SAP-DB / MaxDB database WebDBM buffer overflow
Published:		30.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6554
Type:		remote
Level:		6/10
Description:		Buffer overflow on oversized database name.

Affected:

SAP : MaxDB 7.6

Original document

SYMANTEC, SYMSA-2006-009 (30.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		30.08.2006
Source:
SecurityVulns ID:		6555
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPGROUPWARE : phpGroupWare 0.9
		GONAFISH : LinksCaffe 2.0
		B2EVOLUTION : b2evolution 1.8
		JETSTAT : JS ASP Faq Manager 1.10
		PORTAILPHP : Portail PHP mod_phpalbum 2.15
		MINIBILL : MiniBill 1.22
		EXBB : ExBB Italian 2.0
		PHPECARD : phpECard 2.1
		MODERNGIGABYTE : ModernBill 5.0

Original document		JUSTINSAMUEL, Vulnerability: ModernBill Insecure CURL Settings (30.08.2006)
		MustLive, Уязвимости в CMS WebDirector (30.08.2006)
		Escape_LeAk_(at)_yahoo.com, phpECard (functions.php) Remote File Inclusion Exploit (30.08.2006)
		SHiKaA-_(at)_hotmail.com, ExBB Italian version <= v2.0 (home_path) Remote File Inclusion Exploit (30.08.2006)
		MILW0RM, MiniBill <= 1.22b config[plugin_dir] Remote File Inclusion Vulnerabilities (30.08.2006)
		x0r0n_(at)_hotmail.com, Portail PHP mod_phpalbum 2.15 Modules Remote File Inclusion (30.08.2006)
		ali_(at)_hackerz.ir, JS ASP Faq Manager v1.10 sql injection (30.08.2006)
		h4ck3riran_(at)_yahoo.com, Submit ( ToendaCMS<= ( Remote File Include Vulnerabilities ) (30.08.2006)
		hoangyenxinhdep_(at)_yahoo.com, Submit ( b2evolution<= 1.8 Remote File Include Vulnerabilities ) (30.08.2006)
		hoangyenxinhdep_(at)_yahoo.com, LinksCaffe no checker at admin (30.08.2006)

Files:		phpECard function.php exploit
		phpGroupWare <= 0.9.16.010 GLOBALS[] Remote Code Execution Exploit
Discuss:		Read or add your comments to this news (0 comments)

Weak xbiff 2 file permissions
Published:		30.08.2006
Source:		BUGTRAQ
SecurityVulns ID:		6557
Type:		remote
Level:		5/10
Description:		.xbiff2rc is world-readable, making it's possible to retrieve POP3 / IMAP account password.

Affected:

XBIFF2 : xbiff2 1.9

Original document

SECUNIA, [SA21686] xbiff2 Insecure File Permissions (30.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

gtetrinet game array index overflow
Published:		30.08.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		6556
Type:		remote
Level:		5/10
Description:		Multiple index overflows.

Affected:

GTETRINET : gtetrinet 0.7

Original document

DEBIAN, [Full-disclosure] [SECURITY] [DSA 1163-1] New gtetrinet packages fix arbitrary code execution (30.08.2006)

Discuss:

Read or add your comments to this news (0 comments)

Microsoft Windows DHCP client buffer overflow updated since 11.07.2006
Published:		30.08.2006
Source:		MICROSOFT
SecurityVulns ID:		6364
Type:		remote
Level:		7/10
Description:		Buffer overflow on DHCP server response parsing.

Affected:		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP
		MICROSOFT : Windows 2003 Server

Original document		Mariano Nuсez Di Croce, CYBSEC - Security Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow (30.08.2006)
		Mariano Nuсez Di Croce, CYBSEC - Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow (11.07.2006)
		MICROSOFT, Microsoft Security Bulletin MS06-036 Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388) (11.07.2006)

Discuss:

Read or add your comments to this news (0 comments)