Computer Security

Search:Vulnerability:26.11.2005
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Sun Solaris traceroute buffer overflow
updated since 25.06.2005
Published:26.11.2005
Source:BUGTRAQ
SecurityVulns ID:4930
Type:local
Level:6/10
Description:Buffer overflow on large number of -g arguments, on malformed -s argument allow raw socket access.
Affected:SUN : Solaris 10
Original documentdocumentSECUNIA, [SA17708] Sun Solaris traceroute Commandline Buffer Overflow Vulnerability (26.11.2005)
 documentPrzemyslaw Frasunek, Solaris 10 /usr/sbin/traceroute vulnerabilities (25.06.2005)
Files:Solaris 10 /usr/sbin/traceroute PoC
Discuss:Read or add your comments to this news (0 comments)

FreeFTP FTP Server buffer overflow
updated since 17.11.2005
Published:26.11.2005
Source:BUGTRAQ
SecurityVulns ID:5461
Type:remote
Level:5/10
Description:Buffer overflow in USER command.
Affected:FREEFTPD : FreeFTPd 1.0
Original documentdocumentSteve, freeFTPd 1.0.10 (Dos,Exploit) (26.11.2005)
 documentSECUNIA, [SA17583] Freeftpd USER Command Buffer Overflow Vulnerability (17.11.2005)
Files:freeFTPd (1.0.10) DoS Exploit
Discuss:Read or add your comments to this news (0 comments)

Gaim-Encryption plugin DoS
Published:26.11.2005
Source:SECUNIA
SecurityVulns ID:5482
Type:remote
Level:5/10
Description:Attempt to access unallocated memory on keys parsing.
Affected:GAIM : Gaim-Encryption 2.38
Original documentdocumentSECUNIA, [SA17739] Gaim-Encryption Malformed Encrypted Message Denial of Service (26.11.2005)
Discuss:Read or add your comments to this news (0 comments)

