Multiple libtiff library vulnerabilities Published: 31.08.2006 Source: BUGTRAQ SecurityVulns ID: 6429 Type: library Level: 8/10 Description: Multiple buffer overflows on TIFF images parsing, endless loop, integer overflows, memory corruption. Affected: KDE : KDE 3.2 LIBTIFF : libtiff 3.6 LIBTIFF : libtiff 3.8 SONY : PlayStation Portable Original document SECUNIA , [SA21672] Sony PSP TIFF Image Viewing Code Execution Vulnerability (31.08.2006 ) MANDRIVA , [ MDKSA-2006:137 ] - Updated libtiff packages fix multiple vulnerabilities (02.08.2006 )
Lyris ListManager privilege escalation Published: 31.08.2006 Source: FULL-DISCLOSURE SecurityVulns ID: 6558 Type: local Level: 5/10 Description: Administrator of any mail list can assign any user as an addministrator of any different mail list. Affected: LYRIS : Lyris ListManager 8.95 Original document Design Properly , [Full-disclosure] Lyris ListManager 8.95: Add arbitrary administrator to arbitrary list (31.08.2006 )
HP OpenVMS information leak Published: 31.08.2006 Source: SECUNIA SecurityVulns ID: 6560 Type: local Level: 5/10 Description: Under some condition user's pasword may be logged by NET$SESSION_CONTROL module. Affected: HP : OpenVMS 7.3 Original document SECUNIA , [SA21705] OpenVMS Session Control Password Disclosure Security Issue (31.08.2006 )
IBM AIX dtterm privilege escalation Published: 31.08.2006 Source: SECUNIA SecurityVulns ID: 6562 Type: local Level: 5/10 Affected: IBM : AIX 5.3 Original document SECUNIA , [SA21673] IBM AIX dtterm Privilege Escalation Vulnerability (31.08.2006 )
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 31.08.2006 Source: SecurityVulns ID: 6559 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Affected: OSCOMMERCE : osCommerce 2.2 EZCONTENTS : ezContents 2.0 IWEBNEGAR : IwebNegar 1.1 EXBB : ExBB 1.9 PHPATM : phpAtm 1.21 NUKEDKLAN : Nuked-Klan 1.7 CUBECART : CubeCart 3.0 MYBB : MyBB 1.1 HLSTATS : HLStats 1.34 ZTML : Ztml 1.0 YACS : YACS CMS 6.6 PHEAP : Pheap CMS 1.1 DMO : dmo 2.3 CVE: CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the (1) game parameter in players mode, the (2) weapon parameter in weaponinfo mode, the (3) st parameter in search mode, the (4) action parameter in actioninfo mode, and the (5) map parameter in mapinfo mode.) Original document erdc_(at)_echo.or.id , [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path]) Multiple Remote File Inclusion (31.08.2006 ) SECUNIA , [SA21659] CubeCart Multiple Vulnerabilities (31.08.2006 ) MILW0RM , phpAtm <= 1.21 (include_location) Remote File Include Vulnerabilities (31.08.2006 ) MILW0RM , YACS CMS <= 6.6.1 context[path_to_root] Remote File Include Vuln (31.08.2006 ) Chris Travers , SQL-Ledger serious security vulnerability and workaround (31.08.2006 ) Hessam Salehi , Ezportal/Ztml v1.0 Multiple vulnerabilities (31.08.2006 ) Hessam Salehi , IwebNegar v1.1 Multiple vulnerabilities (31.08.2006 ) blwood_(at)_skynet.be , Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006 ) blwood_(at)_skynet.be , Nuked Klan 1.7 SP4.3 : Function Anti-XSS Bypassed (31.08.2006 ) MC Iglo , XSS in HLstats 1.34 (31.08.2006 ) farhad koosha , [KAPDA::#56] - FREEKOT SQL Injection Vulnerability (31.08.2006 ) gmdarkfig_(at)_gmail.com , ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS (31.08.2006 ) Jonathan Rockway , feedsplitter considered harmful (31.08.2006 ) imei , [KAPDA]MyBB 1.1.7 ~ admin/global.php ~ XSS Attack (31.08.2006 ) imei , [KAPDA]MyBB 1.1.7~ htmlspeacialchar_uni(), fixjavascript(), functions_post.php ~[url]XSS attack (31.08.2006 )
Multiple tor security vulnerabilities Published: 04.09.2006 Source: SECUNIA SecurityVulns ID: 6561 Type: client Level: 5/10 Description: Maliscious server can cause DoS condition for client or may force client to route traffic to tor network.
