Section: .. / 0606-advisories /
| /// File Name: |
sa20882.txt |
Description:
|
Secunia Security Advisory - KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks.
| | Homepage: | http://secunia.com/advisories/20882/ | | File Size: | 2221 | | Last Modified: | Jun 29 20:48:34 2006 |
| MD5 Checksum: | 15da7b2ccddc3deddef147a2f7810417 |
|
| /// File Name: |
sa20883.txt |
Description:
|
Secunia Security Advisory - Botan has discovered a vulnerability in PHP iCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks.
| | Homepage: | http://secunia.com/advisories/20883/ | | File Size: | 2273 | | Last Modified: | Jun 29 20:48:34 2006 |
| MD5 Checksum: | 125b843b471bc2a31abaa1be5e948658 |
|
| /// File Name: |
sa20884.txt |
Description:
|
Secunia Security Advisory - rUnViRuS has reported a vulnerability in MKPortal, which can be exploited by malicious people to disclose sensitive information.
| | Homepage: | http://secunia.com/advisories/20884/ | | File Size: | 2176 | | Last Modified: | Jun 29 20:48:34 2006 |
| MD5 Checksum: | 4dc04d70910ec6d8b03db0205066d046 |
|
| /// File Name: |
sa20888.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in Novell GroupWise, which can be exploited by malicious users to bypass certain security restrictions.
| | Homepage: | http://secunia.com/advisories/20888/ | | File Size: | 3039 | | Last Modified: | Jun 29 20:48:34 2006 |
| MD5 Checksum: | e56cac7593368be62ce0fdcbb1d1da03 |
|
| /// File Name: |
SEC-20060613-0.txt |
Description:
|
SEC-CONSULT Security Advisory 20060613-0 - Microsoft Outlook Web Access is vulnerable to an HTML code injection/cross site scripting attack. A malicious user could craft a mail containing HTML and Javascript code. Such code could be used to steal session information from the victims cookies, and thus enable the attacker to get access to the victim's emails. Vulnerable versions are Exchange 2000 (SP3), 2003 (SP1), 2003 (SP2).
| | Author: | D. Fabian, T. Kerbl | | Homepage: | http://www.sec-consult.com/ | | File Size: | 3463 | | Last Modified: | Jun 15 11:03:25 2006 |
| MD5 Checksum: | 7f38fada882239ce16eb4a77004df1f7 |
|
| /// File Name: |
secunia-AutoMate.txt |
Description:
|
Secunia Research has discovered a vulnerability in AutoMate version 6.1.0.0, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in UNACEV2.DLL when extracting an ACE archive containing a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when a user extracts a specially crafted ACE archive.
| | Homepage: | http://secunia.com/ | | File Size: | 3736 | | Related CVE(s): | CVE-2005-2856 | | Last Modified: | Jun 12 09:52:00 2006 |
| MD5 Checksum: | 3a7d4013b6a8a36998ae271cc6671624 |
|
| /// File Name: |
secunia-cmsMundo.txt |
Description:
|
Secunia Research has discovered two vulnerabilities in CMS Mundo version 1.0 build 007, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
| | Author: | Andreas Sandblad | | Homepage: | http://secunia.com/ | | File Size: | 4300 | | Related CVE(s): | CVE-2006-2911, CVE-2006-2931 | | Last Modified: | Jun 21 09:41:46 2006 |
| MD5 Checksum: | 73be6f583f64397ae962e0562751e136 |
|
| /// File Name: |
secunia-Evolution.txt |
Description:
|
Secunia Research 31/05/2006 - Eserv/3 IMAP and HTTP Server Multiple Vulnerabilities
| | Homepage: | http://secunia.com/ | | File Size: | 3914 | | Last Modified: | Jun 2 00:21:46 2006 |
| MD5 Checksum: | 3046a0a4cfb825fbc6f559528c5596f8 |
|
| /// File Name: |
secunia-mybb.txt |
Description:
|
Secunia Research has discovered a vulnerability in MyBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the username field when registering is not properly sanitized before being used in a "preg_replace" call with the "e" modifier in the "domecode()" function in inc/functions_post.php. This can be exploited to execute arbitrary PHP code by first registering with a specially crafted username and then previewing a post containing the "/slap" string. The vulnerability has been confirmed in version 1.1.2. Prior versions may also be affected.
| | Author: | Andreas Sandblad | | Homepage: | http://secunia.com/ | | File Size: | 4151 | | Related CVE(s): | CVE-2006-2908 | | Last Modified: | Jun 15 08:31:20 2006 |
| MD5 Checksum: | e051b4cd8b35a8d1158abb7af2484605 |
|
| /// File Name: |
secunia-Opera.txt |
Description:
|
Secunia Research 28/06/2006: Opera SSL Certificate "Stealing" Weakness - Secunia Research has discovered a weakness in Opera, which can be exploited to display the SSL certificate from a trusted site on an untrusted site.
| | Homepage: | http://secunia.com/secunia_research/ | | File Size: | 3289 | | Last Modified: | Jun 29 06:03:56 2006 |
| MD5 Checksum: | b758d7056b1bcd21c655d2b2b53a6178 |
|
| /// File Name: |
secunia-phpRaid.txt |
Description:
|
Secunia Research has discovered some vulnerabilities in phpRaid, which can be exploited by malicious people to conduct SQL injection attacks or to compromise a vulnerable system. Versions 3.0.4, 3.0.5, and 3.0.6 are affected.
