Computer Security
[EN] securityvulns.ru no-pyccku


Open Exchange default account
Published:30.05.2006
Source:
SecurityVulns ID:6198
Type:remote
Threat Level:
5/10
Description:mailadmin/secret LDAP account is created during installation with /bin/bash login shell.
Affected:OPENXCHANGE : Open-Xchange 0.8
Original documentdocumentCemil Degirmenci, Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password (30.05.2006)

D-Link DSA-3100 wireless access point crossite scripting
Published:30.05.2006
Source:
SecurityVulns ID:6199
Type:remote
Threat Level:
5/10
Description:Crossite scriptign with username on authentication page.
Affected:DLINK : D-Link DSA-3100
Original documentdocumentjaime.blasco_(at)_eazel.es, D-Link DSA-3100 Cross-Site Scripting (30.05.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:30.05.2006
Source:
SecurityVulns ID:6196
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PHPBB : UBBThreads 6.2
 VCARD : vCard 2.9
 ARBLOG : ar-blog 5.2
 TIKIWIKI : tikiwiki 1.9
 GEEKLOG : geeklog 1.4
 CHERRYPY : cherrypy 2.1
 SAPHPLESSON : SaphpLesson 2.0
 DGNEWS : DGNews 1.5
 EZSCRIPTS : EzUpload Pro 2.10
 PHPBB : Blend Portal 1.2
 ASPSITEM : ASPSitem 2.0
 EGGBLOG : Eggblog 3.0
 FACILE : Facile 0.8
 ENIGMA : EnigmaASP 4.3
 TINYBB : tinyBB 0.3
 ASPBB : ASPBB 0.52
 MININUKE : MiniNuke 2.3
 PHOTOALBUMBW : Photoalbum B&W 1.3
 NUKEDUT : Nukedit 4.9
 WIKINI : WikiNi 0.4
Original documentdocumentMILW0RM, CosmicShoppingCart (search.php) Remote SQL Injection Vulnerability (30.05.2006)
 documentGENTOO, [Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability (30.05.2006)
 documentblwood_(at)_skynet.be, [Full-disclosure] Multiple XSS Vulnerabilities in Tikiwiki 1.9.x (30.05.2006)
 documentraphael.huck_(at)_free.fr, WikiNi Persistent Cross Site Scripting Vulnerability (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, Multiple Xss exploits in Chipmunk Board (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, RE: Multiple Xss exploits in coolphp magazine (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, multiple Xss exploits in : vCard 2.9 (30.05.2006)
 documentfarhadkey_(at)_kapda.ir, [KAPDA::#46] - Nukedit Unauthorized Admin Add (30.05.2006)
 documentalireza hassani, [KAPDA::#45] - geeklog multiple vulnerabilities (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, Xss exploit in Photoalbum B&W v1.3 (30.05.2006)
 documentCrAzY.CrAcKeR_(at)_hotmail.com, VARIOMAT(advanced cms tool)SQL injection/XSS (30.05.2006)
 documentchris_(at)_splices.org, UBBThreads 5.x,6.x md5 hash disclosure (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities. (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities. (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability. (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability. (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: [email protected] Interactive Web <= 0.8x Multiple Remote Vulnerabilities. (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities. (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability (30.05.2006)
 documentMustafa Can Bjorn IPEKCI, Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, multiple file include exploits in EzUpload Pro v2.10 (30.05.2006)
 documentajannhwt_(at)_hotmail.com, Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, Multiple Xss exploits in ar-blog v 5.2 (30.05.2006)
 documentblack-cod3_(at)_hotmail.com, Critical sql injection in saphplesson 2.0 (30.05.2006)
 documentr0t, DGNews v 1.5 File Upload Vuln. (30.05.2006)
Files:MiniNuke v2.x Remote SQL Injection (create an admin) Exploit
 Exploits Eggblog 2.x Remote Privilege Escalation
 Exploits Foing Remote File Include Vulnerability [PHPBB]

aMule P2P client directory traversal
Published:30.05.2006
Source:
SecurityVulns ID:6202
Type:remote
Threat Level:
5/10
Description:aMuleWeb directory traversal.
Affected:AMULE : amule 2.1
Original documentdocumentSECUNIA, [SA20351] aMule Information Disclosure Vulnerability (30.05.2006)

TZipBuilder / Abakt / CAM UnZip / ZipCentral buffer overflow
updated since 09.05.2006
Published:30.05.2006
Source:
SecurityVulns ID:6109
Type:client
Threat Level:
5/10
Description:Buffer overflow on ZIP archives parsing.
Affected:DREHIEKSW : TZipBuilder 1.79
 ABAKT : Abakt 0.9
 CAMUNZIP : CAM UnZip 4.0
 CAMUNZIP : CAM UnZip 4.3
Original documentdocumentSECUNIA, [SA20179] ZipCentral ZIP File Handling Buffer Overflow Vulnerability (30.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability (19.05.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability (15.05.2006)
 documentSECUNIA, Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability (09.05.2006)
Files:ZipCentral 4.01 Exploit

PHP cURL safe mode protection bypass
Published:30.05.2006
Source:
SecurityVulns ID:6197
Type:local
Threat Level:
6/10
Description:Multiple possibilities to execute code with no restrictiions with curl* functions.
Affected:PHP : PHP 4.4
 PHP : PHP 5.1
Original documentdocumentMaksymilian Arciemowicz, cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4 (30.05.2006)

MDaemon buffer overflow
Published:30.05.2006
Source:
SecurityVulns ID:6200
Type:remote
Threat Level:
3/10
Description:Buffer overflow on oversized quoted string in IMAP commands. Vulnerability exploitation is probably impossible.
Affected:ALT-N : MDaemon 9.0
Original documentdocumentkingcope_(at)_gmx.net, [Full-disclosure] *zeroday warez* MDAEMON LATEST VERSION PREAUTH REMOTE ROOT HOLE *zeroday warez* (30.05.2006)

AIX lsmcode privilege escalation
updated since 30.05.2006
Published:30.03.2007
Source:
SecurityVulns ID:6201
Type:local
Threat Level:
5/10
Description:User's environment variable is used to launch external application.
Affected:IBM : AIX 5.1
 IBM : AIX 5.2
 IBM : AIX 5.3
Original documentdocumentpr1nce_empire_(at)_yahoo.com, AIX 4.3 lsmcode local root command execution (30.03.2007)
 documentSECUNIA, [SA20325] AIX lsmcode Unspecified Privilege Escalation Vulnerability (30.05.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod