Search:Vulnerability:30.05.2006 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

PHP cURL safe mode protection bypass
Published: 30.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6197
Type: local
Level: 6/10
Description: Multiple possibilities to execute code with no restrictiions with curl* functions.

Affected: PHP : PHP 4.4
PHP : PHP 5.1

Original document Maksymilian Arciemowicz, cURL Safe Mode Bypass PHP 4.4.2 and 5.1.4 (30.05.2006)

Discuss: Read or add your comments to this news (0 comments)

MDaemon buffer overflow
Published: 30.05.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 6200
Type: remote
Level: 3/10
Description: Buffer overflow on oversized quoted string in IMAP commands. Vulnerability exploitation is probably impossible.

Affected: ALT-N : MDaemon 9.0

Original document kingcope_(at)_gmx.net, [Full-disclosure] *zeroday warez* MDAEMON LATEST VERSION PREAUTH REMOTE ROOT HOLE *zeroday warez* (30.05.2006)

Discuss: Read or add your comments to this news (0 comments)

Open Exchange default account
Published: 30.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6198
Type: remote
Level: 5/10
Description: mailadmin/secret LDAP account is created during installation with /bin/bash login shell.

Affected: OPENXCHANGE : Open-Xchange 0.8

Original document Cemil Degirmenci, Wavecon Advisory: Open-Xchange <= 0.8.2 defaultuser with /bin/bash and default password (30.05.2006)

Discuss: Read or add your comments to this news (0 comments)

D-Link DSA-3100 wireless access point crossite scripting
Published: 30.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6199
Type: remote
Level: 5/10
Description: Crossite scriptign with username on authentication page.

Affected: DLINK : D-Link DSA-3100

Original document jaime.blasco_(at)_eazel.es, D-Link DSA-3100 Cross-Site Scripting (30.05.2006)

Discuss: Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 30.05.2006
Source: BUGTRAQ
SecurityVulns ID: 6196
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: PHPBB : UBBThreads 6.2
VCARD : vCard 2.9
ARBLOG : ar-blog 5.2
TIKIWIKI : tikiwiki 1.9
GEEKLOG : geeklog 1.4
CHERRYPY : cherrypy 2.1
SAPHPLESSON : SaphpLesson 2.0
DGNEWS : DGNews 1.5
EZSCRIPTS : EzUpload Pro 2.10
PHPBB : Blend Portal 1.2
ASPSITEM : ASPSitem 2.0
EGGBLOG : Eggblog 3.0
FACILE : Facile 0.8
ENIGMA : EnigmaASP 4.3
TINYBB : tinyBB 0.3
ASPBB : ASPBB 0.52
MININUKE : MiniNuke 2.3
PHOTOALBUMBW : Photoalbum B&W 1.3
NUKEDUT : Nukedit 4.9
WIKINI : WikiNi 0.4

Original document MILW0RM, CosmicShoppingCart (search.php) Remote SQL Injection Vulnerability (30.05.2006)

GENTOO, [Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability (30.05.2006)

blwood_(at)_skynet.be, [Full-disclosure] Multiple XSS Vulnerabilities in Tikiwiki 1.9.x (30.05.2006)

document raphael.huck_(at)_free.fr, WikiNi Persistent Cross Site Scripting Vulnerability (30.05.2006)

black-cod3_(at)_hotmail.com, Multiple Xss exploits in Chipmunk Board (30.05.2006)

black-cod3_(at)_hotmail.com, RE: Multiple Xss exploits in coolphp magazine (30.05.2006)

black-cod3_(at)_hotmail.com, multiple Xss exploits in : vCard 2.9 (30.05.2006)

document farhadkey_(at)_kapda.ir, [KAPDA::#46] - Nukedit Unauthorized Admin Add (30.05.2006)

alireza hassani, [KAPDA::#45] - geeklog multiple vulnerabilities (30.05.2006)

black-cod3_(at)_hotmail.com, Xss exploit in Photoalbum B&W v1.3 (30.05.2006)

