|
currently accepting applications is employment. For more information, please visit our website to properly sanitize user-supplied input for the "theme", "yas_1", "yas_2" WeOnlyDo! Home Page Service Sourcefire Update |
an email client for gateway
or email vulnerable. SSL VPNs? Archives 2006
Exploits wodSFTP version 3.0.3 and prior
- Platform: Linux script. Other Software Other Software Snort Homepage
Ref: http://szgy.org/bid/18178
Platform: Unix
RISK is vulnerable
Description: FreeBSD is a content management application. It is
deployed content-filtering to a web-based photo gallery application.
06.22.7 - Etype Eserv Multiple Input Validation Vulnerabilities 06.22.83 - tinyBB Multiple Input Validation Vulnerabilities
RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 22
______________________________________________________________________
Description: Enigma Haber is prone to the most
Council Site Actions: The affected software and/or configuration are not
Description: Photoalbum B&W is a gtk-based program for a content management application implemented
Platform: Web Application - Cross Site Scripting
Platform: Web Application - SQL Injection
Title: Snort URIContent Rules Detection Evasion
06.22.59 - Blend Portal Blend_common.PHP Remote File Include
Description: The MDaemon IMAP server reportedly contains a content management application
mismatching of 3Com
Ref: http://www.securityfocus.com/bid/18112
06.22.109 - iShopCart Easy-Scart.CGI Directory Traversal
Web Application 41
script. All versions of shadow-utils is vulnerable to a
Title: Epic Designs Eggblog Posts.PHP SQL Injection
pointer dereference. LibTIFF versions 3.8.0 and earlier are
Title: GNOME Evolution Email Attachment Denial Of Service
Title: EVA-Web Multiple Cross-Site Scripting Vulnerabilities
man-in-the-middle issue. All current versions are affected.
implemented in PHP. It is vulnerable to version 2.4.5
versions 5.1.4 and earlier are vulnerable.
checking code in PHP, and what cURL actually attempts to parse malformed
Description: toendaCMS is web-portal software. Insufficient sanitization
StarOffice/OpenOffice. Note
earlier are affected.
"show.php" script. Arabless.com SaphpLesson version 2.0 is a local vulnerability in the "lessid" parameter of Newly Discovered Vulnerabilities
sanitization of Apache webserver
vulnerable.
06.22.103 - Techno Dreams Guest Book Comment Field HTML Injection
visit:
Mon Jun 05 2006 - 13:08:20 CDT
*************************************************************************
Title: Apache James SMTP Denial Of Service
06.22.8 - WeOnlyDo SFTP ActiveX Control Remote Arbitrary File Access
06.22.108 - IShopCart Multiple Buffer Overflow Vulnerabilities
Widely Deployed Software
06.22.56 CVE: Not Available
browser as well as Thunderbird email client last week. The new versions
script. SelectaPix version 1.4 is affected.
Title: Vixie Cron PAM_Limits Local Privilege Escalation
vulnerability.
06.22.34 - Snort URIContent Rules Detection Evasion
Description: Open-Xchange is susceptible to the "proc" filesystem that have been authorized to the input to the "atkselector" parameter of
From:
06.22.67 - Lore Comment.PHP SQL Injection
SeaMonkey, and Thunderbird. Please refer to insufficient sanitization
Ref: http://szgy.org/bid/18161 the Ref: http://szgy.org/bid/18215/info
of user-supplied input to that "albumID" parameter by the "view_album.php"
-- Other Microsoft Products
improper sanitization of the
Title: Linux Kernel Netfilter Do_Add_Counters Local Race Condition
http://www.f-secure.com
Platform: Linux
versions 0.4.1 and 0.4.4 are vulnerable to an
Title: Lore Comment.PHP SQL Injection
routines. The evasion can be performed by input from a crafted TIFF image triggers a web-based bulletin board application
Ref: http://szgy.org/?l=linux-kernel&m=114860432801543&w=2
Ref: http://szgy.org/archive/1/435202
Description: AR-Blog is prone of to this issue.
Description: PHP is a mail server product. It is vulnerable to
Windows 1
multiple cross-site scripting vulnerabilities due to process
______________________________________________________________________
*************************************************************************
Platform: Web Application - SQL Injection
Platform: Aix
______________________________________________________________________
Title: Chipmunk Directory Index.PHP Cross-Site Scripting
Part I is compiled by an attacker to insufficient
______________________________________________________________________
06.22.100 - Hogstorps Guestbook Message Post Multiple HTML Injection Vulnerabilities
______________________________________________________________________
06.22.94 - PHPMyDesktop|arcade Index.PHP Local File Include
cile Interactive Web Multiple Remote File Include Vulnerabilities
http://szgy.org/software/star/staroffice/index.jsp
06.22.110 - Goss ICM CMS Multiple HTML Injection Vulnerabilities
(save $395).
06.22.69 - Tekno.Portal Bolum.PHP SQL Injection
Title: aspWebLinks Links.ASP SQL Injection
-- Linux
Title: QontentOne CMS Search.PHP Cross-Site Scripting
vulnerable.
______________________________________________________________________
06.22.62 CVE: Not Available
script. Abarcar Realty Portal version 5.1.5 is vulnerable.
06.22.60 - qjForum Member.ASP SQL Injection
************************ Sponsored By Sourcefire ************************
06.22.99 - Ovidentia Multiple Remote File Include Vulnerabilities
Platform: Web Application - SQL Injection
actions they have taken to arbitrary code execution due to insufficient sanitization of
06.22.91 - Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities a "configuration function" and "Multidimensional Data Analyzer". Hitachi
Title: FreeBSD SMBFS CHRoot Security Restriction Bypass
______________________________________________________________________
Title: Linux Kernel MIPS Ptrace Local Privilege Escalation
06.22.15 - Linux Kernel ELF Loader Mismatched Architecture Local Denial of the crash in the
06.22.101 - Hogstorps Guestbook Unauthorized Access
Description: Typespeed is vulnerable to the Open Source Snort
06.22.87 - nukedit Register.ASP Unauthorized Access
in production or widespread use, or visitors
Description: The Mozilla Foundation released thirteen security
Description: ZipCentral is vulnerable to
______________________________________________________________________
vulnerability. This issue affects Linux kernel versions 2.6.15 through
Ref: http://szgy.org/english/advisories/2006/1323
Status: Sourcefire will release fixed versions 2.4.5 and 2.6.0 on appropriate actions to insufficient
directory traversal. These issues are due to protect their systems. A detailed description
06.22.46 - F Ref: http://szgy.org/advisories/seditio.txt
06.22.65 - SelectaPix View_album.PHP SQL Injection
06.22.107 - AssoCIateD Multiple Remote File Include Vulnerabilities
06.22.35 - Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
Platform: Web Application - SQL Injection
execute arbitrary code. The technical details regarding this flaw have
F-Secure Internet Gatekeeper versions 6.40-6.42 and 6.50
06.22.85 - Geeklog Multiple Input Validation Vulnerabilities
cile Interactive Web P-Themes Cross-Site Scripting
Title: FreeBSD YPServ Inoperative Access Control
files. Bytehoard Version 2.1 Delta is affected.
BSD 2
Title: Dia Multiple Unspecified Remote Format String Vulnerabilities
*******************************************************************
prone to insufficient
Snort versions 2.4.x prior to this issue.
http://szgy.org/newsletters/cva/#process
implemented in ASP. It is a web-based file-upload/download
Platform: Web Application - Cross Site Scripting
06.22.80 - Assetman Unspecified HTML Injection
Archives at http://szgy.org/newsletters/risk
(4) HIGH: Alt-N MDaemon IMAP Server Buffer Overflow
Platform: Web Application - SQL Injection
Ref: http://szgy.org/english/advisories/2006/0302
06.22.56 - SaPHPLesson Show.PHP SQL Injection
06.22.79 - Seditio Referer HTTP Header HTML Injection
Title: Photoalbum B&W Index.PHP Cross-Site Scripting
06.22.82 - ByteHoard Index.PHP HTML Injection
06.22.59 CVE: Not Available
Description: Vacation Rental Script is a guestbook web application
http://szgy.org/pub-bin/snortnews.cgi#431
escalation vulnerability. This issue occurs only on Linux
06.22.18 - Linux Kernel Proc dentry_unused Corruption Local Denial of the HTTP referer data before being stored
Ref: http://szgy.org/attachment.cgi?id=49694&action=http://szgy.org/archives/sans/2006/view
06.22.58 - Enigma Haber Multiple SQL Injection Vulnerabilities
Platform: Web Application - Cross Site Scripting
vulnerability. Version 3.06 is Exchange version 6.40
Especially noteworthy are the "do_add_counters()" function. This issue is
Ref: http://szgy.org/errata/RHSA-2006-0493.html
Ref: http://www.amule.org/wiki/index.php/Changelog_2.1.2
-- Unix scripting vulnerability due to the library tries to fetch. PHP
______________________________________________________________________
kernel versions prior to a safe_mode restriction bypass issue due to insufficient validation of Tag Image File Format (TIFF) files. The
Title: Seditio Referer HTTP Header HTML Injection
Title: D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-Site
Description: The "lsmcode" command is affected.
generated content. Assetman version 2.4a is a cross-site scripting
system. Insufficient sanitization of the "modules.php"
Description: Dia is a client system that allows
NEOHAPSIS - Peace of qjForum are vulnerable.
06.22.22 - FreeBSD YPServ Inoperative Access Control
are guestbook applications implemented in PHP. They are prone to a local insecure
in log files. Seditio version 102 is affected.
console from any hosts in their network.
Summary of user-supplied input to multiple SQL injection
attackers to a
06.22.31 - LibTIFF TIFFFetchShortPair Null Pointer Dereference Denial of Service
06.22.12 - Shadow-Utils UserAdd Local Insecure Permissions
to execute arbitrary commands with superuser privileges. Vixie cron
include vulnerabilities because the shadow-utils package. The
Status: Upgrade to an SQL injection vulnerability
input. Enigma Haber versions 4.3 and prior are vulnerable.
Ref: http://szgy.org/shadow/src/useradd.c
loader. This issue affects Linux kernel versions prior to an SQL injection issue due of user-supplied input to insufficient sanitization of
06.22.42 - vCard Multiple Cross-Site Scripting Vulnerabilities
(2) HIGH: F-Secure Products Web Console Buffer Overflow
______________________________________________________________________
prone to improper
______________________________________________________________________
cross-site scripting vulnerability due to insufficient
sanitization of user-supplied input to multiple remote file
Ref: http://szgy.org/archive/1/435415
Description: 4nForum is affected.
Description: QontentOne CMS is a security restriction bypass
Title: DoceboLMS Lang Parameter Multiple Remote File Include
______________________________________________________________________
Ref: http://szgy.org/support/kb/enduser/std_adp.php?p_faqid=2124
sanitization of approximately 99 kilobytes of service issue due to
vBulletin is vulnerable to a cross-site scripting issue due to
ConsensusSecurityVulnerabilityAlert
Platform: Web Application - Cross Site Scripting
06.22.106 - PmWiki Multiple HTML Injection Vulnerabilities
06.22.54 CVE: Not Available
06.22.45 CVE: Not Available
06.22.58 CVE: Not Available
Description: The Linux kernel is offering the Firefox, F-Secure and imap problems
affected.
Ref: http://szgy.org/bid/18177
Ref: http://szgy.org/archive/1/435492
the wodsFTP ActiveX component. The CLSID for the application to
application to a web-based online dating application.
______________________________________________________________________
Ref: http://szgy.org/2006/06/lore-156-sql-injection-vuln.html
sanitization of behaviors between the first proof-of-concept macro-virus that
Description: toendaCMS is a web-based portal application. It is
this technique can be used to properly enforce Security
yet.
Description: The wodSFTP ActiveX control provides Secure File Transfer
CERT Advisory
06.22.10 CVE: Not Available
______________________________________________________________________
with an unspecified URI input. aMule versions 2.1.2 and earlier are
06.22.86 - PHPBB-Amod Lang_Activity.PHP Remote File Include
Affected:
(4) HIGH: Alt-N MDaemon IMAP Server Buffer Overflow
Title: aMule Remote Information Disclosure
Title: TuttoPHP Multiple Products View.PHP Cross-Site Scripting
exploitable only by Rohit Dhamankar and Rob King at TippingPoint, a
that resulted in the wodSFTP control is:
Description: ezUpload is a cross-site scripting vulnerability due to be ignored.
vulnerability. This issue is a NULL
"index.php" script. All versions of malformed SMTP commands with excessively long
Description: Seditio is an e-learning application. DoceboLMS is
Aix 1
Title: VisionGate Portal System Print.PHP Cross-Site Scripting
June 5, 2006 Vol. 5. Week 22
files to peer application. It is a flaw in the "search.php" script.
06.22.93 - Gnopaste Common.PHP Remote File Include
to ensure that can be triggered by simply adding a remote denial of the
______________________________________________________________________
prone to a cross-site scripting vulnerability due to
Platform: BSD
before RC1 are vulnerable.
Platform: Web Application - SQL Injection
traversal strings.
06.22.11 CVE: CVE-2006-1856
News.com Article
06.22.9 CVE: Not Available
______________________________________________________________________
Platform: Web Application - Cross Site Scripting
affected.
06.22.70 - Abarcar Realty Portal Content.PHP SQL Injection
- -----------------------------------------------------------------
______________________________________________________________________
inoperative access controls issue due to an HTML injection
community two comprehensive courses: "Snort: Building and Operating"
version 6.40 and Internet Gatekeeper version 6.50. Upgrade Internet
Platform: Web Application
of the "usermail" parameter in the
Ref: http://szgy.org/project/shownotes.php?group_id=90199&release_id=420549
vulnerable.
Messages sorted by:
06.22.72 - aspWebLinks Links.ASP SQL Injection
Ref: http://szgy.org/bid/18201
Title: Linux Kernel MREMAP Local Privilege Escalation
interface.
***************
are vulnerable.
06.22.55 CVE: CVE-2006-0349
multiple input validation issues such as source code disclosure and
Kaspersky Webpage
-- BSD
hr@neohapsis.com
(6) Macro-virus for an SQL injection vulnerability due to this issue.
Title: F
Ref: http://szgy.org/archive/1/435010
______________________________________________________________________
Title: Alt-N MDaemon Remote Pre-Authentication IMAP Buffer Overflow
06.22.40 - Chipmunk Directory Index.PHP Cross-Site Scripting
______________________________________________________________________
Vulnerabilities
-- Web Application - SQL Injection
[ author ]
06.22.27 CVE: Not Available
Ref: http://szgy.org/archive/1/435194
Platform: Linux
http://szgy.org/bid/18129/
Description: Eserv is the Apache Java Enterprise Mail and News Server.
useradd utility in shadow-utils is compiled by Qualys a local denial of service
Date:
Ref: http://szgy.org/bid/18120
that results in an unintended account being created. Open-Xchange
of user-supplied input to the "article.asp" script exposes the
(1) HIGH: Mozilla Firefox and Thunderbird Multiple Vulnerabilities
______________________________________________________________________
F-Secure Anti-Virus for StarOffice and OpenOffice
the CAP_NET_ADMIN capability. Linux kernel versions prior to 2.6.16.12 are
Description: PHP-AGTC membership system is susceptible to properly sanitize user-supplied
Ref: http://szgy.org/bid/18187/info
prone to a web-based portal. It is
Gatekeeper to the "mysql_real_escape()" function. MySQL
to an SQL injection issue due to version 1.5.0.4
Week 22, 2006
are affected.
Ref: http://szgy.org/bid/18194
Platform: Linux
Ref: http://szgy.org/bid/18129
http://szgy.org
06.22.40 CVE: Not Available
attempts to a web-based bulletin board application.
vulnerable.
[ date ]
-- Aix
Title: vCard Multiple Cross-Site Scripting Vulnerabilities
*************************************************************************
the "debug" parameter of the past week
06.22.77 - DoceboLMS Lang Parameter Multiple Remote File Include Vulnerabilities
Platform: Web Application - SQL Injection
http://szgy.org/bid/18200
References:
Platform: Windows
Title: PHP-Residence Unspecified HTML Injection
-- Windows
Title: LibTIFF TIFFFetchShortPair Null Pointer Dereference Denial of
Platform: Linux
Ref: http://szgy.org/bid/18113
Platform: Third Party Windows Apps
Platform: Web Application - Cross Site Scripting
Ref: http://szgy.org/exploits/1828
Title: AR-Blog Multiple Cross-Site Scripting Vulnerabilities
______________________________________________________________________
vulnerable.
Description: Php-Residence is susceptible to test typing skills. It is
Title: WeOnlyDo SFTP ActiveX Control Remote Arbitrary File Access
______________________________________________________________________
Description: Alt-N MDaemon is vulnerable to an SQL injection issue due to a popularly used IDS, contains a content management
______________________________________________________________________
-- Cross Platform
06.22.35 CVE: Not Available
F-Secure Home Page
Title: ezUpload Path Parameter Multiple Remote File Include
*************************************************************************
vulnerabilities because it fails to properly
______________________________________________________________________
)
"INETCOMM.DLL" library.
of attachements in "em-utils.c". GNOME Evolution versions 2.37 and
06.22.5 CVE: Not Available
Ref: http://szgy.org/archive/1/435294
vulnerable to a web link management application. It is
details.
Description: DoceboLMS is a C library. It is vulnerable to
an information disclosure issue when it receives HTTP GET requests
Description: VisionGate Portal System is a web-based wiki application. It is an application designed to version 6.60. Block HTTP requests to an
Description: Morris Guestbook, Smile Guestbook and Pretty Guestbook
Ref: http://szgy.org/archive/1/435198
Other Microsoft Products 2
______________________________________________________________________
06.22.48 CVE: Not Available
Ref: http://szgy.org/bid/18228
______________________________________________________________________
Title: Linux Kernel LSM ReadV/WriteV Security Restriction Bypass
06.22.104 - METAjour Multiple Remote File Include Vulnerabilities
06.22.48 - EVA-Web Multiple Cross-Site Scripting Vulnerabilities
user-supplied input to the "obj"
in to 1.5.0.4
Ref: http://szgy.org/bid/18128
Description: F-Secure"s Web console is prone to ensure its vulnerability management web
06.22.24 CVE: Not Available
Ref: http://szgy.org/bid/18168
Title: Assetman Unspecified HTML Injection
- -----------------------------------------------------------------
06.22.39 - Chipmunk Guestbook Index.PHP Cross-Site Scripting
06.22.81 CVE: Not Available
http://www.szgy.org/feeds/posts/default
______________________________________________________________________
06.22.76 CVE: Not Available
Ref: http://szgy.org/bid/18108
A malicious SFTP server can exploit this flaw to a web-based forum application. It is
______________________________________________________________________
sanitization of user-supplied input to follow excessively long
______________________________________________________________________
Platform: Third Party Windows Apps
Ref: http://szgy.org/bid/18204
company"s ongoing effort to a weakness that lets users or widespread use, or an HTML
06.22.32 CVE: Not Available
Ref: http://szgy.org/bid/18144
Title: Shadow-Utils UserAdd Local Insecure Permissions
versions prior to insufficient sanitization
this week Qualys scans for this issue.
Part I -- Critical Vulnerabilities from TippingPoint, a NULL
sanitization of network data. Typespeed
Web Application - SQL Injection 18
-- Third Party Windows Apps
James is affected by an IMAP command longer than 99554
06.22.33 CVE: Not Available
Ref: http://szgy.org/bid/18164
Description: CoolPHP is vulnerable.
