Section: .. / 0607-advisories /
| /// File Name: |
major_rls23.txt |
Description:
|
BLOG:CMS versions 4.0.0j and below suffer from a cross site scripting flaw.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1902 | | Last Modified: | Jul 24 01:05:26 2006 |
| MD5 Checksum: | 9645bced667496bc069569f8a233f593 |
|
| /// File Name: |
major_rls22.txt |
Description:
|
Top XL versions 1.1 and below suffer from cross site scripting and cookie disclosure flaws.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1861 | | Last Modified: | Jul 24 00:16:31 2006 |
| MD5 Checksum: | 87c588c077e6a389a9b914ff40e09f23 |
|
| /// File Name: |
sa20875.txt |
Description:
|
Secunia Security Advisory - A vulnerability has been reported in FreeStyle Wiki, which can be exploited by malicious people to cause a DoS (Denial of Service).
| | Homepage: | http://secunia.com/advisories/20875/ | | File Size: | 1831 | | Last Modified: | Jul 4 05:53:37 2006 |
| MD5 Checksum: | f16e97380e5f864784d01df4f28ece6b |
|
| /// File Name: |
Savant2.txt |
Description:
|
Savant2 suffers from a remote file inclusion vulnerability.
| | Author: | botan | | File Size: | 1812 | | Last Modified: | Jul 24 01:02:12 2006 |
| MD5 Checksum: | ce6ef08a703c8873936ef08266f0a4e6 |
|
| /// File Name: |
prohp.txt |
Description:
|
Professional Home Page suffers from cross site scripting flaws.
| | Author: | Tamriel | | File Size: | 1688 | | Last Modified: | Jul 26 05:04:31 2006 |
| MD5 Checksum: | 314b7d4c466b61a6a02357d678f8e316 |
|
| /// File Name: |
kapda-52.txt |
Description:
|
PHP-Post version 1.0 suffers from a cookie modification privilege escalation vulnerability.
| | Author: | FarhadKey | | Homepage: | http://www.kapda.ir/ | | File Size: | 1674 | | Last Modified: | Jul 20 05:23:34 2006 |
| MD5 Checksum: | fbd643d6b2a6ea735a16d2e92cc1cae5 |
|
| /// File Name: |
smbd-DoS.txt |
Description:
|
Samba versions 3.0.1 through 3.0.22 suffer from a memory exhaustion vulnerable in smbd that can result in a denial of service.
| | Homepage: | http://www.samba.org/ | | File Size: | 1632 | | Related CVE(s): | CAN-2006-1059 | | Last Modified: | Jul 12 05:03:38 2006 |
| MD5 Checksum: | 0fe61d58e1396ef0752d2060697ff0b1 |
|
| /// File Name: |
perForms-1.0.txt |
Description:
|
perForms versions 1.0 and prior suffer from a remote file inclusion vulnerability.
| | Author: | endeneu | | File Size: | 1584 | | Last Modified: | Jul 13 20:19:57 2006 |
| MD5 Checksum: | cbe9ad20b5e81447b3ce61f3198ef67d |
|
| /// File Name: |
touchControl.txt |
Description:
|
Touch Control is susceptible to a remote file execution vulnerability.
| | Author: | GYU TAE PARK | | File Size: | 1557 | | Last Modified: | Jul 9 07:16:01 2006 |
| MD5 Checksum: | 5cfa86d593dbbb6b14b4b2ca1a5d8f27 |
|
| /// File Name: |
S21SEC-032-en.txt |
Description:
|
S21Sec Advisory S21SEC-032-en - FatWire Content Server 5.5.0: It's possible to obtain administrative privileges in the portal without previous registration or validation.
| | Author: | S21Sec | | Homepage: | http://www.s21sec.com | | File Size: | 1497 | | Last Modified: | Jul 13 15:45:53 2006 |
| MD5 Checksum: | d29dc4f0e6c1337c479982538b663a71 |
|
| /// File Name: |
phpSysInfo-file.txt |
Description:
|
phpSysInfo version 2.5.1 has a remote flaw that allows for an attacker to verify if a file exists on the underlying system.