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 21.11.2005
Published:26.11.2005
Source:
SecurityVulns ID:5468
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ALSTRASOFT : EPay Pro 2.0
 PHPFUSION : PHP-Fusion 6.0
 EQUICKCART : e-Quick Cart
 TORRENTIAL : Torrential 1.2
 EASYBE : 1-2-3 music store 1.0
 EZYHELPDESK : ezyhelpdesk 1.0
 PHPPOST : PHPPost 1.0
 COMDEVWEB : Vote Caster 3.1
 DESKLANCE : DeskLance 2.3
 IDEVSPOT : iSupport 1.06
 DMANEWS : DMANews 0.904
 ENTEGRAL : Entergal MX 2.0
 WOWBB : WowBB 1.65
 PHPPOST : PHP-Post 1.0
 SOFTBIZSCRIPT : Softbiz Web Host Directory 1.1
 OVBB : OvBB
 ACTIVECAMPAIGN : KnowledgeBuilder 2.5
 AGILEBILL : AgileBill 1.4
 JETTY : Jetty 5.1
 PMWIKI : PmWiki 2.0
 VHCS : VHCS 2.2
 ZONEO : freeForum 1.1
 PANCAKE : Zina 0.12
 ACTIVECAMPAIGN : SupportTrio 1.4
 HORDE : Horde 3.0
 PBLANG : PBLang 4.65
 ZORUM : zorum 3.5
 VUBB : VUBB
 JELSOFT : vBulletin 3.5
 APACHE : Struts 1.2
 PHPZENTRALE : APBoard
 JOOMLA : Joomla! 1.0
 NUKEET : Nuke ET 3.2
 COMMODITYRENTALS : Commodity Rentals 2.0
 DIGISHOP : digiSHOP 3.1
 AFFCOMMERCE : Affcommerce 1.1
 OMNISTARLIVE : Omnistar Live 5.2
 PHPLABS : Survey Wizard
 PHPLABS : Top Auction
 TUNEZ : Tunez 1.21
 WSNFORUM : WSN Forum 1.21
 OTRS : OTRS 2.0
 GREYWYVERN : Orca forum 4.3
 PHPWORDPRESS : Article Manager 3.0
 KAYAKO : SupportSuite 3.00
 ONLINETECHTOOLS : OWOS Lite 3.0
 ONLINETECHTOOLS : OKBSYS Lite 1.0
 CENTRALMANCLC : Helpdesk Issue Manager 0.9
 SMBCMS : SMBCMS 2.1
 PDJKEELAN : pdjk-support 1.1
 FORPERFECT : cSupport 1.0
 FANTASTICNEWS : Fantastic News 2.1
 LOGICBILL : LogicBill 1.0
 EZINVOICEINC : EZ Invoice Inc 2.0
 CLIENTEXEC : Clientexec 2.3
 DRZES : DRZES HMS 3.2
 CSCART : CS-Cart
 BOSDEV : BosDates 4.0
 QUALITYUNIT : Post Affiliate Pro 2.0
 GHOSTSCRIPTER : Amazon Shop 5.0
 EFICTION : eFiction 2.0
 KPLAYLIST : kPlaylist 1.6
 HYDROBB : HydroBB 1.0
 VOTEPRO : Vote! Pro 4.0
 FREEMED : FreeMED 0.8
 VTIGER : Vtiger CRM 4.2
 NICECODER : iDesk 1.0
 ISOLSOFT : IsolSoft Support Center 2.2
 SNEWS : sNews 1.3
 ONLINETECHTOOLS : OASYS Lite 1.0
 DAPPERDESK : DapperDesk 3.0
 SYSBOTZ : Systems Panel 1.0
 HELPDESKPOINT : HelpDeskPoint 2.38
 BLOGBUDDIES : blogBuddies 0.3
Original documentdocumentr0xes_(at)_7NA.org, XSS in PBLang 4.65 Profile.php/UCP.php (26.11.2005)
 documentSECUNIA, [SA17706] PHP-Post Cross-Site Scripting and Script Insertion Vulnerabilities (26.11.2005)
 documentSECUNIA, [SA17741] blogBuddies Cross-Site Scripting Vulnerabilities (26.11.2005)
 documentSECUNIA, [SA17736] SmartPPC Pro "username" Cross-Site Scripting Vulnerability (26.11.2005)
 documentDaniel Fabian, SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM (26.11.2005)
 documentretrogod_(at)_aliceposta.it, eFiction <= 2.0 multiple vulnerabilities (26.11.2005)
 documentr0t, DMANews Multiple SQL inj. vuln. (26.11.2005)
 documentr0t, Fantastic News "category" SQL inj. (26.11.2005)
 documentr0t, LogicBill 1.0 SQL inj. (26.11.2005)
 documentr0t, EZ Invoice Inc™ v 2.0 SQL inj. (26.11.2005)
 documentr0t, Clientexec 2.x Multiple SQL inj. (26.11.2005)
 documentr0t, DRZES HMS 3.2 Multiple vuln. (26.11.2005)
 documentr0t, CS-Cart SQL inj. vuln. (26.11.2005)
 documentr0t, Entergal MX V2.0 SQL vuln. (26.11.2005)
 documentr0t, BosDates v4.0 SQL vuln (26.11.2005)
 documentr0t, Post Affiliate Pro 2.0.x Vuln. (26.11.2005)
 documentr0t, Amazon Shop 5.0.0 XSS vuln. (26.11.2005)
 documentr0t, WowBB 1.65 vuln. (26.11.2005)
 documentr0t, Zorum Forum 3.5 "rollid" SQL inj. vuln. (26.11.2005)
 documentr0t, VBulletin 3.5.1 XSS vuln. (26.11.2005)
 documentChristopher Kunz, [Full-disclosure] Advisory 23/2005: vTiger multiple vulnerabilities (25.11.2005)
 documentr0t, phpWordPress 3.0 SQL inj. (25.11.2005)
 documentr0t, sNews 1.3 SQL injection. (25.11.2005)
 documentr0t, Kayako SupportSuite v3.00.x Full path Disclosure . (25.11.2005)
 documentr0t, OWOS Lite 3.0 SQL inj. (25.11.2005)
 documentr0t, OASYS Lite 1.0 "search.asp" XSS vuln. (25.11.2005)
 documentr0t, OKBSYS Lite 1.0 "search.asp" XSS vuln. (25.11.2005)
 documentr0t, Helpdesk Issue Manager v0.9 SQL inj. (25.11.2005)
 documentr0t, SMBCMS v2.1 SQL injection. (25.11.2005)
 documentr0t, DapperDesk 3.0.x "page" SQL inj. (25.11.2005)
 documentr0t, Systems Panel v1.0.x Multiple SQL inj. (25.11.2005)
 documentr0t, pdjk-support suite sql inj. (25.11.2005)
