Computer Security

Search:Vulnerability:31.08.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:31.08.2006
Source:
SecurityVulns ID:6559
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OSCOMMERCE : osCommerce 2.2
 EZCONTENTS : ezContents 2.0
 IWEBNEGAR : IwebNegar 1.1
 EXBB : ExBB 1.9
 PHPATM : phpAtm 1.21
 NUKEDKLAN : Nuked-Klan 1.7
 CUBECART : CubeCart 3.0
 MYBB : MyBB 1.1
 HLSTATS : HLStats 1.34
 ZTML : Ztml 1.0
 YACS : YACS CMS 6.6
 PHEAP : Pheap CMS 1.1
 DMO : dmo 2.3
CVE:CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.)
Original documentdocumenterdc_(at)_echo.or.id, [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion (31.08.2006)
 documentSECUNIA, [SA21659] CubeCart Multiple Vulnerabilities (31.08.2006)
 documentMILW0RM, phpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities (31.08.2006)
 documentMILW0RM, YACS CMS <= 6.6.1 context[path_to_root] Remote File Include Vuln (31.08.2006)
 documentChris Travers, SQL-Ledger serious security vulnerability and workaround (31.08.2006)
 documentHessam Salehi, Ezportal/Ztml v1.0 Multiple vulnerabilities (31.08.2006)
 documentHessam Salehi, IwebNegar v1.1 Multiple vulnerabilities (31.08.2006)
 documentblwood_(at)_skynet.be, Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006)
 documentblwood_(at)_skynet.be, Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006)
 documentMC Iglo, XSS in HLstats 1.34 (31.08.2006)
 documentfarhad koosha, [KAPDA::#56] - FREEKOT SQL Injection Vulnerability (31.08.2006)
 documentgmdarkfig_(at)_gmail.com, ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS (31.08.2006)
 documentJonathan Rockway, feedsplitter considered harmful (31.08.2006)
 documentimei, [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack (31.08.2006)
 documentimei, [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack (31.08.2006)
Files:Exploit osCommerce < 2.2 Milestone 2 060817
 Pheap CMS <= 1 (lpref) Remote File Include Exploit
 Exploits DMO: Lanifex Database of Managed Objects <= 2.3 Beta (_incMgr) Remote File Include Vulnerability
Discuss:Read or add your comments to this news (0 comments)

Lyris ListManager privilege escalation
Published:31.08.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6558
Type:local
Level:5/10
Description:Administrator of any mail list can assign any user as an addministrator of any different mail list.
Affected:LYRIS : Lyris ListManager 8.95
Original documentdocumentDesign Properly, [Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list (31.08.2006)
Discuss:Read or add your comments to this news (0 comments)

HP OpenVMS information leak
Published:31.08.2006
Source:SECUNIA
SecurityVulns ID:6560
Type:local
Level:5/10
Description:Under some condition user's pasword may be logged by NET$SESSION_CONTROL module.
Affected:HP : OpenVMS 7.3
Original documentdocumentSECUNIA, [SA21705] OpenVMS Session Control Password Disclosure Security Issue (31.08.2006)
Discuss:Read or add your comments to this news (0 comments)

IBM AIX dtterm privilege escalation
Published:31.08.2006
Source:SECUNIA
SecurityVulns ID:6562
Type:local
Level:5/10
Affected:IBM : AIX 5.3
Original documentdocumentSECUNIA, [SA21673] IBM AIX dtterm Privilege Escalation Vulnerability (31.08.2006)
Discuss:Read or add your comments to this news (0 comments)

Multiple libtiff library vulnerabilities
updated since 02.08.2006
Published:31.08.2006
Source:BUGTRAQ
SecurityVulns ID:6429
Type:library
Level:8/10
Description:Multiple buffer overflows on TIFF images parsing, endless loop, integer overflows, memory corruption.
Affected:KDE : KDE 3.2
 LIBTIFF : libtiff 3.6
 LIBTIFF : libtiff 3.8
 SONY : PlayStation Portable
Original documentdocumentSECUNIA, [SA21672] Sony PSP TIFF Image Viewing Code Execution Vulnerability (31.08.2006)
 documentMANDRIVA, [ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities (02.08.2006)
Discuss:Read or add your comments to this news (0 comments)

Multiple tor security vulnerabilities
updated since 31.08.2006
Published:04.09.2006
Source:SECUNIA
SecurityVulns ID:6561
Type:client
Level:5/10
Description:Maliscious server can cause DoS condition for client or may force client to route traffic to tor network.
Affected:TOR : tor 0.1
 SCATTERCHAT : ScatterChat 1.0
Original documentdocumentScatterChat Advisories, [Full-disclosure] ScatterChat Advisory 2006-02: Win32 Tor Client Routing and Denial of Service Vulnerabilities (04.09.2006)
 documentSECUNIA, [SA21708] Tor Denial of Service and Traffic Routing (31.08.2006)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server