| | Author: | Sven Krewitt | | Homepage: | http://secunia.com/ | | File Size: | 6133 | | Related CVE(s): | CVE-2006-3115, CVE-2006-3116 | | Last Modified: | Jul 2 09:39:53 2006 |
| MD5 Checksum: | 567128c57aa78ea2aa4c30399cb721f7 |
|
| /// File Name: |
secunia-ZipCentral |
Description:
|
Secunia Research 30/05/2006 - ZipCentral ZIP File Handling Buffer Overflow Vulnerability
| | Homepage: | http://secunia.com/ | | File Size: | 3463 | | Last Modified: | Jun 2 00:22:32 2006 |
| MD5 Checksum: | 1d18bb73ee7bebb1042090ef3fe893ec |
|
| /// File Name: |
secunia-zipinfo.txt |
Description:
|
Secunia Research has discovered a vulnerability in PicoZip version 4.01, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "zipinfo.dll" info tip shell extension when reading a ACE, RAR, or ZIP archive that contains a file with an overly long filename. This can be exploited to cause a stack-based buffer overflow when the user moves the mouse cursor over a malicious archive either in Windows Explorer or from any program that uses the file-open dialog box. Successful exploitation allows arbitrary code execution.
| | Author: | Tan Chew Keong | | Homepage: | http://secunia.com/ | | File Size: | 3645 | | Related CVE(s): | CVE-2006-2909 | | Last Modified: | Jun 15 11:04:50 2006 |
| MD5 Checksum: | bea72ef5b0f040b96557a8b38bfddea9 |
|
| /// File Name: |
SGA-0001.txt |
Description:
|
SpySweeper versions 4.5.9 build 709 and below suffer from multiple bypass and integrity flaws.
| | Homepage: | http://www.sentinel.gr/ | | File Size: | 4907 | | Last Modified: | Jun 27 06:19:03 2006 |
| MD5 Checksum: | ff9e9a60441c57f45e8b8aec74097c8c |
|
| /// File Name: |
shoutcastservers.txt |
Description:
|
Shoutcast servers may be susceptible to XSS in the DJ columns.
| | Author: | Mantas Jadzevi | | File Size: | 451 | | Last Modified: | Jun 11 04:41:15 2006 |
| MD5 Checksum: | 5444804061c6b33ec05401cec07dd9e8 |
|
| /// File Name: |
simplePHP.txt |
Description:
|
Simple PHP Poll suffers from an authentication bypass vulnerability.
| | Author: | AlpEren, tugr | | Homepage: | http://www.ayyildiz.org/ | | File Size: | 1241 | | Last Modified: | Jun 26 07:48:13 2006 |
| MD5 Checksum: | 57e84b4597a8db14b91569fcea9df25a |
|
| /// File Name: |
smartsite-v1.0.txt |
Description:
|
smartsite cms v1.0 suffers from a remote file inclusion vulnerability.
| | Author: | CrAsh_oVeR_rIdE | | File Size: | 2064 | | Last Modified: | Jun 29 05:57:17 2006 |
| MD5 Checksum: | a650772ca91f24eea2fc1221de025e96 |
|
| /// File Name: |
SMF1.0.7.txt |
Description:
|
simplemachines SMF versions 1.0.7 and prior plus 1.1rc2 and prior suffer from a IP spoofing vulnerability.
| | Author: | Jessica Hope | | File Size: | 4915 | | Last Modified: | Jun 3 06:25:22 2006 |
| MD5 Checksum: | 1012ad52813b23f0ad95bb358e295a38 |
|
| /// File Name: |
snortBypass.txt |
Description:
|
An evasion vulnerability in Snort allows an attacker to bypass detection of uricontent rules by adding a carriage return to the end of a URL.
| | Homepage: | http://www.demarc.com/ | | File Size: | 1170 | | Related OSVDB(s): | 25837 | | Last Modified: | Jun 5 09:19:38 2006 |
| MD5 Checksum: | e4ae9bbe02fb0851bf63a009cb295f37 |
|
| /// File Name: |
snortEvasion2.txt |
Description:
|
The recent Snort evasion vulnerability discovered had a patch released that may also be subverted.
| | Author: | Chris | | Homepage: | http://www.sigint-consulting.com | | File Size: | 2105 | | Last Modified: | Jun 5 10:07:12 2006 |
| MD5 Checksum: | 4a634c35a56f9cf323a639618e383df1 |
|
| /// File Name: |
sourceEvade.txt |
Description:
|
Sourcefire is aware of a possible Snort evasion that exists in the http_inspect preprocessor. This evasion case only applies to protected Apache web servers. Patches will be released for the 2.4 and 2.6 branches on Monday, June 5th.
| | Homepage: | http://www.sourcefire.com | | File Size: | 2153 | | Last Modified: | Jun 5 09:18:13 2006 |
| MD5 Checksum: | cd8d1e8c968c21cfc7b38fc15544b726 |
|
| /// File Name: |
speedstream.txt |
Description:
|
Speedstream routers have UPnP/1.0 support. An attacker can access protected files and bypass the password protection without logging in using the UPnP part of the tree.
| | Author: | Jaime Blasco | | File Size: | 2282 | | Last Modified: | Jul 2 09:34:34 2006 |
| MD5 Checksum: | 5b78c72d204a6b19edd46049d9575a56 |
|
| /// File Name: |
SSRT051056.txt |
Description:
|
HP Security Bulletin - A potential security vulnerability has been identified with the HP-UX kernel. The vulnerability could be exploited by a local user to create a Denial of Service (DoS).
| | Homepage: | http://www.hp.com | | File Size: | 5841 | | Last Modified: | Jun 27 08:04:40 2006 |
| MD5 Checksum: | 779fd0165b7d22fee299fea1ddcbc36e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
