Search:Vulnerability:29.09.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 29.09.2006
Source:
SecurityVulns ID: 6664
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: LESVISIT : Les Visiteurs 2.0
POWERPORTAL : PowerPortal 1.3
UBB : UBB.threads 6.5
PHPSECUREPAGES : phpSecurePages 0.28
INVISION : Invision Power Board 2.1
POSTNUKE : PostNuke 0.762
PHPROJEKT : PHProjekt 5.1
ZENCART : Zen Cart 1.3
REDMORBIN : Red Mombin 0.7
SAP : SAP ITS 6.1
SAP : SAP ITS 6.2
JOOMLA : Joomla gsg Component 1.0
JOOMLA : Joomla BSQ Sitestats component 1.8
CONPRESSO : ConPresso CMS 4.0
FACILEFORMS : FacileForms 1.4
PHPMYWEBMIN : phpMyWebMin 1.0
TAGIT : Tagmin Control Center 2.1

Original document D_7J, lesvisit (visiteurs) <= v2.0 (lvc_include_dir) Remote File Include Vulnerability (29.09.2006)

kernel-32_(at)_linuxmail.org, Tagmin C.C 2.1.B Remote File Include (29.09.2006)

kernel-32_(at)_linuxmail.org, PHP MyWebMin 1.0 Remote File Include (29.09.2006)

D_7J, phpsecurepages (cfgProgDir) Remote File Include Vulnerability (29.09.2006)

document v1per-hacker_(at)_Whotmail.com, PowerPortal Remote File Include (29.09.2006)

Omid, Sql injection in PostNuke [Admin section] (29.09.2006)

SECUNIA, [SA22125] FacileForms Cross-Site Scripting Vulnerability (29.09.2006)

Aesthetico, UBB.threads Multiple input validation error (29.09.2006)

document Aesthetico, [MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues (29.09.2006)

SECUNIA, Secunia Research: Joomla BSQ Sitestats Component Multiple Vulnerabilities (29.09.2006)

crackers child, Joomla gsg Component <= 1.0.4 Remote File Include Vulnerability (29.09.2006)

document Sam Thomas, [Full-disclosure] SQL Injection in IPB <=2.1.3 (29.09.2006)

Stefan Esser, [Full-disclosure] Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities (29.09.2006)

info_(at)_ilionsecurity.ch, SAP Internet Transaction Server XSS vulnerability (29.09.2006)

security_(at)_armorize.com, Multitple XSS Vulnerabilities in Red Mombin 0.7 (29.09.2006)

document security_(at)_armorize.com, Multiple XSS Vulnerabilities in Zen Cart 1.3.5 (29.09.2006)

chris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #14 - phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion (29.09.2006)

vannovax_(at)_gmail.com, MkPortal UrloBox Increment Zize Desfiguration (29.09.2006)

document crackers child, com_ugbannerspos Remote File Include Vulnerabilities (29.09.2006)

Files: Exploits Invision Power Board SQL injection
VideoDB <= 2.2.1 Remote File Include Exploit
Discuss: Read or add your comments to this news (0 comments)

FiWin SS28S Wi-Fi phones backdoor account
Published: 29.09.2006
Source: BUGTRAQ
SecurityVulns ID: 6665
Type: remote
Level: 5/10
Description: Phone has debug console with telnet access and hardcoded account 1 with password 1.

Affected: FIWIN : Fi Win SS28S

Original document SECUNIA, [SA22041] Fi Win WiFi Phone SS28S Debug Console Security Issue (29.09.2006)

Discuss: Read or add your comments to this news (0 comments)

Multiple OpenSSL security vulnerabilities
updated since 29.09.2006
Published: 28.09.2007
Source: BUGTRAQ
SecurityVulns ID: 6663
Type: library
Level: 8/10
Description: Multiple DoS conditions in server and client functions, SSL_get_shared_ciphers() buffer overflow.

Affected: OPENSSL : OpenSSL 0.9
CVE: CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.)

Original document Moritz Jodeit, OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (28.09.2007)

OPENPKG, [OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl) (29.09.2006)

Files: Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response
Discuss: Read or add your comments to this news (0 comments)