECUNIA, [SA16903] Mall23 eCommerce "idOption_Dropdown_2" SQL Injection Vulnerability (26.09.2005) |
| | | qobaiashi_(at)_gmx.net, [Full-disclosure] ContentServ features remote file disclosure (26.09.2005) |
| | | Maksymilian Arciemowicz, [Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2 (26.09.2005) |
| | | retrogod_(at)_aliceposta.it, My Little Forum 1.5 / 1.6beta SQL Injection (26.09.2005) |
| | | retrogod_(at)_aliceposta.it, MailGust 1.9 SQL Injection (26.09.2005) |
| | | khc_(at)_bsdmail.org, AlstraSoft E-Friends Remote Command Exucetion (26.09.2005) |
| | | retrogod_(at)_aliceposta.it, PhpMyFAQ 1.5.1 multiple vulnerabilities (26.09.2005) |
| | | krasza_(at)_gmail.com, Sql injection in jPortal version 2.3.1 (module download) (26.09.2005) |
| | | retrogod_(at)_aliceposta.it, My Little Forum 1.5 / 1.6beta SQL Injection (26.09.2005) |
| | | morning_wood, [Full-disclosure] perldiver (26.09.2005) |
|
|
|
|
|
|
|
|