 documentr0t, AgileBill 1.4.x "id" sql injection. (25.11.2005)
 documentr0t, cSupport "pg" SQL inj. (25.11.2005)
 documentr0t, iSupport 1.x "include_file" SQL inj. (25.11.2005)
 documentr0t, HelpDeskPoint Free Help Desk Software SQL inj. (25.11.2005)
 documentr0t, IsolSoft Support Center SQL inj. (24.11.2005)
 documentr0t, iDesk "cat_id" SQL inj. (24.11.2005)
 documentr0t, DeskLance Vuln. (24.11.2005)
 documentSECUNIA, [SA17693] vtiger CRM Multiple Vulnerabilities (24.11.2005)
 documentSECUNIA, [SA17693] vtiger CRM Multiple Vulnerabilities (24.11.2005)
 documentSECUNIA, [SA17674] FreeMED XML_RPC PHP Code Execution Vulnerability (24.11.2005)
 documentSECUNIA, [SA17674] FreeMED XML_RPC PHP Code Execution Vulnerability (24.11.2005)
 documentr0t, ActiveCampaign SupportTrio SQL inj. (24.11.2005)
 documentr0t, ActiveCampaign KnowledgeBuilder Vuln. (24.11.2005)
 documentr0t, Zina SQL injection vulnerability. (24.11.2005)
 documentr0t, OvBB SQL vulnerabilities. (24.11.2005)
 documentr0t, freeForum 1.x "cat" "thread" SQL inj. (24.11.2005)
 documentr0t, Orca forum 4.3.x "msg" Sql inj. (24.11.2005)
 documentr0t, Softbiz Web Host Directory Script Multiple vuln. (24.11.2005)
 documentr0t, VUBB Forum SQL and XSS vuln. (24.11.2005)
 documentr0t, Vote! Pro 4.x "poll_id" Sql inj. (23.11.2005)
 documentr0t, Vote Caster 3.x SQL Inj. Vuln. (23.11.2005)
 documentdaniel.schreckling_(at)_informatik.uni-hamburg.de, Horde MIME Viewer vulnerability (23.11.2005)
 documentMoritz Naumann, OTRS 1.x/2.x Multiple Security Issues (23.11.2005)
 documentMoritz Naumann, VHCS 2.x HTTP Error Cross Site Scripting (23.11.2005)
 documentalireza hassani, [KAPDA::#14] - PHPPost XSS and HTML Injection (23.11.2005)
 documentMoritz Naumann, PmWiki 2.0.12 Cross Site Scripting (23.11.2005)
 documentr0t, WSN Forum "id" SQL Injection Vulnerability (23.11.2005)
 documentr0t, XSS in HydroBB (23.11.2005)
 documentr0t, Tunez SQL and XSS vuln. (23.11.2005)
 documentr0t, kPlaylist XSS vuln. (23.11.2005)
 documentr0t, Top Auction Multiple SQL Vuln. (23.11.2005)
 documentr0t, Survey Wizard "sid" SQL injection vuln. (23.11.2005)
 documentr0t, SupportPRO Supportdesk XSS vuln. (23.11.2005)
 documentr0t, Omnistar Live "id" and "category_id" SQL inj. (23.11.2005)
 documentr0t, ezyhelpdesk Multiple Sql inj (23.11.2005)
 documentr0t, Affcommerce Multiple Sql inj. (23.11.2005)
 documentr0t, digiSHOP 3.x SQL injection vuln. (23.11.2005)
 documentr0t, Commodity Rentals 2.x "user_id" Sql inj. (23.11.2005)
 documentr0t, 1-2-3 music store "AlbumID" Sql injection. (23.11.2005)
 documentSECUNIA, [SA17638] Nuke ET "query" SQL Injection Vulnerability (23.11.2005)
 documentSECUNIA, [SA17675] Joomla! SQL Injection and Cross-Site Scripting Vulnerabilities (23.11.2005)
 documentShell, [Full-disclosure] Torrential 1.2 getdox.php Directory Traversal (22.11.2005)
 documentksa_ksa82_(at)_hotmail.com, APBoard v [all] ---> [SQL injection] (22.11.2005)
 documentr0t, AlstraSoft EPay Pro "pmodule" SQL Injection Vulnerability (22.11.2005)
 documentSECUNIA, [SA17659] Jetty JSP Source Code Disclosure Vulnerability (21.11.2005)
 documentIrene Abezgauz, [Full-disclosure] Security Advisory: Struts Error Message Cross Site Scripting (21.11.2005)
 documentSECUNIA, [SA17664] PHP-Fusion SQL Injection Vulnerabilities (21.11.2005)
 documentSECUNIA, [SA17652] e-Quick Cart SQL Injection Vulnerabilities (21.11.2005)
Files:eFiction <= 2.0 fake GIF Shell Upload
Discuss:Read or add your comments to this news (1 comments)

SpeedProject multiple archiver buffer overflow
updated since 26.11.2005
Published:27.04.2006
Source:BUGTRAQ
SecurityVulns ID:5481
Type:client
Level:5/10
Description:Buffer overflows on ZIP, ACE and UUEncode formats parsing.
Affected:SPEEDPROJECT : ZipStar 5.0
 SPEEDPROJECT : Squeez 5.0
 SPEEDCOMMANDER : SpeedCommander 11.0
 SPEEDPROJECT : SpeedCommander 10.51
 SPEEDPROJECT : Squeez 5.10
 SPEEDPROJECT : SpeedCommander 10.52
Original documentdocumentSECUNIA, Secunia Research: SpeedProject Products ACE Archive Handling Buffer Overflow (27.04.2006)
 documentSECUNIA, [SA19473] SpeedProject Products ACE Archive Handling Buffer Overflow (26.04.2006)
 documentSECUNIA, Secunia Research: SpeedProject Products ZIP/UUE File Extraction Buffer Overflow (26.11.2005)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Ðåéòèíã@Mail.ru