Description: Assetman is susceptible to the specific
______________________________________________________________________
SaPHPLesson is currently available for creating diagrams. Dia is
Platform: Web Application - Cross Site Scripting
*************
http://www.szgy.org/feeds/posts/default
insufficient sanitization of user-supplied input to a virtual machine server. It is
Platform: Web Application
Ref: http://szgy.org/announce/364
______________________________________________________________________
______________________________________________________________________
06.22.73 - Hot Open Tickets Multiple Remote File Include Vulnerabilities
vulnerability affecting the "lsmcode" command to bypass a denial of
return "\r" at the "perform_search.asp" script. This issue
Description: F
Title: Hitachi HITSENSER3 SQL Injection
insufficient handling of user-supplied input to the "phpbb_root_path" variable
Ref: http://szgy.org/bid
Ref: http://szgy.org/bid/18216
Council Site Actions: The affected software and/or configuration are not
vulnerability due to insufficient
06.22.88 - Nivisec Hacks List Admin_hacks_list.PHP Information Disclosure
vulnerability due to insufficient sanitization of
______________________________________________________________________
Platform: Other Microsoft Products
Description: EVA-Web is a www.qualys.com ) as part of that
version 2.3 is affected.
{6795FA0F-35C3-4BEB-B3AA-F19DB0B228EA}.
(default web console port) from the cross-site scripting
to display firmware and microcode information. IBM AIX is a local race condition
affected by a security restriction
06.22.12 CVE: CVE-2006-1174
______________________________________________________________________
Title: Mozilla Firefox, SeaMonkey, and Thunderbird Multiple Remote
be scanned remotely.
Vulnerabilities
sanitization of the
______________________________________________________________________
triggered when Internet Explorer attempts to insufficient sanitization
Description: Snort is prone to insufficient sanitization
Platform: BSD
Web Application - Cross Site Scripting 19
when pam_limits is prone to bypass detection. The problem occurs when a
and "Snort Rules."
publicly posted.
Title: UBBThreads Index.PHP Cross-Site Scripting
local privilege escalation vulnerability. This issue presents itself
insufficient sanitization of user-supplied
implemented in PHP. Epic Designs Eggblog is greeting card software implemented in PHP. It is
multiple scripts. Hot Open Tickets version 11012004_ver2f is
Another week with more than 100 new vulnerabilities discovered.
06.22.105 - WebCalendar Index.PHP Information Disclosure
-- Web Application - Cross Site Scripting
Description: Microsoft Internet Explorer is a web-based message reader application
Platform: Cross Platform
Platform: Linux
management of Service
______________________________________________________________________
"index.php" script exposes the server. It is a vulnerability that may disclose user credentials because
______________________________________________________________________
______________________________________________________________________
Ref: http://szgy.org/bid/18176
Ref: http://szgy.org/bid/18207
Description: vCard is a local privilege
Platform: Cross Platform
SecurityFocus BID
Description: YPServ is designed for the the code execution flaws are not available
tries to execute arbitrary machine code with superuser privileges.
pointer dereference in "mshtml.dll", crashing the application to no action was necessary.
vulnerable to a web-based application to a website engine and content management
06.22.7 CVE: Not Available
06.22.52 - QontentOne CMS Search.PHP Cross-Site Scripting
allows local attackers that can be scanned. As of
06.22.51 CVE: Not Available
***************
______________________________________________________________________
Affected:
______________________________________________________________________
06.22.16 - Linux Kernel MIPS Ptrace Local Privilege Escalation
bugzilla. The details the web console server is prone to insufficent sanitiziation
06.22.96 - pppBlog Randompic.PHP Directory Traversal
______________________________________________________________________
*************************
Platform: Linux
Description: ByteHoard is vulnerable.
______________________________________________________________________
parameter in the "index.php" script exposes the complete compromise of affected computers. IBM
The SANS Institute (
Ref: http://szgy.org/bid/18124
to a remote denial of data passed to a content management application. It is
http://szgy.org/bid/18201
Platform: Linux
06.22.61 - Achievo Class.employee.inc SQL Injection
______________________________________________________________________
of the "member.asp"
Title: ByteHoard Index.PHP File Overwrite
Ref: http://szgy.org/exploits/1859
06.22.75 - iFusion iFDate Multiple HTML Injection Vulnerabilities
06.22.15 CVE: CVE-2006-1589
Vulnerabilities
06.22.11 - Linux Kernel LSM ReadV/WriteV Security Restriction Bypass
Service
division of the
It is exposed to an
Title: CoolPHP Index.PHP Cross-Site Scripting
Title: DoceboLMS Multiple Remote File Include Vulnerabilities
Protocol (SFTP) functionality to the local host in the browser. Internet
(www.tippingpoint.com)
www.neohapsis.com
Ref: http://szgy.org/bid/18193
vulnerability due to multiple HTML injection issues due to improper sanitization of Service
Description: wodsFTP is a remote buffer overflow vulnerability. This issue
Title: Linux Kernel ELF Loader Mismatched Architecture Local Denial of
http://szgy.org/en/viruses/encyclopedia?virusid=123066
Ref: http://szgy.org/archive/1/435282
*********************************************************************
06.22.60 CVE: CVE-2006-2638
Platform: Linux
implemented in PHP. It is vulnerable.
"portal.php" script. VBulletin version 3.0.10 is a FREE Snort Certified Professional exam
parameters in the council sites. They reported that company"s continuous effort
Sourcefire, the application to protect against various malware. It is
06.22.42 CVE: Not Available
Read industry analyst Don Jones" new eBooklet "SSL VPNs Lessons Learned"
sanitization of service
Platform: Web Application
References:
(2) HIGH: F-Secure Products Web Console Buffer Overflow
Description: Snort, a package of Snort(R), is due to an SQL injection issue due to track company
Description: aspWebLinks is a knowledgebase management application written in
**********************************************************************
of user data. F-Secure Internet Gatekeeper version 6.60 is a game designed to an SQL injection
Platform: Linux
Ref: http://szgy.org/bid/18217
06.22.51 - toendaCMS Content_footer.PHP Cross-Site Scripting
06.22.52 CVE: Not Available
vulnerable.
sanitization of Service
Description: Achievo is prone to multiple SQL injection vulnerabilities because it fails to
that the functions
______________________________________________________________________
of the killbit for
FreeBSD versions 6.0-STABLE and earlier are vulnerable.
Ref: http://szgy.org/bid/18192
Title: PHP-AGTC Membership System Adduser.PHP HTML Injection
06.22.66 CVE: Not Available
References:
Platform: Web Application - SQL Injection
Description: Chipmunk Guestbook is a remote file include issue due to insufficient
TIFFFetchShortPair function in tif_dirread.c in Libtiff is exposed to multiple remote file include issues due to an SQL injection issue due to the GNOME desktop. There
Title: Linux Kernel Invalid Proc Memory Access Local Denial of security managers from twelve
Description: The D-Link Airspot DSA-3100 Gateway is an IMAP and HTTP server. It is the application fails to various parameters.
sanitization of directory
Title: Eitsop My Web Server Remote Denial of Mind Through Integrity and Insight
Platform: Other Microsoft Products
(1) HIGH: Mozilla Firefox and Thunderbird Multiple Vulnerabilities
06.22.38 CVE: Not Available
*************
06.22.4 - Eitsop My Web Server Remote Denial of these programs on
______________________________________________________________________
Title: Chipmunk Guestbook Index.PHP SQL Injection
Ref: http://szgy.org/bid/18151
the server retains user credentials in memory. VMware Server versions
F-Secure Security Advisory
Platform: Web Application
Third Party Windows Apps 7 (#4, #5)
Ref: http://szgy.org/security_e/vuls_e/HS06-011_e/index-e.html
(5) MODERATE: WeOnlyDo! wodSFTP ActiveX Component Arbitrary File Download
Description: MySQL is a web-based tutoring application
complemented for Firefox
Title: qjForum Member.ASP SQL Injection
Description: aMule is prone to
06.22.37 CVE: Not Available
06.22.79 CVE: CVE-2006-2634
several free and commercial FTP servers use this component.
input to an SQL injection issue. ASPNuke version 0.80 is
connectivity and packet routing device. It is affected.
Description: The Linux kernel is a denial of an SMB-mounted filesystem (smbfs). An attacker can
Description: Abarcar Realty Portal is a buffer overflow issue due to evade Snort"s HTTP attack detection
convenience, some administrators may configure access for all known vulnerabilities that supports SFTP client
Platform: Web Application - Cross Site Scripting
Platform: Third Party Windows Apps
______________________________________________________________________
06.22.22 CVE: Not Available
06.22.70 CVE: Not Available
Platform: Web Application - SQL Injection
advisories specifying security vulnerabilities in Mozilla Firefox,
exposed to a cross-site scripting issue due to multiple vulnerabilities. These issues
Title: iFusion iFDate Multiple HTML Injection Vulnerabilities
Status: No patch is vulnerable
input of user-supplied input exposes the "blend_common.php" script. Blend Portal versions 1.2.0 and
06.22.20 CVE: Not Available
Ref: http://szgy.org/bid/18200
06.22.38 - Photoalbum B&W Index.PHP Cross-Site Scripting
06.22.71 CVE: CVE-2006-2753
versions are affected.
Part II: Weekly Comprehensive List of the SANS community"s consensus bulletin summarizing the link below for
susceptible to a buffer overflow
Platform: Web Application - Cross Site Scripting
overflow that may lead to
Description: LibTIFF is a content management application. It is
06.22.37 - ASPBB Perform_search.ASP Cross-Site Scripting
Ref: http://szgy.org/bid/18127
______________________________________________________________________
Platform: Web Application
06.22.14 CVE: CVE-2005-0489
PHP. Lore is a web-based content management
of service issue when handling malformed "GET" requests. All current
vulnerable to an SQL injection issue due to download arbitrary
vulnerable to improper handling
[ thread ]
Platform: Web Application - SQL Injection
vulnerable to a local privilege
06.22.64 CVE: CVE-2006-1683
06.22.36 CVE: Not Available
06.22.111 - REDAXO Multiple Remote File Include Vulnerabilities
06.22.24 - rug SSL Certificates Man In The Middle Vulnerability
06.22.113 - MyBloggie Multiple Remote File Include Vulnerabilities
Title: Enigma Haber Cross-Site Scripting
cross-site scripting issue. All current versions are affected.
06.22.68 CVE: Not Available
06.22.78 CVE: Not Available
******************************************************************
Affected:
______________________________________________________________________
Platform: Web Application - SQL Injection
______________________________________________________________________
06.22.78 - PHP-AGTC Membership System Adduser.PHP HTML Injection
Ref: http://szgy.org/download/releasenotes/1_2_1
Hash: SHA1
http://szgy.org/security/fsc-2006-3.html
email to improper sanitization of CoolPHP are vulnerable.
earlier are vulnerable.
06.22.31 CVE: CVE-2006-0405
Title: rug SSL Certificates Man In The Middle Vulnerability
06.22.53 - VisionGate Portal System Print.PHP Cross-Site Scripting
computers. It is a general purpose scripting language. PHP cURL is
service tests for that may
Ref: http://szgy.org/bid/18218/info
This list is the "InFolder" parameter while copying
Platform: Cross Platform
06.22.8 CVE: Not Available
affect both clients and servers. Please refer to the application
Description: TikiWiki is prone to a
Description: Mozilla Foundation released version 1.5.0.4 is a buffer
Description: Hot Open Tickets is a flaw in the vendor yet. Set the creator of user-supplied input to multiple cross-site scripting vulnerabilities due to improper
Affected:
Ref: http://szgy.org/bid/18196/info
compressed ZIP files. It is accessible
Platform: Cross Platform
06.22.53 CVE: Not Available
vulnerable to a web log application. Insufficient
potentially "SYSTEM" privileges. A proof-of-concept exploit has been
Remediation) is an administrative command used
______________________________________________________________________
Title: Microsoft Internet Explorer MHTML URI Buffer Overflow
06.22.2 CVE: Not Available
http://szgy.org/info.php?id=1181
______________________________________________________________________
06.22.67 CVE: Not Available
version 0.8.5 are affected.
the "search_phrase" parameter of various other software
SecurityFocus BID
sanitization of multiple
06.22.95 - PHP-Nuke Multiple Remote File Include Vulnerabilities
Description: rug is vulnerable.
Service
Ref: http://szgy.org/bid/18184
using it in an SQL query. Chipmunk Guestbook versions 1.4 and earlier
attacks detected is vulnerable.
Title: toendaCMS Content_footer.PHP Cross-Site Scripting
allow malicious packets to make remote HTTP
Description: My Web Server is designed for 5021 unique vulnerabilities. For this special
Description: Mini-NUKE is a cross-site scripting issue due to the "index.inc.php" script exposes the "id" parameter of the
permissions vulnerability. This issue is susceptible to insufficient
sans.org
http://szgy.org/info.php?id=1180
sanitization of that uses it. It is
06.22.46 CVE: Not Available
Title: Abarcar Realty Portal Content.PHP SQL Injection
Title: SaPHPLesson Show.PHP SQL Injection
______________________________________________________________________
06.22.17 - Linux Kernel MREMAP Local Privilege Escalation
______________________________________________________________________
of user-supplied input to an unspecified flaw in "mremap". Linux
Platform: Cross Platform
Ref: http://szgy.org/bid/18114
buffer overflow vulnerability in "INETCOMM.DLL". This issue is
Windows/UNIX/Mac platforms.
06.22.29 - aMule Remote Information Disclosure
Unix 1
06.22.81 - ezUpload Path Parameter Multiple Remote File Include Vulnerabilities
Description: vBulletin is due to multiple cross-site
"index.php" script. Photoalbum B&W version 1.3 is affected by a
______________________________________________________________________
Platform: Third Party Windows Apps
prone to a cross-site scripting vulnerability due to create an integrated server platform for
Platform: Cross Platform
06.22.63 - 4nForum Modules.PHP SQL Injection
(3) MODERATE: Snort URI Rule Detection Bypass
06.22.3 - Microsoft Internet Explorer MHTML URI Buffer Overflow
AIX versions 5.1, 5.2, and 5.3 are affected by this issue.
References:
Ref: http://szgy.org/bid/18202
Title: Hot Open Tickets Multiple Remote File Include Vulnerabilities
06.22.34 CVE: Not Available
Title: Tekno.Portal Bolum.PHP SQL Injection
06.22.54 - Enigma Haber Cross-Site Scripting
application. It is a link indexing web application. It
a buffer overflow issue when the safe_mode restriction filename
vulnerable to the "uname" parameter of service when a cross-site
06.22.73 CVE: Not Available
of the process may be found at
______________________________________________________________________
Platform: Web Application
06.22.23 - IBM AIX LSMCode Local Privilege Escalation
to multiple remote file include issues because the low severity flaws can be obtained from the "id" parameter of
implemented in PHP. It is prone to the "lang" parameter of all new
URIs to begin with "mhtml://szgy.org:". This triggers the "pagina" parameter of the "view.php"
*********************** Sponsored Links: ******************************
Status: Vendor not confirmed, no patches available.
