Computer Security
[EN] securityvulns.ru no-pyccku


cURL command line download utility buffer overflow
updated since 20.03.2006
Published:28.03.2006
Source:
SecurityVulns ID:5910
Type:client
Threat Level:
6/10
Description:Buffer overflow on parsing tftp:// URL.
Affected:CURL : curl 7.15
 CURL : libcurl 7.15
 OPENOFFICE : OpenOffice 2.0
Original documentdocumentGENTOO, [ GLSA 200603-25 ] OpenOffice.org: Heap overflow in included libcurl (28.03.2006)
 documentUlf Harnhammar, [Full-disclosure] [SSAG#001] :: cURL tftp:// URL Buffer Overflow (20.03.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.03.2006
Source:
SecurityVulns ID:5950
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:GREYMATTER : Greymatter 1.3
 PHPCOIN : phpCOIN 1.2
 MAMBO : AkoComment 2.0
 CONNECTDAILY : Connect Daily 3.2
 CONTROLZX : CONTROLzx 3.3
 ACTIVECAMPAIGN : SupportTrio 2.5
 FUSIONZONE : couponZONE 4.2
 FUSIONZONE : realestateZONE 4.2
 FUSIONZONE : classifiedZONE 1.2
 VWAR : VWar 1.5
 CONFTOOL : ConfTool 1.1
 DSLOGIN : DSLogin 1.0
 MAIANWEBLOG : Maian Weblog 2.0
 MUSICBOX : Music Box 2.3
 PHPLIVEHELPER : phplivehelper 1.8
 PHPCOLLAB : phpCollab 2.5
 NETOFFICE : NetOffice 2.6
 CALENDAREVENT : Calendar Event 3.0
 SSLINKS : ssLinks 1.22
Original documentdocumentCyber Lords, XSS in ssLinks v1.22 (28.03.2006)
 documentCyber Lords, XSS in Calendar Event 3.0 (28.03.2006)
 documentCyber Lords, XSS in PowerNews (28.03.2006)
 documentSECUNIA, [SA19392] Mambo AkoComment Module SQL Injection Vulnerabilities (28.03.2006)
 documentSECUNIA, [SA19423] Greymatter gm-upload.cgi File Upload Vulnerability (28.03.2006)
 documentstormhacker_(at)_hotmail.com, PHPLiveHelper 1.8 remote command execution (include) Xploit (perl) (28.03.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, XSS & SQL Injection in Music Box v2.3 (28.03.2006)
 documentD.Snezhkov, [DDSi-SA] XSS in Raindance Communications Web Conferencing Pro (28.03.2006)
 documentdabdoub_mosikar_(at)_forislam.com, Blog Pixel Motion<=1.xx Authentication Bypass Vulnerability & SQL injection (28.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Maian Weblog Multiple SQL Injection Vulnerabilities (28.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] DSLogin Authentication Bypass Vulnerability (28.03.2006)
 documentbotan_(at)_linuxmail.org, CanfTool v1.1 Cross Site Scripting Attack (28.03.2006)
 documentuid0, VWar <= 1.5.0 R11 Remote Code Execution Exploit (28.03.2006)
 documentr0t, phpCOIN v1.2.2 XSS vuln. (28.03.2006)
 documentr0t, classifiedZONE v1.2 XSS vuln. (28.03.2006)
 documentr0t, realestateZONE 4.2 Multiple XSS vuln. (28.03.2006)
 documentr0t, couponZONE v.4.2 Multiple vuln. (28.03.2006)
 documentr0t, ActiveCampaign SupportTrio 2.5 vuln. (28.03.2006)
 documentr0t, CONTROLzx HMS - Hosting Management System vuln. (28.03.2006)
 documentr0t, Connect Daily Web Calendar Software Multiple XSS vuln. (28.03.2006)
Files:VWar <= 1.5.0 R11 Remote Code Execution Exploit
 PHPCollab v2.x / NetOffice v2.x sendpassword.php SQL Injection
 GREYMATTER Exploit
 Greymatter exploit

Symantec Veritas NetBackup network backup daemons multiple buffer overflows
Published:28.03.2006
Source:
SecurityVulns ID:5951
Type:remote
Threat Level:
7/10
Description:Buffer overflows in vnetd, volume manager, database manager.
Affected:SYMANTEC : Veritas NetBackup 6.0
Original documentdocumentZDI, TSRT-06-01: Symantec VERITAS NetBackup vnetd Buffer Overflow Vulnerability (28.03.2006)
 documentZDI, ZDI-06-006: Symantec VERITAS NetBackup Database Manager Buffer Overflow (28.03.2006)
 documentZDI, ZDI-06-005: Symantec VERITAS NetBackup Volume Manager Buffer Overflow (28.03.2006)

flex fast lexical analyzer generator buffer overflow
Published:28.03.2006
Source:
SecurityVulns ID:5952
Type:library
Threat Level:
5/10
Description:Buffer overflow on REJECT rule parsing.
Affected:FLEX : flex 2.5
Original documentdocumentDEBIAN, [SECURITY] [DSA 1020-1] New flex packages fix insecure code generation (28.03.2006)

Sun Solaris ps information leak
Published:28.03.2006
Source:
SecurityVulns ID:5953
Type:local
Threat Level:
5/10
Description:ps -e allows to see environment variables for any process.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
Original documentdocumentSECUNIA, [SA19426] Sun Solaris Process Environment Disclosure Security Issue (28.03.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod