Section: .. / 0605-advisories /
| /// File Name: |
IdealBBASP.txt |
Description:
|
IdealBB ASP Bulletin Board versions 1.5.4a and below suffer from file reading, file upload, and cross site scripting flaws.
| | Author: | CodeScan Labs | | File Size: | 4778 | | Last Modified: | May 9 16:34:18 2006 |
| MD5 Checksum: | b7974a3e2b8d8895034588bbdf00e1a4 |
|
| /// File Name: |
iFdatev1.2.txt |
Description:
|
iFdate v1.2 suffers from XSS
| | Author: | luny | | File Size: | 940 | | Last Modified: | May 26 19:16:36 2006 |
| MD5 Checksum: | 0f4a0a87e44e29af66c949b547e1455c |
|
| /// File Name: |
iFlance.txt |
Description:
|
iFlance suffers from XSS.
| | Author: | luny | | File Size: | 732 | | Last Modified: | May 26 19:15:54 2006 |
| MD5 Checksum: | e60f1ac7105d14df2ba99e9973d2b6cb |
|
| /// File Name: |
INFIGO-2006-05-03.txt |
Description:
|
INFIGO IS Security Advisory #ADV-2006-05-03 - New vulnerabilities have been discovered in ArgoSoft FTP server version 1.4.3.6, Golden FTP server version 2.70, FileZilla version 2.2.22, and WarFTP Daemon / Guild FTP server version 0.999.13.
| | Author: | Leon Juranic | | Homepage: | http://www.infigo.hr/ | | File Size: | 4157 | | Last Modified: | May 9 16:38:50 2006 |
| MD5 Checksum: | 410141210ee77de8f2c49d2c368dbf44 |
|
| /// File Name: |
Insel.txt |
Description:
|
Omegasoft's Insel suffers from XSS and possible SQL injection vulnerabilities.
| | Author: | MC Iglo | | File Size: | 306 | | Last Modified: | May 29 03:50:16 2006 |
| MD5 Checksum: | 57861e87eb0e9c3bb4911f810161c252 |
|
| /// File Name: |
InteractiveWeb-0.8.txt |
Description:
|
F@cile Interactive Web versions less than or equal to 0.8x suffer from multiple file inclusion vulnerabilities.
| | Homepage: | http://www.nukedx.com/ | | File Size: | 3754 | | Last Modified: | May 29 19:08:02 2006 |
| MD5 Checksum: | bb6a5b5b4f61eecaaabcbf5bc6ae6da2 |
|
| /// File Name: |
IpLogger-1.7.txt |
Description:
|
IpLogger versions less than or equal to 1.7 suffer from XSS
| | Author: | zerogue | | File Size: | 365 | | Last Modified: | May 26 18:04:31 2006 |
| MD5 Checksum: | 4d37f1b5ed4939fbfec1ca55a57bf531 |
|
| /// File Name: |
JiwaFinancials6.4.14.txt |
Description:
|
The reporting function in Jiwa Financials 6.4.14 allows execution of arbitrary reports as SQL user with full SELECT, INSERT, UPDATE, DELETE SQL permissions.
| | Author: | Robert Passlow | | File Size: | 31407 | | Last Modified: | May 29 19:19:59 2006 |
| MD5 Checksum: | 576c424742b29885c5a00b054b2dd984 |
|
| /// File Name: |
kapda-43.txt |
Description:
|
KAPDA Advisory #43 - PHPWCMS suffers from path disclosure, cross site scripting, and local file inclusion vulnerabilities.
| | Author: | trueend5 | | Homepage: | http://www.KAPDA.ir | | File Size: | 2638 | | Last Modified: | May 23 04:40:15 2006 |
| MD5 Checksum: | b5e815efd15bd11115ca70c46e04ccbd |
|
| /// File Name: |
KAPDA-44.txt |
Description:
|
[KAPDA::#44] - NewsCMSLite Login ByPass by Cookie Vulnerability
| | Homepage: | http://www.KAPDA.ir | | File Size: | 1090 | | Last Modified: | May 26 19:19:39 2006 |
| MD5 Checksum: | 99a15776b3644f3be85074602efae62e |
|
| /// File Name: |
KAPDA-45.txt |
Description:
|
KAPDA #45: geeklog-1.4.0sr2 and prior versions suffer from Path Disclosure, XSS, SQL Injection vulnerabilities.
| | Homepage: | http://www.KAPDA.ir | | File Size: | 3804 | | Last Modified: | May 29 19:53:16 2006 |
| MD5 Checksum: | 07609d1613d0ba6db160461fa6f45399 |
|
| /// File Name: |
KAPDA-46.txt |
Description:
|
KAPDA advisory #46: Nukedit v4.9.6 and prior - Unauthorized Admin Add vulnerability
| | Homepage: | http://www.KAPDA.ir | | File Size: | 928 | | Last Modified: | May 29 20:01:17 2006 |
| MD5 Checksum: | d03faddc98dc7d04304fab0d12351ad6 |
|
| /// File Name: |
libextho.txt |
Description:
|
libextractor versions 0.5.13 and below suffer from multiple heap overflows.
| | Author: | Luigi Auriemma | | Homepage: | http://aluigi.org/ | | Related Exploit: | libextho.zip | | File Size: | 4087 | | Last Modified: | May 22 01:46:33 2006 |
| MD5 Checksum: | 63f5b209f6468ef2734aa772c7fc0d41 |
|
| /// File Name: |
LinuxSCTP2616.txt |
Description:
|
Multiple vulnerabilities exist in Linux SCTP 2.6.16 (lksctp) all resulting in kernel panics. The crafted packets must be sent to a listening endpoint in order to exploit these vulnerabilities.
| | Author: | Mu Security research team | | Homepage: | http://labs.musecurity.com/ | | File Size: | 3424 | | Last Modified: | May 17 03:24:37 2006 |
| MD5 Checksum: | 3f2625b941cd66125726a340373abb44 |
|
| /// File Name: |
loveyouBypass.txt |
Description:
|
It appears that Panda Antivirus and ClamAV may be susceptible to bypass for the "I Love You" virus when a simple variable is changed.
| | Author: | Joxean Koret | | File Size: | 1747 | | Last Modified: | May 6 17:11:03 2006 |
| MD5 Checksum: | 641c0a2fb4b91e21d1b15bc2410c7f9d |
|
| /// File Name: |
Mambo-4.6.txt |
Description:
|
Mambo versions less than or equal to 4.6 suffer from XSS.
| | Author: | rgod | | File Size: | 1466 | | Last Modified: | May 26 18:16:22 2006 |
| MD5 Checksum: | 198a3d477c018b7a97f437372f20b376 |
|
| /// File Name: |
McAfee-2006-0511.txt |
Description:
|
Two code execution vulnerabilities are present in Apple QuickDraw PICT image format support. Twenty one code execution vulnerabilities are present in Apple QuickTime support for various multimedia formats including: MOV, H.264, MPEG 4, AVI, FPX and SWF. Exploitation could lead to execution of arbitrary code. In order for an attack to succeed user interaction is required and therefore the risk factor for these issues is medium. Vulnerable systems include Mac OS X versions 10.4.6 and below without the May 2006 security update installed, QuickTime versions 7.0.4 and below for Mac OS X, and QuickTime for Windows versions 7.0.4 and below.
| | Author: | Mike Price | | File Size: | 3636 | | Related CVE(s): | CVE-2006-1249, CVE-2006-1453, CVE-2006-1454, CVE-2006-1459, CVE-2006-1460, CVE-2006-1461, CVE-2006-1462, CVE-2006-1464, CVE-2006-1465 | | Last Modified: | May 21 18:28:33 2006 |
| MD5 Checksum: | 1d79a56fa59628c48481d75f805348b7 |
|
| /// File Name: |
MDaemon-2.txt |
Description:
|
A Heap Overflow in the MDaemon IMAP Daemon has been discovered which may result in the execution of arbitrary code.
| | Author: | kingcope | | File Size: | 1290 | | Last Modified: | May 29 18:51:00 2006 |
| MD5 Checksum: | b30a1701e137180b1e0809e495ace6b7 |
|
| /// File Name: |
MDKSA-2006-080.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-080: Ulf Harnhammar discovered that the freshclam tool does not do a proper check for the size of header data received from a web server. This could potentially allow a specially prepared HTTP server to exploit freshclam clients connecting to a database mirror and causing a DoS. The updated packages have been updated to Clamav 0.88.2 which corrects this problem.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 6272 | | Related CVE(s): | CVE-2006-1989 | | Last Modified: | May 2 02:23:44 2006 |
| MD5 Checksum: | b0dfc92ffcb94492e4df354fa32a0164 |
|
| /// File Name: |
MDKSA-2006-081.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-081 - A problem was discovered in xorg-x11 where the X render extension would mis-calculate the size of a buffer, leading to an overflow that could possibly be exploited by clients of the X server.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 9311 | | Related CVE(s): | CVE-2006-1526 | | Last Modified: | May 6 16:05:12 2006 |
| MD5 Checksum: | dacbd8fde3d164b93c571e387cfc0f30 |
|
| /// File Name: |
MDKSA-2006-083.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-083: A race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 2519 | | Last Modified: | May 17 17:49:11 2006 |
| MD5 Checksum: | 13bd5d34120c6931c24b26d65c1f0472 |
|
| /// File Name: |
MDKSA-2006-084.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-084: The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 7634 | | Last Modified: | May 17 17:48:53 2006 |
| MD5 Checksum: | 010201bad5e247386899caf659a142f2 |
|
| /// File Name: |
MDKSA-2006-085.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-085: Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3551 | | Last Modified: | May 17 17:49:03 2006 |
| MD5 Checksum: | f144259db8d71fc85d2eec7d3693896a |
|
| /// File Name: |
MDKSA-2006-087.txt |
Description:
|
Mandriva Linux Security Advisory MDKSA-2006-087: Memory corruption can be triggered remotely when the ip_nat_snmp_basic module is loaded and traffic on port 161 or 162 is NATed.
| | Homepage: | http://www.mandriva.com/security/advisories | | File Size: | 3737 | | Last Modified: | May 25 22:57:47 2006 |
| MD5 Checksum: | b022557fc59d96e31e14491323515153 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
