Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.03.2006
Source:
SecurityVulns ID:5954
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPKIT : PHPKIT 1.6
 ARABPORTAL : ArabPortal 2.0
 RWDOWNLOAD : RW: Download 4.0
 POLLPRO : PollPro 4
 UTOPSITES : uTopsites 1.5
 ROPLIST : Top List 1.4
 AUTORANKPHP : AutorankPhp 2.0
 INLINK : In-link 2.2
 DATALIFE : DataLife Engine 3.7
 MAIANEVENTS : Maian Events 1.0
 MAIANSUPPORT : Maian Support 1.0
 ALCARICATIER : AL-Caricatier 2.0
 ONEORZERO : OneOrZero Helpdesk 1.6
 SKULLSPLITTER : Skull-Splitter's PHP Guestbook 2.6
 SKULLSPLITTER : Skull-Splitter's PHP Guestbook 2.7
 SKULLSPLITTER : Skull-Splitter's PHP Downloadcounter for Wallpapers 1.0
Original documentdocumentAliaksandr Hartsuyeu, [eVuln] Skull-Splitter's PHP Downloadcounter for Wallpapers SQL Injection (29.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Skull-Splitter's PHP Guestbook XSS Vulnerability (29.03.2006)
 documentbadnet_xoopiter_(at)_yahoo.com, XSS in PHPKIT Version 1.6.03 (29.03.2006)
 documentSECUNIA, [SA19443] PHP Script Index "search" Cross-Site Scripting Vulnerability (29.03.2006)
 documentSECUNIA, [SA19439] Cholod Mysql based message board Script Insertion and SQL Injection (29.03.2006)
 documentSECUNIA, [SA19446] OneOrZero "id" SQL Injection Vulnerability (29.03.2006)
 documento.y.6_(at)_hotmail.com, ArabPortal 2.0 Stable CrossSiteScripting (29.03.2006)
 documentxx_hack_xx_2004_(at)_hotmail.com, XSS in AL-Caricatier (29.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Maian Support Authentication Bypass (29.03.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Maian Events SQL Injection Vulnerability (29.03.2006)
 documentLTK, advisory DATALIFE engine (29.03.2006)
 documentCyber Lords, XSS in In-link 2.2.6 (29.03.2006)
 documentCyber Lords, SQL-Injection in AutorankPhp 2.0.2 (29.03.2006)
 documentCyber Lords, XSS in Monster Top List 1.4 (29.03.2006)
 documentCyber Lords, Xss in UltraShop (29.03.2006)
 documentCyber Lords, SQL-Injection and XSS in uTopsites 1.5.1 (29.03.2006)
 documentCyber Lords, Sql-injection in PollPro Version 4 (29.03.2006)
 documentCyber Lords, Sql-injection in RW: Download V 4.0.5 (29.03.2006)

Genius VideoCAM NB driver privilege escalation
Published:29.03.2006
Source:
SecurityVulns ID:5955
Type:local
Threat Level:
5/10
Description:When pressing snapshot button, file selection window appears running with SYSTEM privileges.
Affected:GENIUS : VideoCAM NB
Original documentdocumentbeford, Genius VideoCAM NB Local Privilege Escalation (29.03.2006)

PHP html_entity_decode() information leak
Published:29.03.2006
Source:
SecurityVulns ID:5956
Type:remote
Threat Level:
6/10
Description:Iinvalid processing of non-printable characters allows to access memory content.
Affected:PHP : PHP 4.4
 PHP : PHP 5.1
Original documentdocumentStefan Esser, Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data (29.03.2006)
 documentSECUNIA, [SA19383] PHP "html_entity_decode()" Information Disclosure Vulnerability (29.03.2006)

Enova cryptograpic chip protection bypass
Published:29.03.2006
Source:
SecurityVulns ID:5957
Type:local
Threat Level:
5/10
Description:Encryption key is stored in EEPROM.
Affected:ENOVA : X-Wall ASIC
Original documentdocumentvuln_(at)_hexview.com, [Full-disclosure] [HV-INFO] Enova hardware encryption: false sense of security (29.03.2006)

MPlayer media player integer overflow
updated since 07.02.2006
Published:29.03.2006
Source:
SecurityVulns ID:5742
Type:client
Threat Level:
5/10
Description:Integer overflow on ASF files playing and different multimedia formats.
Affected:MPLAYER : MPlayer 1.0
Original documentdocumentXFOCUS, [Full-disclosure] [xfocus-SD-060329]MPlayer: Multiple integer overflows (29.03.2006)
 documentSECUNIA, [SA18718] MPlayer ASF File Parsing Integer Overflow Vulnerabilities (07.02.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod