Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.07.2007
Source:
SecurityVulns ID:7993
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:DRUPAL : Drupal 4.7
 JOOMLA : Joomla 1.0
 VBULLETIN : vBulletin 3.6
 FRIENDSCRIPT : Friend Script 2.5
 ITCMS : itcms 0.2
 DRUPAL : drupal 5.2
 PHPWEBFILEMANAGE : phpWebFileManager 0.5
 MADOAPOLL : Madoa Poll 1.1
 PHORUM : Phorm 3.0
 PHPVOTER : phpVoter 0.6
 DORAELMAK : Dora Emlak 1.0
Original documentdocumentilkerKandemir_(at)_mynet.com, BellaBook Admin Bypass/Remote Code Execution (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, BellaBiblio Admin Login Bypass (31.07.2007)
 documentRaeD Hasadya, RFI ====> vBulletin v3.6.5 (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, Dora Emlak Script v1.0 (tr) Admin Login ByPass (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, phpVoter v0.6 Remote File Include Vulnerability (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, Phorm v3.0 Remote File Upload Vulnerability (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, Madoa Poll v1.1 Remote File Include Vulnerabilities (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, phpWebFileManager v0.5 (PN_PathPrefix) Remote File Include Vulnerability (31.07.2007)
 documentilkerKandemir_(at)_mynet.com, RIG Image Gallery (dir_abs_src) Remote File Include Vulnerability (31.07.2007)
 documentDRUPAL, [DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities (31.07.2007)
 documentDRUPAL, [DRUPAL-SA-2007-018] Drupal 4.7.7 and 5.2 fix multiple cross site scripting vulnerabilities (31.07.2007)
 documentk1tk4t_(at)_newhack.org, wolioCMS SQL Injection (31.07.2007)
 documentHACKERS PAL, Joomla multiple vulerabilities (31.07.2007)
 documenth4ck3riran_(at)_yahoo.com, [Aria-security] community Cross-site Scripting (XSS) (31.07.2007)
 documentAdvisory_(at)_Aria-Security.net, E-commerceScripts ALL Apps (Auction Script, Shopping Cart Script and Multi-Vendor E-Shop Script) admin.aspx SQL (31.07.2007)
 documenth4ck3riran_(at)_yahoo.com, [Aria-security] itcms 0.2 Cross-site Scripting (XSS) (31.07.2007)
 documentyollubunlar_(at)_yollubunlar.org, Friend Script 2.5 - 2.4 Remote File İnclude (31.07.2007)
Files:BellaBook Admin Bypass/Remote Code Execution

BlueSkyChat ActiveX buffer overflow
Published:31.07.2007
Source:
SecurityVulns ID:7994
Type:client
Threat Level:
5/10
Description:ConnecttoServer() hep memory buffer overflow.
Original documentdocumentvulnhunt_(at)_gmail.com, [Full-disclosure] CAL-20070730-1 BlueSkyCat ActiveX Remote Heap Overflow vulnerability (31.07.2007)

Heartbeat claster software multiple DoS conditions
updated since 28.07.2006
Published:31.07.2007
Source:
SecurityVulns ID:6421
Type:remote
Threat Level:
5/10
Description:shmget shared memory section call weak permissions. remote DoS on heartbeat network messages parsing.
Affected:HEARTBEAT : Heartbeat 1.2
 HEARTBEAT : Heartbeat 2.0
 BLUECATNETWORKS : Adonis 5.0
CVE:CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.)
 CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat subsystem in High-Availability Linux before 1.2.5, and 2.0 before 2.0.7, allows remote attackers to cause a denial of service (crash) via the length parameter in a heartbeat message.)
Original documentdocumentanonymous.c7ffa4057a_(at)_anonymousspeech.com, TS-2007-001-0: BlueCat Networks Adonis Linux-HA heartbeat DoS Vulnerability (31.07.2007)
 documentNash Leon, [Full-disclosure] Heartbeat Shared Memory - Local Denial of Service Exploit (28.07.2006)
Files:Exploits Heartbeat < 2.0.6 Insecure Shared Memory - Local Denial of Service

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod