IpSwitch WS_FTP Server buffer overflow updated since 18.09.2006
Published:		27.09.2006
Source:		BUGTRAQ
SecurityVulns ID:		6624
Type:		remote
Level:		6/10
Description:		Buffer overflow in XCRC, XSHA1, XMD5, Checksum FTP commands.

Affected:

IPSWITCH : WS_FTP Server 5.05

Original document		ZDI, ZDI-06-029: Ipswitch WS_FTP Server Checksum Command Parsing Buffer Overflow Vulnerabilities (27.09.2006)
		SECUNIA, [SA21932] WS_FTP Server FTP Commands Buffer Overflow Vulnerability (18.09.2006)

Files:		WS-FTP Server 5.05 XMD5 Overflow (metasploit)
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Windows / Internet Explorer 0-day vulnerability updated since 20.09.2006
Published:		27.09.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6629
Type:		client
Level:		10/10
Description:		Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		MICROSOFT, Microsoft Security Bulletin MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486) (27.09.2006)
		CERT, US-CERT Vulnerability Note VU#416092 (20.09.2006)
		Eric Sites, [Full-disclosure] [SECURITY] Sunbelt Software: New Microsoft Internet Explorer Expolit - 9-18-2006 (20.09.2006)

Files:		Exploits Microsoft Internet Explorer VML Remote Buffer Overflow (Windows XP SP0-SP1 + Windows 2000 SP4)
		Internet Explorer VML Buffer Overflow Download Exec Exploit
		Microsoft Internet Explorer VML Remote Buffer Overflow Exploit (0day) Works on all Windows XP versions including SP2
		MS Internet Explorer (VML) Remote Denial of Service Exploit PoC
		Microsoft Security Bulletin MS06-055 Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)
		Microsoft Security Advisory (925568) Vulnerability in Vector Markup Language Could Allow Remote Code Execution
Discuss:		Read or add your comments to this news (1 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		27.09.2006
Source:		BUGTRAQ
SecurityVulns ID:		6654
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		VBULLETIN : Vbulletin 2.3
		PHPMYCHAT : phpMyChat 0.14
		QB : QuickBlogger 1.4
		VTIGER : Vtiger CRM 5
		WEBNEWS : webnews 1.4
		JAF : JAF CMS 4.0
		PHPINVOICE : PHP Invoice 2.2
		PHPMYCHAT : phpMyChat 0.1
		BACKEND : Back-end 0.4
		PHPNEWS : php_news 2.0
		DANPHPSUPPORT : DanPHPSupport 0.5

Original document		h4ck3riran_(at)_yahoo.com, WebspotBlogging => 3.0 Remote File Include Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, DanPHPSupport => 0.5 Cross Site Scripting Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, QB ( QuickBlogger ) =>1.4 Remote File Include Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, php_news => 2.0 Remote File Include Vulnerabilities (27.09.2006)
		h4ck3riran_(at)_yahoo.com, Back-end => 0.4.5 Remote File Include Vulnerabilities (27.09.2006)
		HACKERS PAL, CubeCart Multiple input Validation vulnerabilities (27.09.2006)
		HACKERS PAL, Vbulletin 2.X sql injection (27.09.2006)
		chris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #13 - phpMyChat 0.1 (ChatPath) Remote File Inclusion (27.09.2006)
		meto5757_(at)_hotmail.com, PHP Invoice 2.2 (Billing and client Management) home.php Xss vuln. (27.09.2006)
		stormhacker_(at)_hotmail.com, WD25:- Deparcq Pieter project File Include Vulnerability (27.09.2006)
		nanoymaster_(at)_gmail.com, JAF CMS 4.0 RC1 multiple vulnerabilities (27.09.2006)
		ali ali, webnews <= v1.4 (WN_BASEDIR) Remote File Inclusion Exploit (27.09.2006)
		crackers child, phpMyChat 0.14.5 Remote File Include Vulnerability (27.09.2006)
		crackers child, vtiger CRM 5 Beta Remote File Include Vulnerability (27.09.2006)

Files:		CubeCart Remote sql injection exploit
Discuss:		Read or add your comments to this news (0 comments)