Section: .. / 0604-advisories /
| /// File Name: |
FreeContent.txt |
Description:
|
Freecontent v2.9 and 3.0 suffer from a remote file inclusion vulnerability.
| | Author: | Silitix | | File Size: | 4264 | | Last Modified: | Apr 17 19:21:58 2006 |
| MD5 Checksum: | 5f18e0b4955c546addb248af5aee3cb6 |
|
| /// File Name: |
Farsinews.txt |
Description:
|
Farsinews 2.5.3 Pro and below suffer from XSS and path disclosure vulnerabilities.
| | Homepage: | http://aria-security.net | | File Size: | 1860 | | Last Modified: | Apr 17 19:20:10 2006 |
| MD5 Checksum: | 57315ff6dccf2556ff4a504ff5c37902 |
|
| /// File Name: |
osCommerce-2.2-extras.txt |
Description:
|
If the "extras" folder is placed inside the webroot on osCommerce versions less than v2.2 any file can be read on the target system, including php source code with the database details.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 1558 | | Last Modified: | Apr 17 19:19:19 2006 |
| MD5 Checksum: | c94b99c1a0796f3af2d46b3b24630938 |
|
| /// File Name: |
ModX-0.9.1.txt |
Description:
|
ModX v0.9.1 suffers from XSS and a directory transversal vulnerability.
| | Author: | crasher | | Homepage: | http://kecoak.or.id | | File Size: | 1600 | | Last Modified: | Apr 17 19:14:37 2006 |
| MD5 Checksum: | 1c94dd212fc79a8de42436dddc806c95 |
|
| /// File Name: |
Papoo-2.1.5 |
Description:
|
Papoo v2.1.5 suffers from XSS. POC included.
| | Homepage: | http://kecoak.or.id | | File Size: | 1802 | | Last Modified: | Apr 17 19:13:22 2006 |
| MD5 Checksum: | 703a852c570358be7f0fa6cbc6b765f2 |
|
| /// File Name: |
Lifetype.txt |
Description:
|
Lifetype v1.0.3 suffers from XSS and full path disclosure vulnerabilities.
| | Author: | crasher | | Homepage: | http://kecoak.or.id | | File Size: | 1475 | | Last Modified: | Apr 17 19:12:35 2006 |
| MD5 Checksum: | b3167cc6a014858b31df377b79d85cfc |
|
| /// File Name: |
PowerClan1.14.txt |
Description:
|
PowerClan 1.14 suffers from a SQL injection vulnerability if magic_quotes_gpc = off.
| | Homepage: | http://d4igoro.blogspot.com/ | | File Size: | 612 | | Last Modified: | Apr 17 19:10:14 2006 |
| MD5 Checksum: | 0af0eb463e902f4b645711fc86dc4c7d |
|
| /// File Name: |
camino.txt |
Description:
|
Mozilla Camino browser versions 1.0 a prior are vulnerable to a HTML parsing null pointer dereference denial of service vulnerability.
| | Author: | Simon MOREL | | Homepage: | http://www.sysdream.com | | File Size: | 632 | | Last Modified: | Apr 17 19:08:47 2006 |
| MD5 Checksum: | bf8d3ac33c58bde9a6a44f77b66f291b |
|
| /// File Name: |
planetSearch-xss.txt |
Description:
|
planetSearch+ version 26.10.2005 is vulnerable to XSS.
| | Author: | d4igoro | | File Size: | 706 | | Last Modified: | Apr 17 19:06:37 2006 |
| MD5 Checksum: | d01c35f4b2ac826ab6e87eabace68931 |
|
| /// File Name: |
ng-WGT624.txt |
Description:
|
The Netgear WGT624 contains a default admin username and password that can be used to access the device via the serial port.
| | Author: | tranceformer | | File Size: | 601 | | Last Modified: | Apr 17 19:04:57 2006 |
| MD5 Checksum: | 7db8ed223ff5af97c754c275d88e3d22 |
|
| /// File Name: |
USN-270-1.txt |
Description:
|
Ubuntu Security Notice USN-270-1 - kdegraphics, koffice, xpdf, cupsys, poppler, tetex-bin vulnerabilities.
