Computer Security
[EN] securityvulns.ru no-pyccku


NaviCOPA Web Server buffer overflow
Published:28.09.2006
Source:
SecurityVulns ID:6658
Type:remote
Threat Level:
5/10
Description:Buffer overflow on oversized GET request.
CVE:CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.)
Files:NaviCOPA Web Server 2.01 0day Remote Buffer Overflow Exploit
 Navicopa 2.01 Buffer Overflow

Sun Solaris syslog DoS
Published:28.09.2006
Source:
SecurityVulns ID:6659
Type:remote
Threat Level:
5/10
Original documentdocumentSECUNIA, [SA22083] Sun Solaris "syslog" Denial of Service Vulnerability (28.09.2006)

HP-UX CIFS Server privilege scalation
Published:28.09.2006
Source:
SecurityVulns ID:6660
Type:local
Threat Level:
5/10
Affected:HP : HP-UX 11.11
 HP : HP-UX 11.23
Original documentdocumentSECUNIA, [SA22079] HP-UX CIFS Server Security Bypass and Privilege Escalation (28.09.2006)

Sun Solaris kernel SSL proxy server DoS
Published:28.09.2006
Source:
SecurityVulns ID:6662
Type:remote
Threat Level:
5/10
Original documentdocumentSECUNIA, [SA22136] Sun Solaris Kernel SSL Denial of Service Vulnerability (28.09.2006)

IBM AIX utilities multiple security vulnerabilities
updated since 26.09.2006
Published:28.09.2006
Source:
SecurityVulns ID:6653
Type:local
Threat Level:
6/10
Description:Xclock buffer overflow; utape, cfgmgr, rdist, uucp, snappd, named8 and mkvg privilege escalation; slip.login and Inventory Scout arbitrary file overwrite.
Affected:IBM : AIX 5.3
Original documentdocumentSECUNIA, [SA22119] IBM AIX "utape" Privilege Escalation Vulnerability (28.09.2006)
 documentSECUNIA, [SA22099] IBM AIX rdist Privlege Escalation Vulnerability (28.09.2006)
 documentSECUNIA, [SA22112] IBM AIX "cfgmgr" Privilege Escalation Vulnerability (28.09.2006)
 documentSECUNIA, [SA22105] IBM AIX uucp Privilege Escalation Vulnerability (28.09.2006)
 documentSECUNIA, [SA22108] IBM AIX snappd Privilege Escalation Vulnerability (28.09.2006)
 documentSECUNIA, [SA22111] IBM AIX slip.login Privilege Escalation Vulnerability (26.09.2006)
 documentSECUNIA, [SA22062] IBM AIX Inventory Scout Arbitrary File Overwrite Vulnerability (26.09.2006)
 documentSECUNIA, [SA22106] IBM AIX mkvg Privilege Escalation Vulnerability (26.09.2006)
 documentSECUNIA, [SA22102] IBM AIX named8 Privilege Escalation Vulnerability (26.09.2006)
 documentSECUNIA, [SA22098] IBM AIX xlock Buffer Overflow Vulnerability (26.09.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.09.2006
Source:
SecurityVulns ID:6655
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPTIAL : Opial Audio/Video Download Management 1.0
 COMDEV : Comdev Events Calendar 3.1
 COMDEV : Comdev Newsletter 3.1
 COMDEV : Comdev FAQ Support 3.1
 COMDEV : Comdev Guestbook 3.1
 COMDEV : Comdev eCommerce 3.1
 COMDEV : Comdev CSV Importer 3.1
 COMDEV : Comdev Web Blogger 3.1
 COMDEV : Comdev Customer Helpdesk 3.1
 COMDEV : Comdev Vote Caster 3.1
 COMDEV : Comdev Contact Form 3.1
 COMDEV : Comdev News Publisher 3.1
 COMDEV : Comdev Photo Gallery 3.1
 COMDEV : Comdev Links Directory 3.1
 VIRTUEMART : VirtueMart Joomla eCommerce Edition 1.0
 ABLOG : A-Blog 2.0
 NEWSWRITER : Newswriter SW 1.42
 KIETU : Kietu 4.0
 EYEOS : eyeOS 0.9
 PABUGS : psBugs 2.0
CVE:CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.)
 CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentSECUNIA, [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities (28.09.2006)
 documentSECUNIA, [SA22092] Opial Audio/Video Download Management Cross-Site Scripting (28.09.2006)
 documentSECUNIA, [SA22117] eyeOS Cross-Site Scripting Vulnerabilities (28.09.2006)
 documentD_7J, Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit (28.09.2006)
 documentco-type_(at)_hotmail.com, Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability (28.09.2006)
 documentv1per-haCker, A-Blog v2.0 Remote File Include (28.09.2006)
 documentifx_(at)_cupu.us, bug com_madeira (28.09.2006)
 documentBase64, VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities (28.09.2006)
 documentstormhacker_(at)_hotmail.com, net2ftp: a web based FTP client :) <= Remote File Inclusion (28.09.2006)
 documentvannovax_(at)_gmail.com, MkPortal Cross Site Scripting (All versions) xSS (28.09.2006)
 documentstormhacker_(at)_hotmail.com, PHPSelect Web Development Division <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Newsletter 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev FAQ Support 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Guestbook 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev eCommerce 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev CSV Importer 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Web Blogger 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Vote Caster 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Contact Form 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev News Publisher 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Photo Gallery 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Links Directory 3.1 :) <= Remote File Inclusion (28.09.2006)
 documentstormhacker_(at)_hotmail.com, Comdev Events Calendar 3.1 :) <= Remote File Inclusion (28.09.2006)
Files:Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit
 Newswriter SW v1.4.2 Remote File Include Exploit
 paBugs <= 2.0 Beta 3 Remote File Include Exploit

Multiple OpenSSH security vulnerabilities
updated since 28.09.2006
Published:03.10.2008
Source:
SecurityVulns ID:6657
Type:remote
Threat Level:
6/10
Description:Multiple different DoS conditions.
Affected:OPENSSH : OpenSSH 4.3
 OPENSSH : OpenSSH 4.6
CVE:CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.)
 CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.)
Original documentdocumentUBUNTU, [USN-649-1] OpenSSH vulnerabilities (03.10.2008)
 documentDEBIAN, [SECURITY] [DSA 1638-1] New openssh packages fix denial of service (20.09.2008)
 documentOPENSSH, OpenSSH 4.4 is available (28.09.2006)
Files:OpenSSH CRC compensation attack detection DoS PoC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod