Section: .. / 0605-advisories /
| /// File Name: |
ChatPatv1.0.txt |
Description:
|
ChatPat v1.0 is vulnerable to SQL injection and XSS.
| | Author: | luny | | File Size: | 711 | | Last Modified: | May 26 19:09:51 2006 |
| MD5 Checksum: | f7dfee2e4757134341edbe95cb637135 |
|
| /// File Name: |
chipmunkBlogger.txt |
Description:
|
ChipmunkBlogger suffers from a lack of input sanitizing.
| | Author: | Nomenumbra | | File Size: | 540 | | Last Modified: | May 6 18:03:22 2006 |
| MD5 Checksum: | e4ba1ba131b06536efa0a4ee1c4cd68f |
|
| /// File Name: |
chipmunkBoard.txt |
Description:
|
ChipmunkBoard suffers from SQL injection flaws.
| | Author: | Nomenumbra | | File Size: | 670 | | Last Modified: | May 6 18:14:05 2006 |
| MD5 Checksum: | ae6c3d383fb2e41489fee263c51fb6a0 |
|
| /// File Name: |
cirt-43-advisory.pdf |
Description:
|
A vulnerability has been found in an ActiveX object distributed as part of TDC' Microsoft CSP suite. The vulnerability allows code execution on any client machine that has the component installed if the user navigates to an attacker-created website.
| | Author: | Dennis Rand | | Homepage: | http://www.cirt.dk | | File Size: | 270168 | | Related CVE(s): | CVE-2006-1172 | | Last Modified: | May 6 17:53:54 2006 |
| MD5 Checksum: | 95e200f8b61a5782e57d22b2dc53c55b |
|
| /// File Name: |
cisco-sa-20060501-cue.txt |
Description:
|
Cisco Security Advisory - Cisco Unity Express (CUE) contains a vulnerability that might allow an authenticated user to change the password for another user by using the HTTP management interface, if the password for the user being modified is marked as expired. This can result in a privilege escalation attack and complete administrative control of a CUE module, if the password being changed belongs to an administrator.
| | Homepage: | http://www.cisco.com | | File Size: | 11705 | | Last Modified: | May 5 05:59:59 2006 |
| MD5 Checksum: | e73d896546b64f7423f2806426a10956 |
|
| /// File Name: |
cisco-sa-20060510-avs.txt |
Description:
|
Cisco Security Advisory - Cisco Application Velocity System's (AVS) default configuration allows transparent relay of TCP connections to any reachable destination TCP port if the receiving TCP service can process requests embedded in a HTTP POST method message. This issue does not require a software upgrade and can be mitigated by a configuration command for all affected customers. Vulnerable versions include AVS 3110 4.0, 5.0, and prior versions. Also affected is AVS 3120 5.0.0 and prior versions.
| | Homepage: | http://www.cisco.com/ | | File Size: | 11816 | | Last Modified: | May 21 14:36:32 2006 |
| MD5 Checksum: | 19868f62a354d3fa8c4d4f1f2be6e94b |
|
| /// File Name: |
cisco-sa-20060524-vpnclient.txt |
Description:
|
Cisco Security Advisory: Windows VPN Client Local Privilege Escalation Vulnerability - The Cisco VPN Client for Windows is affected by a local privilege escalation vulnerability that allows non-privileged users to gain administrative privileges. A user needs to authenticate and start an interactive Windows session to be able to exploit this vulnerability.
| | Homepage: | http://www.cisco.com | | File Size: | 11794 | | Last Modified: | May 29 01:05:19 2006 |
| MD5 Checksum: | 52f7c86d63fe442d9495ed7773c5aa03 |
|
| /// File Name: |
cisco-websense-bypass.txt |
Description:
|
For each HTTP request the Cisco PIX or other Cisco device forwards individual packets to Websense to determine whether or not the request should be permitted. However, when splitting the HTTP request into two or more packets on the HTTP method it is possible to circumvent the filtering mechanism. Affected versions are Websense 5.5.2, Cisco PIX OS / ASA versions below 7.0.4.12, Cisco PIX OS versions below 6.3.6(112), FWSM 2.3.x, and FWSM 3.x.
