Section: .. / 0607-advisories /
| /// File Name: |
msworks-bof.txt |
Description:
|
Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted files allows for denial of service and buffer overrun conditions. Affected by the denial of service condition are Microsoft Works versions 6.0 through 8.x, 4.x/2000, Works for Windows 3.0, Works for Windows 2.0, Works for DOS, Excel 4.0, and Lotus 1-2-3. Affected by the buffer overrun condition are Excel 97 through 2000 and Excel 5.0/95.
| | Author: | Benjamin Tobias Franz | | Related Exploit: | BTFs_MSWorksSpreadsheet_PoCFiles.zip | | File Size: | 1279 | | Last Modified: | Jul 15 04:42:56 2006 |
| MD5 Checksum: | 1ea40bd669d227f6340617c6b46a22db |
|
| /// File Name: |
NDSA20060705.txt |
Description:
|
Nth Dimension Security Advisory (NDSA20060705) - The IPCalc CGI wrapper version 0.40 is vulnerable to Javascript injection within the request URL.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 1196 | | Last Modified: | Jul 24 02:50:15 2006 |
| MD5 Checksum: | b16a4f82c57c15e40d16fd8cee94099f |
|
| /// File Name: |
NOVELL-SA-2006-001.txt |
Description:
|
Novell Security Announcement - A security vulnerability exists in the GroupWise Windows Client API that can allow random programmatic access to non-authorized email within the same authenticated post office. Affected Products: Novell GroupWise 5.x, Novell GroupWise 6.0, Novell GroupWise 6.5, Novell GroupWise 7, Novell GroupWise 32-bit Client.
| | Homepage: | http://www.novell.com/ | | File Size: | 8532 | | Related CVE(s): | CVE-2006-3268 | | Last Modified: | Jul 2 04:05:02 2006 |
| MD5 Checksum: | 529fa76eb5ef7601e3dfb33158f6c910 |
|
| /// File Name: |
nst-24.txt |
Description:
|
Graffiti Forums version 1.0 suffers from SQL injection vulnerabilities.
| | Author: | Paisterist | | Homepage: | http://www.neosecurityteam.net/ | | File Size: | 3824 | | Last Modified: | Jul 12 04:09:08 2006 |
| MD5 Checksum: | 2b4b878fc415927a205a667daf074ec7 |
|
| /// File Name: |
OpenPKG-SA-2006.013.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.013 - According to a vendor security update based on hints from TAKAHASHI Tamotsu, a stack-based buffer overflow exists in the Mutt [1] mail user agent. The problem is in the browse_get_namespace() function in "imap/browse.c" which allows remote attackers to cause a Denial of Service (DoS) or execute arbitrary code via long namespaces received from the IMAP server.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2221 | | Last Modified: | Jul 18 17:23:53 2006 |
| MD5 Checksum: | 6ab2d3be8f3dbf6f78b0eee86323a7d1 |
|
| /// File Name: |
OpenPKG-SA-2006.014.txt |
Description:
|
OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.
| | Homepage: | http://www.openpkg.org/security/ | | File Size: | 2401 | | Related CVE(s): | CVE-2006-3633 | | Last Modified: | Jul 27 21:36:35 2006 |
| MD5 Checksum: | 25cbe3e8022a1332e867c9f8e53009f7 |
|
| /// File Name: |
opswary.txt |
Description:
|
The Opsware Network Automation System (NAS) version 6.0 installs a world readable init script with the mysql root password in it.
| | Author: | Michael Freeman | | File Size: | 472 | | Last Modified: | Jul 26 03:29:25 2006 |
| MD5 Checksum: | 1209f05f88305d762ccca424f0174e69 |
|
| /// File Name: |
Orbitmatrix-v1.0.txt |
Description:
|
Orbitmatrix PHP Script v1.0 suffers from XSS and SQL injection vulnerabilities.
| | Author: | luny | | File Size: | 657 | | Last Modified: | Jul 13 20:13:58 2006 |
| MD5 Checksum: | 603c46a83ec88edc8143d7d566b1a70a |
|
| /// File Name: |
outpostSYSTEM.txt |
Description:
|
Outpost Firewall Pro version 3.51.759.6511 and Lavasoft Personal Firewall version 1.0.543.5722 suffer from a privilege escalation vulnerability that leads to SYSTEM access.
