Computer Security

Search:Vulnerability:30.09.2005
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Helix Player / Real Player format string bug
updated since 27.09.2005
Published:30.09.2005
Source:SECURITEAM
SecurityVulns ID:5265
Type:client
Level:6/10
Description:Format string bugs on .rt / .rp files parsing.
Affected:REAL : RealPlayer 10
 HELIXCOMMUNITY : Helix Player 1.0
Original documentdocumentIDEFENSE, [Full-disclosure] iDEFENSE Security Advisory 09.30.05: RealNetworks RealPlayer/HelixPlayer RealPix Format String Vulnerability (30.09.2005)
 documentSECURITEAM, [NEWS] HelixPlayer Based Players Format String (27.09.2005)
Files:Remote format string exploit POC for UNIX RealPlayer && HelixPlayer
Discuss:Read or add your comments to this news (0 comments)

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 26.09.2005
Published:30.09.2005
Source:
SecurityVulns ID:5246
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:JPORTAL : jPortal 2.2
 MANTIS : Mantis 0.19
 PUNBB : PunBB 1.2
 POSTNUKE : PostNuke 0.760
 JPORTAL : Jportal 2.3
 S9Y : Serendipity 0.8
 PHPFUSION : PHP-Fusion 6.0
 PHPMYFAQ : phpMyFAQ 1.5
 MANTIS : Mantis 1.0
 MAXDEV : MD-Pro 1.0
 PERLDRIVER : perldriver 2.0
 MYLITTLEFORUM : My Little Forum 1.5
 ALSTRASOFT : E-Friends 4.0
 MAILGUST : MailGust 1.9
 GESHI : GeSHi 1.0
 CONTENTSERV : ContentServ 3.1
 MALL23 : Mall23 eCommerce 4.10
 ICDEVGROUP : Interchange 5.2
 MOVABLETYPE : Movable Type 3.1
 SEOBOARD : SEO-Board 1.03
 IPB : Riverdark RSS Syndicator 2.1
 PHPZENER : PHP Zener 1.4
 LUCIDCMS : lucidCMS 1.0
 CJDESIGN : CJLinkOut 1.0
 CJDESIGN : CJ Tag Board 3.0
 CJDESIGN : CJ Web2Mail 3.0
 SQMAIL : SquirrelMail Address Add Plugin 2.0
 JSHOP : Jshop Server 1.3
Original documentdocumentdurito, просмотр файлов в JShop Server 1.3.0 (30.09.2005)
 documentSECURITEAM, [UNIX] MAXdev MD-Pro Multiple Vulnerabilities (Code Execution, Path Disclosure and CSS) (29.09.2005)
 documentNenad Jovanovic, [Full-disclosure] Serendipity: Account Hijacking / CSRF Vulnerability (29.09.2005)
 documentMoritz Naumann, [Full-disclosure] SquirrelMail Address Add Plugin XSS (29.09.2005)
 documentretrogod_(at)_aliceposta.it, PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure (29.09.2005)
 documentSECUNIA, [SA16963] CJ Web2Mail Cross-Site Scripting Vulnerabilities (28.09.2005)
 documentSECUNIA, [SA16966] CJ Tag Board Cross-Site Scripting Vulnerabilities (28.09.2005)
 documentSECUNIA, [SA16970] CJ LinkOut "123" Cross-Site Scripting Vulnerability (28.09.2005)
 documentSECUNIA, [SA16945] jPortal Download Search SQL Injection Vulnerability (28.09.2005)
 documentghc_(at)_ghc.ru, SEO borad: SQL injection (28.09.2005)
 documentx1ngbox_(at)_gmail.com, lucidCMS 1.0.11 is susceptible to a cross site scripting attack (28.09.2005)
 documentJose Antonio, Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities (28.09.2005)
 documentSECUNIA, [SA16934] IPB Riverdark RSS Syndicator Module Cross-Site Scripting (27.09.2005)
 documentSECUNIA, [SA16949] SEO-Board admin.php SQL Injection Vulnerability (27.09.2005)
 documentSECUNIA, [SA16899] Movable Type Multiple Weaknesses and Vulnerabilities (26.09.2005)
 documentSECUNIA, [SA16923] Interchange Catalog Skeleton SQL Injection and ITL Injection Vulnerabilities (26.09.2005)
 documentSECUNIA, [SA16908] PunBB Two Vulnerabilities (26.09.2005)
 documentSECUNIA, [SA16903] Mall23 eCommerce "idOption_Dropdown_2" SQL Injection Vulnerability (26.09.2005)
 documentqobaiashi_(at)_gmx.net, [Full-disclosure] ContentServ features remote file disclosure (26.09.2005)
 documentMaksymilian Arciemowicz, [Full-disclosure] GeSHi Local PHP file inclusion 1.0.7.2 (26.09.2005)
 documentretrogod_(at)_aliceposta.it, My Little Forum 1.5 / 1.6beta SQL Injection (26.09.2005)
 documentretrogod_(at)_aliceposta.it, MailGust 1.9 SQL Injection (26.09.2005)
 documentkhc_(at)_bsdmail.org, AlstraSoft E-Friends Remote Command Exucetion (26.09.2005)
 documentretrogod_(at)_aliceposta.it, PhpMyFAQ 1.5.1 multiple vulnerabilities (26.09.2005)
 documentkrasza_(at)_gmail.com, Sql injection in jPortal version 2.3.1 (module download) (26.09.2005)
 documentretrogod_(at)_aliceposta.it, My Little Forum 1.5 / 1.6beta SQL Injection (26.09.2005)
 documentmorning_wood, [Full-disclosure] perldiver (26.09.2005)
Files:My Little Forum 1.5 ( possibly prior versions) SQL Injection / MD5 password hash disclosure poc exploit with proxy support
 PHP Zener <=1.4 get user-admin exploit
 Mantis Bugtracker Remote Database Scanner Exploit v 1.0 (with targets)
 PHP-Fusion v6.00.109 SQL Injection / admin|users credentials disclosure
 PhpMyFaq 1.5.1 ( possibly prior versions) shell inject
 Mantis Bugtracker Remote Database Scanner Exploit v 1.0
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server