 |
|
|
|
Streamripper buffer overflow
updated since 25.08.2006 | | Published: |  | 28.08.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6545 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Buffer overflow on HTTP headers parsing. |
| Multiple Fuji Xerox Printing Systems security vulnerabilities | | Published: | | 28.08.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6548 | | Type: | | remote | | Level: | | 5/10 | | Description: | | FTP bounce attack, unauthorized Web interface access. |
FreeBSD sppp buffer overflow
updated since 24.08.2006 | | Published: | | 28.08.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6541 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on synchronous PPP LCP option parsing. |
| Sun Solaris pkgadd weak permissions | | Published: | | 28.08.2006 | | Source: | | SECUNIA | | SecurityVulns ID: | | 6551 | | Type: | | remote | | Level: | | 5/10 | | Description: | | 755 or 777 access mode is set if "mode" field of package contains any ?. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 28.08.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6549 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | XOOPS : xoops 2.0 | | | | CUTEPHP : CuteNews 1.3 | | | | YAPIG : YaPiG 0.95 | | | | JUPITERPORTAL : Jupiter Cms 1.1 | | | | ASSAULTCMS : Assault Content Manager 1.2 | | | | MAMBO : Mambo 4.6 | | | | JOOMLA : Joomla 1.0 | | | | BIGACE : Bigace 1.8 | | | | JOOMLA : Joomla com_comprofiler 1.0 | | | | EFICTION : eFiction <2.0 | | | | CYBOZU : Cybozu Office 6.5 | | | | CYBOZU : Cybozu Share 360 2.5 | | | | CYBOZU : Cybozu Garoon 21 | | | | FOTOPHOLDER : Fotopholder 2.5 | | CVE: |  | CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 (com_weblinks) allows remote attackers to execute arbitrary SQL commands via the catid parameter.) | | | | CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module, and other unspecified vectors.) | | | | CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which reveals the path in various error messages, related to a jimport function call at the beginning of each script.) | | | | CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.) | | | | CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the text parameter in (4) plugins/search/contacts.php, (5) plugins/search/categories.php, or (6) plugins/search/sections.php; or (7) the email parameter in database/table/user.php, which is not properly handled by the check function.) |
| Original document |  | SECUNIA, [SA21648] Fotopholder "path" Cross-Site Scripting Vulnerability (28.08.2006) |
| | | TAN Chew Keong, [Full-disclosure] [vuln.sg] Cybozu Garoon 2 SQL Injection Vulnerabilities (28.08.2006) |
| | | TAN Chew Keong, [Full-disclosure] [vuln.sg] Cybozu Products Arbitrary File Retrieval Vulnerability (28.08.2006) |
| | | MILW0RM, eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability (28.08.2006) |
| | | matdhule_(at)_gmail.com, Mambo/Joomla com_comprofiler Components <== v1.0 RC 2 Multiple Remote File Include Vulnerabilities (28.08.2006) |
| | | D3nGeR_(at)_Gmail.CoM, Jetbox CMS search_function.php Remote File (28.08.2006) |
| | | D3nGeR_(at)_Gmail.CoM, Jupiter CMS 1.1.5 index.php Remote File Include (28.08.2006) |
| | | Omid, Sql injection in Xoops (28.08.2006) |
| | | night_warrior-_(at)_hotmail.com, AlstraSoft Video Share Enterprise Remote File Include Vulnerability (28.08.2006) |
| | | vampire_chiristof_(at)_yahoo.com, Bigace 1.8.2 (GLOBALS) Remote File Inclusion (28.08.2006) |
| | | Redworm_(at)_MaiL.Com, MyBB Html Injection ( XSS ) (28.08.2006) |
| | | Omid, Sql injection in Mambo & Joomla (28.08.2006) |
| | | stormhacker_(at)_hotmail.com, CuteNews 1.3.* Remote File Include Vulnerability (28.08.2006) |
| | | Kuon_(at)_Armorize.com, YaPiG thanks_comment.php Cross-Site Scripting Vulnerability (28.08.2006) |
| | | matrix_killer ma3x, Assault Content Manager v.1.2 Directory Traverlal Vulnerability (28.08.2006) |
| Citrix Metaframe privilege escalation | | Published: | | 28.08.2006 | | Source: | | SECURITEAM | | SecurityVulns ID: | | 6550 | | Type: | | local | | Level: | | 5/10 | | Description: | | Weak permissions for registry key allow user defined DLL to be attacjed to system level process. |
|
|
|
|
|
|
|
|