| | File Size: | 544 | | Last Modified: | Jul 20 04:10:45 2006 |
| MD5 Checksum: | 8c556f845e2fdaf7f50f5944c567a75e |
|
| /// File Name: |
perForms-1.0.txt |
Description:
|
perForms versions 1.0 and prior suffer from a remote file inclusion vulnerability.
| | Author: | endeneu | | File Size: | 1584 | | Last Modified: | Jul 13 20:19:57 2006 |
| MD5 Checksum: | cbe9ad20b5e81447b3ce61f3198ef67d |
|
| /// File Name: |
Photocyclev1.0.txt |
Description:
|
Photocycle v1.0 suffers from a XSS vulnerability.
| | Author: | luny | | File Size: | 196 | | Last Modified: | Jul 13 20:11:41 2006 |
| MD5 Checksum: | 83194c3c4de14156778b35dc9f90baf4 |
|
| /// File Name: |
phpbb2021.txt |
Description:
|
phpBB version 2.0.21 is susceptible to cross site scripting attacks.
| | Author: | Blwood | | Homepage: | http://www.blwood.net/ | | File Size: | 2027 | | Last Modified: | Jul 17 03:44:09 2006 |
| MD5 Checksum: | f96378c9bcb692ae0ba3662db40332d6 |
|
| /// File Name: |
phpbb3.xsql.txt |
Description:
|
phpbb 3.x sql injection exploit. Works regardless of php.ini settings but you need a global moderator account with "simple moderator" role.
| | Author: | rgod | | Homepage: | http://retrogod.altervista.org | | File Size: | 8697 | | Last Modified: | Jul 13 20:16:26 2006 |
| MD5 Checksum: | f33993491d41b41faf641349d19593f5 |
|
| /// File Name: |
phpfusionXSS-IE.txt |
Description:
|
Using a known flaw with execution in Internet Explorer, you can upload a malicious GIF file to PHP-Fusion to conduct cross site scripting attacks.
| | Author: | ZeberuS, Redworm | | File Size: | 822 | | Last Modified: | Jul 9 05:12:05 2006 |
| MD5 Checksum: | d6e1f3e0904bd86d87c141371900fda5 |
|
| /// File Name: |
phpmyadmin281.txt |
Description:
|
phpMyAdmin version 2.8.1 is susceptible to a cross site scripting vulnerability.
| | Homepage: | http://securitynews.ir/ | | File Size: | 942 | | Last Modified: | Jul 2 05:45:25 2006 |
| MD5 Checksum: | becaca21088a07413f3d000ca2913313 |
|
| /// File Name: |
phpPolls103.txt |
Description:
|
It appears that phpPolls version 1.0.3 allows for direct creation of a new poll without enforcing administrative privileges.
| | Author: | AlpEren, tugr | | Homepage: | http://www.ayyildiz.org/ | | File Size: | 454 | | Last Modified: | Jul 12 04:45:21 2006 |
| MD5 Checksum: | 9d4213aa0d0b65345bdbf53f65e48e27 |
|
| /// File Name: |
phpSysInfo-file.txt |
Description:
|
phpSysInfo version 2.5.1 has a remote flaw that allows for an attacker to verify if a file exists on the underlying system.
| | Author: | Micheal Turner | | File Size: | 1477 | | Last Modified: | Jul 9 07:18:38 2006 |
| MD5 Checksum: | 5885aa5ecc3628f74cb57c3b610c999f |
|
| /// File Name: |
powarc962-en.txt |
Description:
|
A vulnerability has been found in PowerArchiver version 9.62.03 that allows for arbitrary code execution.
| | Author: | Tan Chew Keong | | File Size: | 657 | | Last Modified: | Jul 26 04:58:19 2006 |
| MD5 Checksum: | e9bec764bc19dc25253454e1fdc762cc |
|
| /// File Name: |
powerArchiver.txt |
Description:
|
An arbitrary code execution vulnerability exists in PowerArchiver version 9.62.03.
| | Author: | Tan Chew Keong | | Homepage: | http://vuln.sg/ | | File Size: | 453 | | Last Modified: | Jul 27 21:35:07 2006 |
| MD5 Checksum: | 267edc4b189851724a63a443b2b84195 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