| | Author: | Micheal Turner | | File Size: | 1477 | | Last Modified: | Jul 9 07:18:38 2006 |
| MD5 Checksum: | 5885aa5ecc3628f74cb57c3b610c999f |
|
| /// File Name: |
matousec-2006-07-15.01.txt |
Description:
|
Kerio uses strange ring3 hooks that communicates the Kerio driver using an interrupt. Windows API CreateRemoteThread is hooked by Kerio in user mode in every process. Calling this API can cause a crash of the Kerio service 'kpf4ss.exe'. Sunbelt Kerio Personal Firewall 4.3.246 is affected.
| | Homepage: | http://www.matousec.com/ | | File Size: | 1403 | | Last Modified: | Jul 19 01:28:08 2006 |
| MD5 Checksum: | 78637302a3914e3fdec6ec53675402df |
|
| /// File Name: |
major_rls21.txt |
Description:
|
phpFaber TopSites versions 2.0.9 and below suffers from a SQL injection vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1392 | | Last Modified: | Jul 24 00:15:18 2006 |
| MD5 Checksum: | df504f94d71fdad07da4f2dd5d3d5ef1 |
|
| /// File Name: |
checkpointTraverse.txt |
Description:
|
Check Point Firewall-1 R55W suffers from a directory traversal flaw via hex encoded strings.
| | Author: | Pete Foster | | Homepage: | http://www.sec-tec.co.uk/ | | File Size: | 1390 | | Last Modified: | Jul 26 03:57:25 2006 |
| MD5 Checksum: | ee09738e3fba7d09f943b948857e31e5 |
|
| /// File Name: |
msworks-bof.txt |
Description:
|
Microsoft Works Spreadsheet (wksss.exe) fails to handle specially crafted files allows for denial of service and buffer overrun conditions. Affected by the denial of service condition are Microsoft Works versions 6.0 through 8.x, 4.x/2000, Works for Windows 3.0, Works for Windows 2.0, Works for DOS, Excel 4.0, and Lotus 1-2-3. Affected by the buffer overrun condition are Excel 97 through 2000 and Excel 5.0/95.
| | Author: | Benjamin Tobias Franz | | Related Exploit: | BTFs_MSWorksSpreadsheet_PoCFiles.zip | | File Size: | 1279 | | Last Modified: | Jul 15 04:42:56 2006 |
| MD5 Checksum: | 1ea40bd669d227f6340617c6b46a22db |
|
| /// File Name: |
major_rls20.txt |
Description:
|
SiteDepth CMS versions 3.01 and below suffer from a remote file inclusion vulnerability.
| | Author: | David "Aesthetico" Vieira-Kurz | | Homepage: | http://www.majorsecurity.de | | File Size: | 1237 | | Last Modified: | Jul 24 00:14:41 2006 |
| MD5 Checksum: | 8a9b1544a737cfb330611d7c9d8310c7 |
|
| /// File Name: |
tpbook100.txt |
Description:
|
TP-Book versions 1.00 and below suffer from cross site scripting vulnerabilities.
| | Author: | Tamriel | | File Size: | 1212 | | Last Modified: | Jul 26 05:05:19 2006 |
| MD5 Checksum: | 22d05bd682276d939f91e2f255c3faac |
|
| /// File Name: |
NDSA20060705.txt |
Description:
|
Nth Dimension Security Advisory (NDSA20060705) - The IPCalc CGI wrapper version 0.40 is vulnerable to Javascript injection within the request URL.
| | Author: | Tim Brown | | Homepage: | http://www.nth-dimension.org.uk/ | | File Size: | 1196 | | Last Modified: | Jul 24 02:50:15 2006 |
| MD5 Checksum: | b16a4f82c57c15e40d16fd8cee94099f |
|
| /// File Name: |
matousec-2006-07-15.02.txt |
Description:
|
Norton insufficiently checks calling standard Windows API functions RegSaveKey, RegRestoreKey and RegDeleteKey. A proper combination of mentioned function calls on registry key 'HKLM\SYSTEM\CurrentControlSet\Services\SNDSrvc' or on key 'HKLM\SYSTEM\CurrentControlSet\Services\SymEvent' causes a system crash due to erroneous implementation of Norton's driver. Norton Personal Firewall 2006 version 9.1.0.33 is affected. Other versions of Norton software may also be affected.
| | Homepage: | http://www.matousec.com/ | | Related Exploit: | BTP00004P002NF.zip | | File Size: | 1169 | | Last Modified: | Jul 19 01:29:35 2006 |
| MD5 Checksum: | fa3101694adf701f8bbc8e1f375d25fb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
