Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		28.09.2006
Source:
SecurityVulns ID:		6655
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		OPTIAL : Opial Audio/Video Download Management 1.0
		COMDEV : Comdev Events Calendar 3.1
		COMDEV : Comdev Newsletter 3.1
		COMDEV : Comdev FAQ Support 3.1
		COMDEV : Comdev Guestbook 3.1
		COMDEV : Comdev eCommerce 3.1
		COMDEV : Comdev CSV Importer 3.1
		COMDEV : Comdev Web Blogger 3.1
		COMDEV : Comdev Customer Helpdesk 3.1
		COMDEV : Comdev Vote Caster 3.1
		COMDEV : Comdev Contact Form 3.1
		COMDEV : Comdev News Publisher 3.1
		COMDEV : Comdev Photo Gallery 3.1
		COMDEV : Comdev Links Directory 3.1
		VIRTUEMART : VirtueMart Joomla eCommerce Edition 1.0
		ABLOG : A-Blog 2.0
		NEWSWRITER : Newswriter SW 1.42
		KIETU : Kietu 4.0
		EYEOS : eyeOS 0.9
		PABUGS : psBugs 2.0
CVE:		CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might overlap CVE-2007-0376.)
		CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)

Original document		SECUNIA, [SA22122] PhotoStore Cross-Site Scripting Vulnerabilities (28.09.2006)
		SECUNIA, [SA22092] Opial Audio/Video Download Management Cross-Site Scripting (28.09.2006)
		SECUNIA, [SA22117] eyeOS Cross-Site Scripting Vulnerabilities (28.09.2006)
		D_7J, Kietu? <= v4.0.0b2z (url_hit) Remote File Inclusion Exploit (28.09.2006)
		co-type_(at)_hotmail.com, Newswriter SW <= 1.42 (NWCONF_SYSTEM[server_path]) Remote File Inclusion Vulnerability (28.09.2006)
		v1per-haCker, A-Blog v2.0 Remote File Include (28.09.2006)
		ifx_(at)_cupu.us, bug com_madeira (28.09.2006)
		Base64, VirtueMart Joomla eCommerce Edition CMS Multiple XSS Vulnerabilities (28.09.2006)
		stormhacker_(at)_hotmail.com, net2ftp: a web based FTP client :) <= Remote File Inclusion (28.09.2006)
		vannovax_(at)_gmail.com, MkPortal Cross Site Scripting (All versions) xSS (28.09.2006)
		stormhacker_(at)_hotmail.com, PHPSelect Web Development Division <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Newsletter 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev FAQ Support 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Guestbook 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev eCommerce 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev CSV Importer 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Web Blogger 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Customer Helpdesk 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Vote Caster 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Contact Form 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev News Publisher 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Photo Gallery 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Links Directory 3.1 :) <= Remote File Inclusion (28.09.2006)
		stormhacker_(at)_hotmail.com, Comdev Events Calendar 3.1 :) <= Remote File Inclusion (28.09.2006)

Files:		Newswriter SW v1.4.2 Remote File Include Exploit
		paBugs <= 2.0 Beta 3 Remote File Include Exploit
		Blog Pixel Motion V2.1.1 PHP Code Execution / Create Admin Exploit
Discuss:		Read or add your comments to this news (0 comments)

Sun Solaris kernel SSL proxy server DoS
Published:		28.09.2006
Source:		SECUNIA
SecurityVulns ID:		6662
Type:		remote
Level:		5/10

Original document

SECUNIA, [SA22136] Sun Solaris Kernel SSL Denial of Service Vulnerability (28.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

Sun Solaris syslog DoS
Published:		28.09.2006
Source:		SECUNIA
SecurityVulns ID:		6659
Type:		remote
Level:		5/10

Original document

SECUNIA, [SA22083] Sun Solaris "syslog" Denial of Service Vulnerability (28.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

HP-UX CIFS Server privilege scalation
Published:		28.09.2006
Source:		SECUNIA
SecurityVulns ID:		6660
Type:		local
Level:		5/10

Affected:		HP : HP-UX 11.11
		HP : HP-UX 11.23

Original document

SECUNIA, [SA22079] HP-UX CIFS Server Security Bypass and Privilege Escalation (28.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

IBM AIX utilities multiple security vulnerabilities updated since 26.09.2006
Published:		28.09.2006
Source:		SECUNIA
SecurityVulns ID:		6653
Type:		local
Level:		6/10
Description:		Xclock buffer overflow; utape, cfgmgr, rdist, uucp, snappd, named8 and mkvg privilege escalation; slip.login and Inventory Scout arbitrary file overwrite.

Affected:

IBM : AIX 5.3

Original document		SECUNIA, [SA22119] IBM AIX "utape" Privilege Escalation Vulnerability (28.09.2006)
		SECUNIA, [SA22099] IBM AIX rdist Privlege Escalation Vulnerability (28.09.2006)
		SECUNIA, [SA22112] IBM AIX "cfgmgr" Privilege Escalation Vulnerability (28.09.2006)
		SECUNIA, [SA22105] IBM AIX uucp Privilege Escalation Vulnerability (28.09.2006)
		SECUNIA, [SA22108] IBM AIX snappd Privilege Escalation Vulnerability (28.09.2006)
		SECUNIA, [SA22111] IBM AIX slip.login Privilege Escalation Vulnerability (26.09.2006)
		SECUNIA, [SA22062] IBM AIX Inventory Scout Arbitrary File Overwrite Vulnerability (26.09.2006)
		SECUNIA, [SA22106] IBM AIX mkvg Privilege Escalation Vulnerability (26.09.2006)
		SECUNIA, [SA22102] IBM AIX named8 Privilege Escalation Vulnerability (26.09.2006)
		SECUNIA, [SA22098] IBM AIX xlock Buffer Overflow Vulnerability (26.09.2006)

Discuss:

Read or add your comments to this news (0 comments)

NaviCOPA Web Server buffer overflow
Published:		28.09.2006
Source:		MILW0RM
SecurityVulns ID:		6658
Type:		remote
Level:		5/10
Description:		Buffer overflow on oversized GET request.

CVE:

CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.)

Files:		NaviCOPA Web Server 2.01 0day Remote Buffer Overflow Exploit
		Navicopa 2.01 Buffer Overflow
Discuss:		Read or add your comments to this news (0 comments)

Microsoft PowerPoinr memory corruption updated since 28.09.2006
Published:		11.10.2006
Source:		MICROSOFT
SecurityVulns ID:		6661
Type:		client
Level:		6/10
Description:		0-day vulberability in SlideShowWindows.View.GotoNamedShow() function is used for malware installation.

Affected:		MICROSOFT : Office 2000
		MICROSOFT : Office XP
		MICROSOFT : Office 2003

Original document		ZDI, ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability (11.10.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163) (11.10.2006)
		Juha-Matti Laurio, Vulnerable function in newest PowerPoint case (MS Advisory #925984) (07.10.2006)
		MICROSOFT, Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution (28.09.2006)

Files:		PPT 0day poc
		Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution
		Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution
Discuss:		Read or add your comments to this news (0 comments)

Microsoft Windows WebViewFolderIcon ActiveX (integer overflow) updated since 28.09.2006
Published:		11.10.2006
Source:		CERT
SecurityVulns ID:		6656
Type:		client
Level:		10/10
Description:		Integer overflow can be used for hidden malware installation.

Affected:		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003

Original document		MICROSOFT, Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191) (11.10.2006)
		Alexander Sotirov, [Full-disclosure] Determina zero-day fix for CVE-2006-3730 (WebViewFolderIcon setSlice Integer Overflow) (30.09.2006)
		CERT, US-CERT Technical Cyber Security Alert TA06-270A -- Microsoft Internet Explorer WebViewFolderIcon ActiveX Vulnerability (28.09.2006)

Files:		Exploits Microsoft IE WebViewFolderIcon setSlice Integer Overflow
		Microsoft Internet Explorer WebViewFolderIcon (setSlice) Exploit (0day) Works on all Windows XP versions including SP2
		Exploits Internet Explorer WebViewFolderIcon setSlice() Overflow (Metasploit)
		Microsoft Internet Explorer WebViewFolderIcon setSlice() D0wnLoad & Exec POC
		Microsoft Security Bulletin MS06-057 Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
Discuss:		Read or add your comments to this news (0 comments)

Multiple OpenSSH security vulnerabilities updated since 28.09.2006
Published:		03.10.2008
Source:		OPENSSH
SecurityVulns ID:		6657
Type:		remote
Level:		6/10
Description:		Multiple different DoS conditions.

Affected:		OPENSSH : OpenSSH 4.3
		OPENSSH : OpenSSH 4.6
CVE:		CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attackers to cause a denial of service (connection slot exhaustion) via multiple login attempts. NOTE: this issue exists because of an incorrect fix for CVE-2006-5051.)
		CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.)

Original document		UBUNTU, [USN-649-1] OpenSSH vulnerabilities (03.10.2008)
		DEBIAN, [SECURITY] [DSA 1638-1] New openssh packages fix denial of service (20.09.2008)
		OPENSSH, OpenSSH 4.4 is available (28.09.2006)

Files:		OpenSSH CRC compensation attack detection DoS PoC
Discuss:		Read or add your comments to this news (0 comments)