Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:29.09.2006
Source:
SecurityVulns ID:6664
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LESVISIT : Les Visiteurs 2.0
 POWERPORTAL : PowerPortal 1.3
 UBB : UBB.threads 6.5
 PHPSECUREPAGES : phpSecurePages 0.28
 INVISION : Invision Power Board 2.1
 POSTNUKE : PostNuke 0.762
 PHPROJEKT : PHProjekt 5.1
 ZENCART : Zen Cart 1.3
 REDMORBIN : Red Mombin 0.7
 SAP : SAP ITS 6.1
 SAP : SAP ITS 6.2
 JOOMLA : Joomla gsg Component 1.0
 JOOMLA : Joomla BSQ Sitestats component 1.8
 CONPRESSO : ConPresso CMS 4.0
 FACILEFORMS : FacileForms 1.4
 PHPMYWEBMIN : phpMyWebMin 1.0
 TAGIT : Tagmin Control Center 2.1
Original documentdocumentD_7J, lesvisit (visiteurs) <= v2.0 (lvc_include_dir) Remote File Include Vulnerability (29.09.2006)
 documentkernel-32_(at)_linuxmail.org, Tagmin C.C 2.1.B Remote File Include (29.09.2006)
 documentkernel-32_(at)_linuxmail.org, PHP MyWebMin 1.0 Remote File Include (29.09.2006)
 documentD_7J, phpsecurepages (cfgProgDir) Remote File Include Vulnerability (29.09.2006)
 documentv1per-hacker_(at)_Whotmail.com, PowerPortal Remote File Include (29.09.2006)
 documentOmid, Sql injection in PostNuke [Admin section] (29.09.2006)
 documentSECUNIA, [SA22125] FacileForms Cross-Site Scripting Vulnerability (29.09.2006)
 documentAesthetico, UBB.threads Multiple input validation error (29.09.2006)
 documentAesthetico, [MajorSecurity Advisory #28]ConPresso CMS - Multiple Cross Site Scripting and SQL Injection Issues (29.09.2006)
 documentSECUNIA, Secunia Research: Joomla BSQ Sitestats Component Multiple Vulnerabilities (29.09.2006)
 documentcrackers child, Joomla gsg Component <= 1.0.4 Remote File Include Vulnerability (29.09.2006)
 documentSam Thomas, [Full-disclosure] SQL Injection in IPB <=2.1.3 (29.09.2006)
 documentStefan Esser, [Full-disclosure] Advisory 06/2006: PHProjekt (Remote) Include Vulnerabilities (29.09.2006)
 documentinfo_(at)_ilionsecurity.ch, SAP Internet Transaction Server XSS vulnerability (29.09.2006)
 documentsecurity_(at)_armorize.com, Multitple XSS Vulnerabilities in Red Mombin 0.7 (29.09.2006)
 documentsecurity_(at)_armorize.com, Multiple XSS Vulnerabilities in Zen Cart 1.3.5 (29.09.2006)
 documentchris_hasibuan_(at)_yahoo.com, SolpotCrew Advisory #14 - phpBB XS 2 spain version (phpbb_root_path) Remote File Inclusion (29.09.2006)
 documentvannovax_(at)_gmail.com, MkPortal UrloBox Increment Zize Desfiguration (29.09.2006)
 documentcrackers child, com_ugbannerspos Remote File Include Vulnerabilities (29.09.2006)
Files:Exploits Invision Power Board SQL injection
 VideoDB <= 2.2.1 Remote File Include Exploit

FiWin SS28S Wi-Fi phones backdoor account
Published:29.09.2006
Source:
SecurityVulns ID:6665
Type:remote
Threat Level:
5/10
Description:Phone has debug console with telnet access and hardcoded account 1 with password 1.
Affected:FIWIN : Fi Win SS28S
Original documentdocumentSECUNIA, [SA22041] Fi Win WiFi Phone SS28S Debug Console Security Issue (29.09.2006)

Multiple OpenSSL security vulnerabilities
updated since 29.09.2006
Published:28.09.2007
Source:
SecurityVulns ID:6663
Type:library
Threat Level:
8/10
Description:Multiple DoS conditions in server and client functions, SSL_get_shared_ciphers() buffer overflow.
Affected:OPENSSL : OpenSSL 0.9
CVE:CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.)
Original documentdocumentMoritz Jodeit, OpenSSL SSL_get_shared_ciphers() off-by-one buffer overflow (28.09.2007)
 documentOPENPKG, [OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl) (29.09.2006)
Files:Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod