Section: .. / 0611-advisories /
| /// File Name: |
virtech-xss.txt |
Description:
|
The VIRtechs Netquery system suffers from a cross site scripting flaw.
| | Author: | Tal Argoni | | File Size: | 1846 | | Last Modified: | Nov 2 20:42:15 2006 |
| MD5 Checksum: | a86194c66a8c5cd85e4dbaffa70d6b3d |
|
| /// File Name: |
Armorize-ADV-2006-0007.txt |
Description:
|
Armorize Technologies Security Advisory Armorize-ADV-2006-0007: SQL injection vulnerability in bfExplorer (BytesFall Explorer).
| | Author: | Armorize | | Homepage: | http://www.armorize.com | | File Size: | 1800 | | Last Modified: | Nov 1 17:35:31 2006 |
| MD5 Checksum: | 0e5ab16458ba21e610418e1a657c7d84 |
|
| /// File Name: |
major_rls35.txt |
Description:
|
Travelsized CMS versions 0.4.1 and below suffer from multiple cross site scripting issues.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1782 | | Last Modified: | Nov 20 11:11:37 2006 |
| MD5 Checksum: | f4b1f739125939857682836820c27f28 |
|
| /// File Name: |
major_rls30.txt |
Description:
|
admin.tool CMS versions 3 and below suffer from multiple cross site scripting flaws.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1761 | | Last Modified: | Nov 6 00:21:07 2006 |
| MD5 Checksum: | 51680d43affbd9e332c54fa85b053e54 |
|
| /// File Name: |
MHL-2006-004.txt |
Description:
|
Mayhemic Labs Public Advisory MHL-2006-004 - MBoard does not check the Post ID for malicious data when replying, allowing an attacker to create blank files on the system wherever the web server has write access. Versions 1.22 and below are affected.
| | Author: | Mayhemic Labs Security | | Homepage: | http://www.mayhemiclabs.com/ | | File Size: | 1742 | | Last Modified: | Nov 29 11:21:53 2006 |
| MD5 Checksum: | 3e0d5f7e7a78b8175c6157c4ba767472 |
|
| /// File Name: |
WarFTPd-dos.txt |
Description:
|
WarFTPd 1.82.00-RC11 is vulnerable to a DOS condition when passing a long string to various commands.
| | Author: | Joxean Koret | | Related File: | WarFTPd-dos.py | | File Size: | 1731 | | Last Modified: | Nov 8 18:36:51 2006 |
| MD5 Checksum: | 93115b3f53712e34d1a190c780db15e0 |
|
| /// File Name: |
proftpdmodtls.txt |
Description:
|
A remote buffer overflow vulnerability has been found in mod_tls module of ProFTPD server. The vulnerability could allow a remote un-authenticated attacker to gain root privileges. All versions including 1.3.0a are affected.
| | Author: | Evgeny Legerov | | File Size: | 1708 | | Last Modified: | Nov 30 19:37:59 2006 |
| MD5 Checksum: | ecfc1ef50d87351b49f60628686006c2 |
|
| /// File Name: |
major_rls33.txt |
Description:
|
ShopSystems versions 4.0 and below suffer from a SQL injection vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1661 | | Last Modified: | Nov 14 00:40:22 2006 |
| MD5 Checksum: | f22121ef3410a5434b965e97c00539e9 |
|
| /// File Name: |
dovecotOverflow.txt |
Description:
|
Versions 1.0test53 through 1.0.rc14 of the Dovecot IMAP/POP3 server are susceptible to a buffer overflow.
| | Author: | Timo Sirainen | | File Size: | 1632 | | Last Modified: | Nov 21 00:20:55 2006 |
| MD5 Checksum: | 290b6732fbb82748170ccac780d2593a |
|
| /// File Name: |
outpost-failures.txt |
Description:
|
Outpost Firewall PRO version 4.0 (and possibly older versions) hooks many functions in SSDT and in at least twelve cases it fails to validate arguments that come from user mode.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1465 | | Last Modified: | Nov 16 12:24:40 2006 |
| MD5 Checksum: | 53c661980a56348ae91ae63facb3c7a9 |
|
| /// File Name: |
CA-local.txt |
Description:
|
The Computer Associates "Host Intrusion Prevention System" engine drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges.
| | Author: | Rubén Santamarta | | Homepage: | http://www.reversemode.com/ | | Related Exploit: | CA-kmxfw-exploit.zip | | File Size: | 1060 | | Last Modified: | Nov 18 20:36:04 2006 |
| MD5 Checksum: | 416cadc93278d96b37c82dee6a9bb7cb |
|
| /// File Name: |
WFTPD-3.23.txt |
Description:
|
A buffer overflow with possible remote code execution was found in the APPE command in WFTPD Pro Server 3.23.
| | Author: | Joxean Koret | | Related Exploit: | WFTPD-bof.py | | File Size: | 937 | | Last Modified: | Nov 8 18:59:05 2006 |
| MD5 Checksum: | 5d7d6ddf80be23ea8a98131ab1767ee8 |
|
| /// File Name: |
icq-overflow.txt |
Description:
|
The Icq 2003 client is prone to a local heap overflow vulnerability in the "Answering Service" function due to a lack of bounds checking.
| | Author: | LegendaryZion | | Homepage: | http://www.zion-security.com | | File Size: | 892 | | Last Modified: | Nov 1 18:09:13 2006 |
| MD5 Checksum: | a289e665ea4b8a64c1e45ecdf162404e |
|
| /// File Name: |
B-FOCuS_router.txt |
Description:
|
The B-FOCuS Wireless 802.11b and g ADSL2+ Router by "ECI Telecom LTD" is prone to a directory listing Vulnerability in the web based management system.
| | Author: | LegendaryZion | | Homepage: | http://www.zion-security.com | | File Size: | 824 | | Last Modified: | Nov 2 19:35:37 2006 |
| MD5 Checksum: | 3f1a8054b332d85f427705c5514e5ed9 |
|
| /// File Name: |
mozExpose.txt |
Description:
|
Mozilla has made public bug #360493 that discusses a flaw where Firefox's Password manager is exposed to public sites.
| | File Size: | 687 | | Last Modified: | Nov 26 21:29:32 2006 |
| MD5 Checksum: | c18474258b9dddc1a37e51ff69931c93 |
|
| /// File Name: |
aspscripter.txt |
Description:
|
Asp Scripter Products Easy Portal version 1.4 and Live Support version 1.3 suffer from a SQL injection vulnerability in cpLogin.asp.
| | Author: | ajann | | File Size: | 587 | | Last Modified: | Nov 14 01:00:00 2006 |
| MD5 Checksum: | a047f09c786e6c1c66ee03c18adee643 |
|
| /// File Name: |
LS-20061113.txt |
Description:
|
LSsec has discovered a vulnerability in Computer Associates BrightStor ARCserve Backup version 11.5, which could be exploited by an anonymous attacker in order to execute arbitrary code with SYSTEM privileges on an affected system.
| | Homepage: | http://www.lssec.com/ | | File Size: | 462 | | Last Modified: | Nov 21 21:27:00 2006 |
| MD5 Checksum: | 31e92d00fbcd76854d1b61346e9c44e1 |
|
| /// File Name: |
topstory-rfi.txt |
Description:
|
Topstory Basic version 1.0 suffers from a remote file inclusion vulnerability.
| | Author: | rUnViRuS | | Homepage: | http://sec-area.com/ | | File Size: | 269 | | Last Modified: | Nov 14 02:14:50 2006 |
| MD5 Checksum: | abc7bd1b3532debdbb95483acfecacd9 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