CrAzY.CrAcKeR_(at)_hotmail.com, VARIOMAT(advanced cms tool)SQL injection/XSS (30.05.2006)

document chris_(at)_splices.org, UBBThreads 5.x,6.x md5 hash disclosure (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities. (30.05.2006)

document Mustafa Can Bjorn IPEKCI, Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities. (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: phpBB 2.x (Activity MOD Plus) File Inclusion Vulnerability. (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: phpBB 2.x (admin/admin_hacks_list.php) Local Inclusion Vulnerability. (30.05.2006)

document Mustafa Can Bjorn IPEKCI, Advisory: Eggblog <= 3.x Multiple Remote Vulnerabilities (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: F@cile Interactive Web <= 0.8x Multiple Remote Vulnerabilities. (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: Enigma Haber <= 4.3 Multiple Remote SQL Injection Vulnerabilities (30.05.2006)

document Mustafa Can Bjorn IPEKCI, Advisory: tinyBB <= 0.3 Multiple Remote Vulnerabilities. (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability (30.05.2006)

Mustafa Can Bjorn IPEKCI, Advisory: MiniNuke v2.x Multiple Remote Vulnerabilities (30.05.2006)

document black-cod3_(at)_hotmail.com, multiple file include exploits in EzUpload Pro v2.10 (30.05.2006)

ajannhwt_(at)_hotmail.com, Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit (30.05.2006)

black-cod3_(at)_hotmail.com, Multiple Xss exploits in ar-blog v 5.2 (30.05.2006)

document black-cod3_(at)_hotmail.com, Critical sql injection in saphplesson 2.0 (30.05.2006)

r0t, DGNews v 1.5 File Upload Vuln. (30.05.2006)

Files: MiniNuke v2.x Remote SQL Injection (create an admin) Exploit
Exploits Eggblog 2.x Remote Privilege Escalation
Exploits Foing Remote File Include Vulnerability [PHPBB]
Discuss: Read or add your comments to this news (0 comments)

aMule P2P client directory traversal
Published: 30.05.2006
Source: SECUNIA
SecurityVulns ID: 6202
Type: remote
Level: 5/10
Description: aMuleWeb directory traversal.

Affected: AMULE : amule 2.1

Original document SECUNIA, [SA20351] aMule Information Disclosure Vulnerability (30.05.2006)

Discuss: Read or add your comments to this news (0 comments)

TZipBuilder / Abakt / CAM UnZip / ZipCentral buffer overflow
updated since 09.05.2006
Published: 30.05.2006
Source: SECUNIA
SecurityVulns ID: 6109
Type: client
Level: 5/10
Description: Buffer overflow on ZIP archives parsing.

Affected: DREHIEKSW : TZipBuilder 1.79
ABAKT : Abakt 0.9
CAMUNZIP : CAM UnZip 4.0
CAMUNZIP : CAM UnZip 4.3

Original document SECUNIA, [SA20179] ZipCentral ZIP File Handling Buffer Overflow Vulnerability (30.05.2006)

SECUNIA, [Full-disclosure] Secunia Research: CAM UnZip ZIP File Handling Buffer Overflow Vulnerability (19.05.2006)

SECUNIA, [Full-disclosure] Secunia Research: Abakt ZIP File Handling Buffer Overflow Vulnerability (15.05.2006)

document SECUNIA, Secunia Research: TZipBuilder ZIP File Handling Buffer Overflow Vulnerability (09.05.2006)

Files: ZipCentral 4.01 Exploit
Discuss: Read or add your comments to this news (0 comments)

AIX lsmcode privilege escalation
updated since 30.05.2006
Published: 30.03.2007
Source: SECUNIA
SecurityVulns ID: 6201
Type: local
Level: 5/10
Description: User's environment variable is used to launch external application.

Affected: IBM : AIX 5.1
IBM : AIX 5.2
IBM : AIX 5.3

Original document pr1nce_empire_(at)_yahoo.com, AIX 4.3 lsmcode local root command execution (30.03.2007)

SECUNIA, [SA20325] AIX lsmcode Unspecified Privilege Escalation Vulnerability (30.05.2006)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server