Computer Security

Search:Vulnerability:28.05.2005
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



PHP, ASP, CGI web applications security vulnerabilities
updated since 23.05.2005
Published:28.05.2005
Source:
SecurityVulns ID:4815
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.
Affected:INVISION : Invision Power Board 2.0
 INVISION : Invision Power Board 1.3
 POSTNUKE : PostNuke 0.760
 WORDPRESS : WordPress 1.5
 MYBLOGGIE : myBloggie 2.1
 WEBAPP : WebAPP 0.9
 POSTNUKE : PostNuke 0.750
 PORTAILPHP : PortailPHP 1.3
 PHPMYCART : PHPMyCart 1.3
 JIRO : JiRo's Statistics System 1.0
 COOKIECART : Cookie Cart 4.0
 BLUECOAT : Blue Coat Reporter 7.1
 NEWSLETTEREZ : NewsletterEz 3.0
 GFORGE : gforge 3.1
 MIVA : Miva Merchant 4.0
 FUNKYASP : FunkyASP AD System 1.1
 PHPPC : PHP Poll Creator 1.01
 MAXWEBPORTAL : MaxWebPortal 1.36
 MAXWEBPORTAL : MaxWebPortal 2.0
 ZONGG : ZonGG 1.2
 JAWSGLOSSARY : Jaws Glossary 0.4
 JAWSGLOSSARY : Jaws Glossary 0.5
 PHPSTAT : PhpStat
Original documentdocumentSoulBlack Group, PHP Stat Administrative User Authentication Bypass (28.05.2005)
 documentRapigator, [Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability (28.05.2005)
 documentAlberto Trivero, Microsoft Outlook Express 6.00.2800.1106 (28.05.2005)
 documentNah, [Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version)) (28.05.2005)
 documentSECUNIA, [SA15515] ZonGG "password" SQL Injection Vulnerability (27.05.2005)
 documentSECURITEAM, [EXPL] MaxWebPortal Administrator Password Retrieval (Exploit) (27.05.2005)
 documentPetey Beege, Invision Power Board 1.* and 2.* Exploit (BID 13529) (27.05.2005)
 documentrash ilusion, PHP Injection in PHP Poll Creator (26.05.2005)
 documentSECUNIA, [SA15494] FunkyASP AD System "password" SQL Injection Vulnerability (25.05.2005)
 documentKristian Hermansen, [Full-disclosure] Miva Merchant 4.x Tax Calculation Bypass Vulnerability w/ PoC (25.05.2005)
 documentFilippo Spike Morelli, Gforge - viewFile.php security flaw (25.05.2005)
 documentSECUNIA, [SA15469] NewsletterEz "Password" SQL Injection Vulnerability (24.05.2005)
 documentSECUNIA, [SA15452] Blue Coat Reporter Multiple Unspecified Vulnerabilities (24.05.2005)
 documentSECURITEAM, [UNIX] WordPress Multiple Vulnerability (wp-trackback.php) (24.05.2005)
 documentSECUNIA, [SA15448] Cookie Cart Exposure of Order Notifications and Passwords (23.05.2005)
 documentSECUNIA, [SA15443] JiRo's Statistics System "Password" SQL Injection Vulnerability (23.05.2005)
 documentSECURITEAM, [UNIX] WebApp Arbitrary Code Execution (apage.cgi, Exploit) (23.05.2005)
 documentmircia mircia, PHPMyCart (latest) is vulnerable to XSS (23.05.2005)
 documentCENSORED, SQL èíúåêöèè â PortailPHP (23.05.2005)
 documentMaksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke SQL Injection 0.750=>x (23.05.2005)
 documentMaksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x (23.05.2005)
 documentMaksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke XSS and Full path disclosure 0.760RC3=>x (23.05.2005)
 documentMaksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke XSS 0.760{RC2,RC3} (23.05.2005)
Files:SQL Injection Exploit for WordPress <= 1.5.1.1
Discuss:Read or add your comments to this news (0 comments)

ClamAV antivirus MacOS X shell characters problem
Published:28.05.2005
Source:BUGTRAQ
SecurityVulns ID:4836
Type:remote
Level:6/10
Description:Shell characters are not filtered in filename than external 'ditto' command in executed with system().
Affected:CLAMAV : ClamAV 0.80
Original documentdocumentTim, [Full-disclosure] ClamAV: Local Privilege Escalation Vulnerability On MacOS [SCN Advisory #04] (28.05.2005)
Discuss:Read or add your comments to this news (0 comments)

Bea Weblogic application server Server Console crossite scripting
updated since 25.05.2005
Published:28.05.2005
Source:BUGTRAQ
SecurityVulns ID:4823
Type:remote
Level:5/10
Description:Crossite scripting; no session cookie timeout is implemented.
Affected:BEA : Weblogic 8.1
Original documentdocumentSHATTER, [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability (28.05.2005)
 documentSHATTER, [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability (28.05.2005)
 documentACROS Security, ACROS Security: HTML Injection in BEA WebLogic Server Console (1) (25.05.2005)
 documentACROS Security, ACROS Security: HTML Injection in BEA WebLogic Server Console (2) (25.05.2005)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Ðåéòèíã@Mail.ru