| | Author: | George D. Gal | | File Size: | 9731 | | Related CVE(s): | CVE-2006-0515 | | Last Modified: | May 17 02:54:00 2006 |
| MD5 Checksum: | e4117b7343ffc213b150f115207bd0a9 |
|
| /// File Name: |
CodeScanLabs_AvatarMod.txt |
Description:
|
The Avatar MOD gives portal administrators the ability to upload avatar images to be used within the forum. CodeScan located a file upload vulnerability in the avatar_upload.asp which can be exploited by a remote user to upload any arbitrary file. Affected is Avatar MOD versions 1.3 for Snitz Forums version 3.4.
| | Author: | Paul Craig | | File Size: | 3309 | | Last Modified: | May 22 01:56:53 2006 |
| MD5 Checksum: | 5daf0932a8ea7d902524b62c1129c010 |
|
| /// File Name: |
coolphpmagazine.txt |
Description:
|
Multiple XSS vulnerabilities have been discovered in coolphp magazine.
| | Author: | Black-cod3 | | File Size: | 1234 | | Last Modified: | May 29 19:46:25 2006 |
| MD5 Checksum: | 92f78dac5fe58b7b8e2779a6ecef3a65 |
|
| /// File Name: |
curlphp-4.4.2-5.1.4.txt |
Description:
|
It is possible to bypass safe mode in PHP 4.4.2 and 5.1.4 by using the cURL library.
| | Author: | cxib | | Homepage: | http://securityreason.com | | File Size: | 3638 | | Last Modified: | May 29 03:54:04 2006 |
| MD5 Checksum: | 76489a9d1067503afe0e9437851568f9 |
|
| /// File Name: |
CYBSEC-SAPBC.txt |
Description:
|
CYBSEC Security Advisory - SAP BC was found to provide a vector to allow Phishing scams against the SAP BC administrator. Affected versions are SAP BC Core Fix 7 and below.
| | Author: | Leandro Meiners | | Homepage: | http://www.cybsec.com/ | | File Size: | 2896 | | Last Modified: | May 21 23:55:25 2006 |
| MD5 Checksum: | 3ad38ee6d7fe484683aa27a05eb7a06c |
|
| /// File Name: |
CYBSEC-SAPlocal.txt |
Description:
|
CYBSEC Security Advisory - The SAP sapdba command for Informix versions prior to 700 and version 700 up to patch number 100 is susceptible to a local privilege escalation flaw.
| | Author: | Leandro Meiners | | Homepage: | http://www.cybsec.com/ | | File Size: | 3545 | | Last Modified: | May 22 02:05:02 2006 |
| MD5 Checksum: | d82e4532e460380708788cfc4db73ab1 |
|
| /// File Name: |
destiney.txt |
Description:
|
Destiney Rated Images Script version 0.5.0 suffers from a cross site scripting vulnerability.
| | Author: | luny | | File Size: | 1591 | | Last Modified: | May 23 04:18:00 2006 |
| MD5 Checksum: | 96b005a03bc99b982f45aa948d60edbd |
|
| /// File Name: |
destiney212.txt |
Description:
|
Destiney Links Script versions 2.1.2 is susceptible to cross site scripting and full path disclosure vulnerabilities.
| | Author: | luny | | File Size: | 1188 | | Last Modified: | May 23 04:20:38 2006 |
| MD5 Checksum: | a039d66f382d4fae34e735b825c65096 |
|
| /// File Name: |
DGbook-1.0.txt |
Description:
|
DGbook v1.0 suffers from XSS.
| | Author: | luny | | File Size: | 799 | | Last Modified: | May 26 18:12:24 2006 |
| MD5 Checksum: | 61bebf0ae5a86fa614e789f5aaff6177 |
|
| /// File Name: |
dieselPHP.txt |
Description:
|
When an unsuspecting user installs Diesel PHP Job Site on their webserver, all information is emailed back to the original programmers of this software. This information is sent from install.php, which includes the database host, database name, username, and password used to connect.