| | Homepage: | http://security.ubuntu.com/ | | File Size: | 54919 | | Last Modified: | Apr 17 18:44:16 2006 |
| MD5 Checksum: | 69d108f670df75868578f59443ee118b |
|
| /// File Name: |
EV0118.txt |
Description:
|
eVuln ID: EV0118 - CzarNews v1.14 suffers from multiple XSS and SQL injection vulnerabilities if magic_quotes_gpc = off.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1431 | | Last Modified: | Apr 17 18:21:55 2006 |
| MD5 Checksum: | b418b4cf85dc4305aad5fa00f5fb36ed |
|
| /// File Name: |
EV0117.txt |
Description:
|
eVuln ID: EV0117 - aWebBB v1.2 suffers from several XSS and SQL injection vulnerabilities if magic_quotes_gpc = off.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1912 | | Last Modified: | Apr 17 18:21:03 2006 |
| MD5 Checksum: | 957997d667d2ff2728a4083d3e494156 |
|
| /// File Name: |
EV0116.txt |
Description:
|
eVuln ID: EV0116 - aWebNews v1.0 suffers from multiple XSS and SQL injection vulnerabilities.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1445 | | Last Modified: | Apr 17 18:19:56 2006 |
| MD5 Checksum: | c0fb3af3b8b79ceeecdd7b26a8ba0447 |
|
| /// File Name: |
EV0115.txt |
Description:
|
eVuln ID: EV0115 - RedCMS 0.1 suffers from multiple XSS and SQL injection vulnerabilities.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1524 | | Last Modified: | Apr 17 18:18:59 2006 |
| MD5 Checksum: | 3180f4b97d9603163d3c6ba345800e84 |
|
| /// File Name: |
EV0114.txt |
Description:
|
eVuln ID: EV0114 - qliteNews v2005.07.01 suffers from SQL injection if magic_quotes_gpc = off.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1134 | | Last Modified: | Apr 17 18:18:20 2006 |
| MD5 Checksum: | 1681acf33c44a7939814ef89ed78853a |
|
| /// File Name: |
EV0113.txt |
Description:
|
eVuln ID: EV0113: QLnews v1.2 suffers from XSS and php code insertion vulnerabilities.
| | Author: | Aliaksandr Hartsuyeu | | Homepage: | http://evuln.com/ | | File Size: | 1311 | | Last Modified: | Apr 17 18:17:22 2006 |
| MD5 Checksum: | 41ea9098304cfe1fd1542f70b96933a1 |
|
| /// File Name: |
glsa-200604-07.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200604-07 - Several vulnerabilities have been identified in the copy of ADOdb included in Cacti. Andreas Sandblad discovered a dynamic code evaluation vulnerability (CVE-2006-0147) and a potential SQL injection vulnerability (CVE-2006-0146). Andy Staudacher reported another SQL injection vulnerability (CVE-2006-0410), and Gulftech Security discovered multiple cross-site-scripting issues (CVE-2006-0806). Versions less than 0.8.6h_p20060108-r2 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 3959 | | Last Modified: | Apr 17 18:14:50 2006 |
| MD5 Checksum: | cba79aeb7e3fb7b1b502b6818ebc4fb6 |
|
| /// File Name: |
glsa-200604-08.txt |
Description:
|
Gentoo Linux Security Advisory GLSA 200604-08 - A vulnerability has been reported in the apreq_parse_headers() and apreq_parse_urlencoded() functions of Apache2::Request. Versions less than 2.07 are affected.
| | Homepage: | http://security.gentoo.org | | File Size: | 2608 | | Last Modified: | Apr 17 18:14:38 2006 |
| MD5 Checksum: | 65243d3f443c621f6459a153f501237d |
|
| /// File Name: |
dsa-1036-1.txt |
Description:
|
Debian Security Advisory 1036-1: A buffer overflow problem has been discovered in sail, a game contained in the bsdgames package, a collection of classic textual Unix games, which could lead to games group privilege escalation.
| | Homepage: | http://www.debian.org/security | | File Size: | 7631 | | Last Modified: | Apr 17 18:11:44 2006 |
| MD5 Checksum: | 62e6b9620ded9240124547fd363f3894 |
|
| /// File Name: |
dsa-1035-1.txt |
Description:
|
Debian Security Advisory 1035-1: Steve Kemp from the Debian Security Audit project discovered that a cronjob contained in fcheck, a file integrity checker, creates a temporary file in an insecure fashion.
| | Homepage: | http://www.debian.org/security | | File Size: | 2884 | | Last Modified: | Apr 17 18:11:36 2006 |
| MD5 Checksum: | 25158bfc28e95a805d26217d6acb10fa |
|
| /// File Name: |
dsa-1034-1.txt |
Description:
|
Debian Security Advisory 1034-1: Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code.
| | Homepage: | http://www.debian.org/security | | File Size: | 3271 | | Last Modified: | Apr 17 18:11:25 2006 |
| MD5 Checksum: | 1bc61d97ed534733f918f2670ff02def |
|
| /// File Name: |
dsa-1033-1.txt |
Description:
|
Debian Security Advisory 1033-1: Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code.
| | Homepage: | http://www.debian.org/security | | File Size: | 3643 | | Last Modified: | Apr 17 18:11:11 2006 |
| MD5 Checksum: | e30feb755ac72be15ca0985ec6f49973 |
|
| /// File Name: |
dsa-1032-1.txt |
Description:
|
Debian Security Advisory 1032-1: It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users.
| | Homepage: | http://www.debian.org/security | | File Size: | 3303 | | Last Modified: | Apr 17 18:10:57 2006 |
| MD5 Checksum: | 81064bd76b3cf4a652377d556fd0f3d1 |
|
| /// File Name: |
googlereader.txt |
Description:
|
Google reader is supposed to display only those contents which the user has subscribed to however two vulnerabilities has been identified which may allow an attacker to entice it's victim (using google reader service) to view unwanted web contents carrying malicious payloads.
| | Homepage: | http://www.hackingspirits.com | | File Size: | 3271 | | Last Modified: | Apr 17 14:23:34 2006 |
| MD5 Checksum: | b00754e81d529b49b6a488d82a1630a6 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
