Computer Security
[EN] securityvulns.ru no-pyccku


Weak KDE Kate / Kwrite / Kile text processors file permissions
updated since 19.07.2005
Published:28.11.2006
Source:
SecurityVulns ID:5015
Type:local
Threat Level:
5/10
Description:Backup files are created with weak permissions.
Affected:KDE : KDE 3.2
 KDE : KDE 3.3
 KDE : KDE 3.4
 KILE : kile 1.9
Original documentdocumentGENTOO, [ GLSA 200611-21 ] Kile: Incorrect backup file permission (28.11.2006)
 documentKDE, [KDE Security Advisory]: Kate backup file permission leak (19.07.2005)

ProFTPD buffer overflow
updated since 10.11.2006
Published:28.11.2006
Source:
SecurityVulns ID:6807
Type:remote
Threat Level:
9/10
Description:Off-by-one vulnerability in sreplace() is used for remote root access.
Affected:PROFTPD : ProFTPD 1.3
Original documentdocumentEvgeny Legerov, [Full-disclosure] ProFTPD 1.3.0 remote stack overflow (28.11.2006)
 documentPROFTPD, CVE-2006-5815: remote code execution in ProFTPD (28.11.2006)
 documentOPENPKG, [OpenPKG-SA-2006.035] OpenPKG Security Advisory (proftpd) (17.11.2006)
 documentSECUNIA, [SA22803] ProFTPD Unspecified Vulnerability (10.11.2006)
Files:Exploits [0day] ProFTPD 1.3.0 stack overflow
 VulnDisco Pack Standard

tar archiver directory traversal
Published:28.11.2006
Source:
SecurityVulns ID:6863
Type:local
Threat Level:
5/10
Description:Problem with outdated GNUTYPE_NAMES structure parsing allow to create symbolic links outside target directory.
Affected:GNU : tar 1.15
 GNU : tar 1.16
Original documentdocumentTeemu Salmela, [Full-disclosure] GNU tar directory traversal (28.11.2006)
Files:GNU tar directory traversal exploit

GNU RADIUS format string vulnerability
Published:28.11.2006
Source:
SecurityVulns ID:6864
Type:remote
Threat Level:
6/10
Description:sqllog() format string vulnerability if SQL logging is enabled.
Affected:GNU : GNU Radius 1.3
Original documentdocumentIDEFENSE, iDefense Security Advisory 11.26.06: GNU Radius Format String Vulnerability (28.11.2006)

GnuPG buffer overflow
Published:28.11.2006
Source:
SecurityVulns ID:6866
Type:local
Threat Level:
5/10
Description:Buffer overflow on oversized file name.
Original documentdocumentGNUPG, GnuPG 1.4 and 2.0 buffer overflow (28.11.2006)

JBoss Web Server DeploymentFileRepository class directory traversal
Published:28.11.2006
Source:
SecurityVulns ID:6867
Type:library
Threat Level:
5/10
Description:setBaseDir() class function doesn't check base dir outside root application directory.
Affected:JBOSS : JBoss Web Server 1.0
Original documentdocumentSYMANTEC, SYMSA-2006-011: JBoss Java Class DeploymentFileRepository Directory Traversal (28.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod