Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 27.03.2006
Published:27.03.2006
Source:
SecurityVulns ID:5946
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:INFOPOP : UBBThreads 5.5
 PHPBB : phpBB 2.0
 INVISION : Invision Power Board 1.3
 PHPADSNEW : phpAdsNew 2.0
 PHPOPENADS : phpPgAds 2.0
 PHPMYFAMILY : phpmyfamily 1.4
 CUREPHP : CuteNews 1.4
 NUKEDKLAN : Nuked-Klan 1.7
 JELSOFT : vBulletin 3.5
 MININUKE : Mini-NUKE 1.8
 ABSOLUTELIVE : Absolute Live Support XE 2.0
 DSPORTAL : DSCounter 1.0
 DSPORTAL : DSDownload 1.0
 CUTECAST : CuteCast 1.2
 INFOPOP : UBBThreads 6.0
 EZHOMEPAGEPRO : EZHomepagePro 1.5
 ESCHOOL : E-School 1.0
 METISWARE : Metisware Instructor 1.3
 WEBHOSTINGAUTOMA : Helm Web Hosting Control Panel 3.2
 AZTEK : Aztek 4.0
 TFTGALLERY : TFT Gallery 0.10
 GBOOK : G-Book 1.0
 PHPTICKET : php ticket 0.71
 CALENDEREXPRESS : Calendar Express 2.2
 MEETINGRESERVE : Meeting Reserve 1.0
 SAPHPLESSON : SaphpLesson2.0
 MAMBO : AkoComment 2.0
Original documentdocumentdabdoub_mosikar_(at)_forislam.com, nuked-klan<=1.7.5 SQL Injection (27.03.2006)
 documentSECUNIA, [SA19397] uniForum "websecadmin.aspx" Cross-Site Scripting (27.03.2006)
 documentmfoxhacker_(at)_gmail.com, SQL injection in VGM Forbin. (27.03.2006)
 documentStefan Keller, AkoComment SQL injection vulnerability (27.03.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, SQL Injection in SaphpLesson2.0 (27.03.2006)
 documentSECUNIA, [SA19372] Meeting Reserve Cross-Site Scripting Vulnerability (27.03.2006)
 documentSECUNIA, [SA19393] Calender Express Cross-Site Scripting Vulnerability (27.03.2006)
 documentSECUNIA, [SA19415] Absolute Live Support XE Script Insertion Vulnerability (27.03.2006)
 documenth4cky0u, [Full-disclosure] HYSA-2006-007 phpmyfamily 1.4.1 CRLF injection & XSS (27.03.2006)
 documenth4cky0u, [Full-disclosure] HYSA-2006-006 G-Book 1.0 XSS And Other Vulnerabilities (27.03.2006)
 documentMatteo Beccati, [Full-disclosure] [PHPADSNEW-SA-2006-001] phpAdsNew and phpPgAds 2.0.8 fix multiple vulnerabilities (27.03.2006)
 documentr0t, Helm Web Hosting Control Panel XSS vuln. (27.03.2006)
 documentr0t, Metisware Instructor XSS vuln. (27.03.2006)
 documentr0t, E-School Management System XSS vuln. and Web Quiz pro XSS vuln. (27.03.2006)
 documentr0t, EZHomepagePro multiple XSS vuln. (27.03.2006)
 documentr0t, BlankOL XSS vuln. (27.03.2006)
 documentdabdoub_mosikar_(at)_forislam.com, UBBThreads<=5.5.1+6.0.2+6.0 br5+6.0.1 SQL injection (27.03.2006)
 documentSpiderZ, Xss Vbulletin 3.5.x ( test: 3.5.4 ) (27.03.2006)
 documentSpiderZ, phpBB v 2.0.X upload html .gif ( "not 2.0.19" ) (27.03.2006)
 documentSpiderZ, IPB v1.x upload html .gif (27.03.2006)
 documentSpiderZ, Mini-NUKE v1.8 (27.03.2006)
 documentSpiderZ, New exploit by SpiderZ (26.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] DSDownload Multiple SQL Injection Vulnerabilities (26.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability (26.03.2006)
Files:Topic infinitely exploit phpBB 2.0.19
 Search infinitely exploit phpBB 2.0.19
 ontinuous recordings CuteCast Version 1.2
 Exploits: Aztek 4.0 Gives Admin rights to a normal user
 CuteNews 1.4.1 (CutePHP.com) Hash password Finder
 tftgallery 0.10 exploit
 php ticket <= 0.71 exploit

Microsoft Office memory corruption
Published:27.03.2006
Source:
SecurityVulns ID:5948
Type:client
Threat Level:
5/10
Description:Memory corruption on XLS/XLW files parsing.
Affected:MICROSOFT : Office XP
Original documentdocumentposidron, Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 => 11.0.5612.0 (27.03.2006)
Files:Exploits Microsoft Excel memory corruption

libVC library buffer overflow
Published:27.03.2006
Source:
SecurityVulns ID:5949
Type:library
Threat Level:
6/10
Description:Buffer overflow in count_vcards( on VCF files parsing.
Affected:LIBVC : LibVC 003
Original documentdocumentSECUNIA, [SA19295] LibVC "count_vcards()" Buffer Overflow Vulnerability (27.03.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod