Computer Security
[EN] securityvulns.ru
no-pyccku



tar archiver directory traversal
Published:28.11.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6863
Type:local
Level:5/10
Description:Problem with outdated GNUTYPE_NAMES structure parsing allow to create symbolic links outside target directory.
Affected:GNU : tar 1.15
 GNU : tar 1.16
Original documentdocumentTeemu Salmela, [Full-disclosure] GNU tar directory traversal (28.11.2006)
Files:GNU tar directory traversal exploit
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:28.11.2006
Source:BUGTRAQ
SecurityVulns ID:6865
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DISCUZ : Discuz! 4.0
 CUBECART : CubeCart 3.0
 PHPGEDVIEW : PhpGedView 4.0
 MBOARD : MBoard 1.22
 UAPPLICATION : Uphotogallery 1.1
 REMLAB : REMLAB Web Mech Designer 2.0
 FLYSPRAY : flyspray 1.0
 PHPBB : Hacks List phpBB Mod 1.1
Original documentdocumentthe master, Admin Hacks List v1.20 Remote SQL Injection Vulnerability (28.11.2006)
 documentDr Max Virus, com_flyspray Mambo Com. <= 1.0.1 Remote File Disclosure Vulnerability (28.11.2006)
 documentJesper Jurcenoks, [Full-disclosure] REMLAB Web Mech Designer 2.0.5 Path Disclosure Vulnerability (28.11.2006)
 documentNicholas Williams, [Full-disclosure] CubeCart <=3.0.14 Bind Sql Injection POC. (28.11.2006)
 documentAdvisory_(at)_Aria-Security.net, ClickContact SQL Injection (28.11.2006)
 documentAdvisory_(at)_Aria-Security.net, uPhotoGallery (v 1.1) SQL Injection (28.11.2006)
 documentMayhemic Labs Security, MHL-2006-003 Public Advisory: "mboard" file creation issue (28.11.2006)
 documentx___.__(at)_hotmail.com, PhpGedView 4.0.2 (DOCUMENT_ROOT) File inclusion Vulnerablity (28.11.2006)
Files:Discuz! 4.x SQL injection / admin credentials disclosure exploit
 CubeCart <=3.0.14 Bind Sql Injection POC
Discuss:Read or add your comments to this news (0 comments)

GnuPG buffer overflow
Published:28.11.2006
Source:BUGTRAQ
SecurityVulns ID:6866
Type:local
Level:5/10
Description:Buffer overflow on oversized file name.
Original documentdocumentGNUPG, GnuPG 1.4 and 2.0 buffer overflow (28.11.2006)
Discuss:Read or add your comments to this news (0 comments)

Weak KDE Kate / Kwrite / Kile text processors file permissions
updated since 19.07.2005
Published:28.11.2006
Source:BUGTRAQ
SecurityVulns ID:5015
Type:local
Level:5/10
Description:Backup files are created with weak permissions.
Affected:KDE : KDE 3.2
 KDE : KDE 3.3
 KDE : KDE 3.4
 KILE : kile 1.9
Original documentdocumentGENTOO, [ GLSA 200611-21 ] Kile: Incorrect backup file permission (28.11.2006)
 documentKDE, [KDE Security Advisory]: Kate backup file permission leak (19.07.2005)
Discuss:Read or add your comments to this news (0 comments)

GNU RADIUS format string vulnerability
Published:28.11.2006
Source:BUGTRAQ
SecurityVulns ID:6864
Type:remote
Level:6/10
Description:sqllog() format string vulnerability if SQL logging is enabled.
Affected:GNU : GNU Radius 1.3
Original documentdocumentIDEFENSE, iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability (28.11.2006)
Discuss:Read or add your comments to this news (0 comments)

JBoss Web Server DeploymentFileRepository class directory traversal
Published:28.11.2006
Source:BUGTRAQ
SecurityVulns ID:6867
Type:library
Level:5/10
Description:setBaseDir() class function doesn't check base dir outside root application directory.
Affected:JBOSS : JBoss Web Server 1.0
Original documentdocumentSYMANTEC, SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal (28.11.2006)
Discuss:Read or add your comments to this news (0 comments)

ProFTPD buffer overflow
updated since 10.11.2006
Published:28.11.2006
Source:SECUNIA
SecurityVulns ID:6807
Type:remote
Level:9/10
Description:Off-by-one vulnerability in sreplace() is used for remote root access.
Affected:PROFTPD : proftpd 1.3
Original documentdocumentEvgeny Legerov, [Full-disclosure] ProFTPD 1.3.0 remote stack overflow (28.11.2006)
 documentPROFTPD, CVE-2006-5815: remote code execution in ProFTPD (28.11.2006)
 documentOPENPKG, [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) (17.11.2006)
 documentSECUNIA, [SA22803] ProFTPD Unspecified Vulnerability (10.11.2006)
Files:Exploits [0day] ProFTPD 1.3.0 stack overflow
 VulnDisco Pack Standard
Discuss:Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 



Рейтинг@Mail.ru