Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		30.11.2006
Source:
SecurityVulns ID:		6871
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		SOFTCOMPLEX : PHP Event Calendar 1.5
		ALTERNC : AlternC 0.9
		MONKEYBOARDS : Monkey Boards 0.3

Original document		Advisory_(at)_Aria-Security.net, [Aria-Security Team] FipsSHOP SQL Injection (30.11.2006)
		Jesper Jurcenoks, Monkey Boards version 0.3.5 Multiple Path Disclosure Vulnerabilities (30.11.2006)
		subere_(at)_uncon.org, OWASP JBroFuzz 0.3 Fuzzer Released! (30.11.2006)
		Vincent A.Menard, Multiple Vulnerabilities in AlternC version 0.9.5 (30.11.2006)
		philip anselmo, PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability (30.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple MacOS X security vulnerabilities
Published:		30.11.2006
Source:		CERT
SecurityVulns ID:		6873
Type:		remote
Level:		7/10
Description:		Apple Type Services server font processing buffer overflow. ftpd may allow arbitrary users to determine account name validity. CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Security Framework Secure Transport may not negotiate the best cipher available. PPP driver fails to properly validate PADI packets (buffer overflow). Finder fails to properly handle malformed .DS_Store files. WebKit deallocated object access vulnerability.

Original document		noreply_(at)_musecurity.com, [Full-disclosure] [MU-200611-01] Pre-Authentication Vulnerability in Mac OSX kernel PPP (30.11.2006)
		CERT, US-CERT Technical Cyber Security Alert TA06-333A -- Apple Releases Security Update to Address Multiple Vulnerabilities (30.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

libgsf buffer overflow updated since 30.11.2006
Published:		01.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6874
Type:		library
Level:		5/10
Description:		ole_init_info() heap overflow.

Affected:		GNOME : libgsf 1.11
		GNOME : libgsf 1.14

Original document		IDEFENSE, iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability (01.12.2006)
		DEBIAN, [Full-disclosure] [SECURITY] [DSA 1221-1] New libgsf packages fix arbitrary code execution (30.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

KOffice integer overflow updated since 30.11.2006
Published:		05.12.2006
Source:		BUGTRAQ
SecurityVulns ID:		6872
Type:		remote
Level:		5/10
Description:		OLEfilter integer overflow on .PPT file open.

Affected:		KDE : koffice 1.4
		KDE : koffice 1.6

Original document		KDE, [KOffice security advisory] KOffice OLEfilter integer overflow (05.12.2006)
		UBUNTU, [USN-388-1] KOffice vulnerability (30.11.2006)

Discuss:

Read or add your comments to this news (0 comments)