Rediff Bol Downloader ActiveX code download and execution Published: 31.12.2006 Source: FULL-DISCLOSURE SecurityVulns ID: 6984 Type: client Level: 5/10 Description: ActiveX element allow to upload and execute any code. CVE: CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows remote attackers to cause a denial of service via unspecified manipulations, possibly involving improper initialization or blank arguments.) CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.) Original document gregory_panakkal , [Full-disclosure] Rediff Bol Downloader ActiveX Allows Downloading and Spawning Arbitary Files (31.12.2006 )
Durian Web Application Server multiple security vulnerabilities Published: 31.12.2006 Source: MILW0RM SecurityVulns ID: 6985 Type: remote Level: 5/10 Description: Buffer overflow on oversized request. Affected: DURIAN : Durian Web Application Server 3.02
MythControl buffer overflow Published: 31.12.2006 Source: BUGTRAQ SecurityVulns ID: 6981 Type: remote Level: 4/10 Description: Buffer overflow on parsing Bluetooth commands. Affected: MYTHCONTROL : MythControl 1.0 Original document sapheal_(at)_hack.pl , MythControl (MythTV remote control) arbitrary code execution (31.12.2006 )
Total Commander iso_wincmd plugin buffer overflow Published: 31.12.2006 Source: BUGTRAQ SecurityVulns ID: 6982 Type: local Level: 4/10 Description: Buffer overflow on ISO files parsing. Affected: ISOWINCMD : iso_wincmd 1.6 ISOWINCMD : iso_wincmd 1.7 Original document TAN Chew Keong , [vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability (31.12.2006 )
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 31.12.2006 Source: SecurityVulns ID: 6983 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Affected: CACTI : Cacti 0.8 ADPFORUM : ADP Forum 2.0 SOFTARTISANS : SAFileUp 5.0 XNEWS : x-news 1.1 VOODOOCHAT : Voodoo chat 1.0 FSWIKI : fswiki 3.6 EASYNEWS : Easy News 4.0 ASPTICKER : ASPTicker 1.0 WYWO : InOut Board 1.0 ALANWARD : aFAQ 1.0 CLICKNPRINT : Click N' Print Coupons 2005.01 IMGALLERY : IMGallery 2.5 WEBTEXT : WebText 0.4 PHPBB : Acronym Mod 0.9 for phpBB Original document the master , Acronym Mod v0.9.5 Remote SQL Injection Vulnerability (31.12.2006 ) ajannhwt_(at)_hotmail.com , ASPTicker 1.0 (admin.asp) Remote Login ByPass SQL Injection Vulnerability (31.12.2006 ) ajannhwt_(at)_hotmail.com , Title : WYWO - InOut Board 1.0 Multiple Vulnerabilities (31.12.2006 ) ajannhwt_(at)_hotmail.com , aFAQ 1.0 (catcode) Remote SQL Injection Vulnerability (31.12.2006 ) bd0rk_(at)_hackermail.com , x-news 1.1 Password Disclosure Vulnerability (31.12.2006 ) bd0rk_(at)_hackermail.com , Voodoo chat 1.0RC1b Password Disclosure Vulnerability (31.12.2006 ) bd0rk_(at)_hackermail.com , fswiki 3.6.2 (user.dat) Password Disclosure Vulnerability (31.12.2006 ) bd0rk_(at)_hackermail.com , EasyNews PRO News Publishing 4.0 Remote Password Disclosure Vulnerability (31.12.2006 ) Dr Max Virus , Sv(ADP) Forum 2.0.3 Remote Password Disclosure Vulnerablity (31.12.2006 ) XORON , Enigma WordPress Bridge (boarddir) Remote File Include (31.12.2006 ) XORON , Enigma Coppermine Bridge (boarddir) Remote File Include (31.12.2006 ) inge_eivind.henriksen_(at)_chello.no , SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit (31.12.2006 )