| | Author: | Matt Gibson | | File Size: | 1916 | | Last Modified: | May 22 02:01:53 2006 |
| MD5 Checksum: | e3087052587504a1dc573c95093ea21f |
|
| /// File Name: |
DMA-2006-0514a.txt |
Description:
|
ClamAV freshclam suffers from an incorrect privilege dropping vulnerability.
| | Author: | Kevin Finisterre | | Homepage: | http://www.digitalmunition.com/ | | File Size: | 6641 | | Last Modified: | May 21 23:41:59 2006 |
| MD5 Checksum: | 04cfa190d4ba3ec49511d88cd9e3f793 |
|
| /// File Name: |
DoceboLMS2.05.txt |
Description:
|
Docebo LMS 2.05 suffers from a remote file inclusion vulnerability.
| | Author: | beford | | File Size: | 471 | | Last Modified: | May 29 03:27:38 2006 |
| MD5 Checksum: | 3e9fb7293168e2c691805d5de44eab40 |
|
| /// File Name: |
dovecotIssue.txt |
Description:
|
Dovecot 1.0 beta is susceptible to an information disclosure flaw.
| | Author: | Timo Sirainen | | File Size: | 1291 | | Last Modified: | May 21 18:16:58 2006 |
| MD5 Checksum: | 9fd3fcfccd3eca5d2326c2d8bd2b341f |
|
| /// File Name: |
dreamweaverSQL.txt |
Description:
|
There are multiple SQL Injection vulnerabilities in the code generated by Adobe's Macromedia Dreamweaver prior to version 8.0.2. This vulnerability affects the ColdFusion, PHP mySQL, ASP, ASP.NET and JSP server models. If the database server is configured to allow local system commands to be executed via database calls, this vulnerability may also allow local code execution.
| | Author: | Brian Gallagher | | File Size: | 3659 | | Related CVE(s): | CVE-2006-2042 | | Last Modified: | May 21 14:32:33 2006 |
| MD5 Checksum: | da20127ffd2927fbe693829cb4d87f00 |
|
| /// File Name: |
dsa-1047-1.txt |
Description:
|
Debian Security Advisory 1047-1 - A problem has been discovered in resmgr, a resource manager library daemon and PAM module, that allows local users to bypass access control rules and open any USB device when access to one device was granted.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 8887 | | Last Modified: | May 1 04:27:08 2006 |
| MD5 Checksum: | c8fff16a132d0ee27e72beb72d211a64 |
|
| /// File Name: |
dsa-1048-1.txt |
Description:
|
Debian Security Advisory 1048-1 - Several problems have been discovered in Asterisk, an Open Source Private Branch Exchange (telephone control center). Adam Pointon discovered that due to missing input sanitizing it is possible to retrieve recorded phone messages for a different extension. Emmanouel Kellinis discovered an integer signedness error that could trigger a buffer overflow and hence allow the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 13287 | | Related CVE(s): | CVE-2005-3559, CVE-2006-1827 | | Last Modified: | May 1 04:35:16 2006 |
| MD5 Checksum: | 76727097288d6e1012caa084e65f4920 |
|
| /// File Name: |
dsa-1050-1.txt |
Description:
|
Debian Security Advisory 1050-1 - Ulf Harnhammar and an anonymous researcher from Germany discovered a vulnerability in the protocol code of freshclam, a command line utility responsible for downloading and installing virus signature updates for ClamAV, the antivirus scanner for Unix. This could lead to a denial of service or potentially the execution of arbitrary code.
| | Author: | Martin Schulze | | Homepage: | http://www.debian.org/security | | File Size: | 15443 | | Related CVE(s): | CVE-2006-1989 | | Last Modified: | May 6 16:41:44 2006 |
| MD5 Checksum: | 1cb33ea7e8677948aa99d8148ab45a95 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