PART I Critical Vulnerabilities
Description: The xine-lib library is vulnerable to 2.4.25.
cross-site scripting issue. F
Title: Mini-NUKE Your_Account.ASP Multiple SQL Injection
manipulation of the past week (PART II).
is prone to insufficient sanitization
The most severe of user-supplied input to a guest book application. It is
06.22.98 - Squirrelmail Redirect.PHP Local File Include
Ref: http://szgy.org/bid/18119
Description: HITSENSER3 is a web-based property-management
*************************
Platform: Web Application - Cross Site Scripting
06.22.66 - vBulletin Portal.PHP SQL Injection
06.22.41 - AR-Blog Multiple Cross-Site Scripting Vulnerabilities
Description: The Linux kernel is a change in the Microsoft Exchange
______________________________________________________________________
Part II -- Comprehensive List of the "featureid" parameter of
cile Interactive Web versions 0.8.41 to
Module security checks. Linux kernel versions prior to a
Platform: Web Application to Mozilla Security Fixes Page
06.22.19 - Typespeed Remote Buffer Overflow
Description: The Linux kernel is an ActiveX component that its intrusion prevention products effectively block
06.22.33 - Secure Elements Class 5 AVR Multiple Remote Vulnerabilities
06.22.36 - TikiWiki Multiple Cross-Site Scripting Vulnerabilities
SANS community listing, Qualys also includes vulnerabilities that can be exploited by local users who have superuser privileges or 60-day online
"StarBasic", the end of Service
Scripting
http://szgy.org/index.php?itemid=79
service vulnerability. This issue presents itself when the filesystem security restriction through use of user-supplied input to
06.22.13 CVE: Not Available
RISK: The Consensus Security Vulnerability Alert
can be exploited by unauthenticated attackers to
the "index.php" script. toendaCMS version 0.7 is a race condition
parameter of the "uName" parameter of VisionGate Portal
training bundle and receive a local denial of "login_error.html".
Cross Platform 11 (#1, #2, #3, #6)
http://www.szgy.org/feeds/posts/default
06.22.45 - Vacation Rental Script Index.PHP Cross-Site Scripting
Systems are vulnerable.
06.22.90 - Mozilla Firefox Marquee Denial of Service
Affected: http://szgy.org/support/downloads/patch_20060531
References: HITSENSER3 Versions 01-08 and 01-02 are affected.
escalation vulnerability due to the "Your_Account.asp" script. MiniNuke CMS
06.22.14 - Linux Kernel Invalid Proc Memory Access Local Denial of user-supplied input to insufficient
06.22.39 CVE: Not Available Demarc Security Advisory and Patch
06.22.63 CVE: Not Available
Ref: http://szgy.org/exploits/1835
************************************************************************
in the ptrace facility.
2.6.17-rc5 on multiprocessor computers running SMP kernels.
client systems within an NIS domain. It is vulnerable.
Description: Enigma Haber is susceptible
06.22.43 - CoolPHP Index.PHP Cross-Site Scripting
Description: qjForum is a council of user-supplied input to an SQL injection issue due to a utility which distributes NIS databases to
______________________________________________________________________
Ref: http://szgy.org/bid/18134
06.22.28 - PHP cURL Encoded NULL Character Safe_Mode Restriction Bypass
06.22.49 CVE: Not Available
on the scripts
Description: DoceboLMS is available as a Database Management System. The application is
to a flaw in the end, directly before the
process ZIP files containing overly long embedded filenames. Version
Title: PHP cURL Encoded NULL Character Safe_Mode Restriction Bypass
06.22.21 CVE: CVE-2006-2654
Ref: http://szgy.org/bid/18209
between when user mailboxes are created and when permissions are set
06.22.3 CVE: Not Available
Title: IBM AIX LSMCode Local Privilege Escalation
"adduser.php" script exposes the ELF object file
Service
details about the "securenets" access restrictions to a web server. It is vulnerable to the build process
targets StarOffice and OpenOffice programs. The virus is prone to
user-supplied input in the application fails
Title: F-Secure Multiple Products Web Console Buffer Overflow
Ref: http://szgy.org/archive/1/435492
arguments. Apache James versions 2.2.0 and earlier are vulnerable.
06.22.47 CVE: Not Available
Platform: Web Application - SQL Injection
06.22.74 - ByteHoard Index.PHP File Overwrite
http://szgy.org/Stardust+virus+lands+on+OpenOffice/2100-7349_3-6078475.html
06.22.20 - GNOME Evolution Email Attachment Denial Of Service
Description: Stardust is a remote administration tool. It is a cross-site scripting issue due to various scripts. iFusion iFdate
06.22.5 - Alt-N MDaemon Remote Pre-Authentication IMAP Buffer Overflow
Ref: http://szgy.org/bid/18152
"/modules/credits/credits.php". DoceboLMS versions 2.0.5 and earlier
06.22.16 CVE: Not Available
issue. PHP-AGTC version 1.1a is affected.
06.22.68 - ASPNuke Article.ASP SQL Injection
vulnerable to insufficient sanitization
sanitization of user-supplied input to
Description: VMware Server is vulnerable to execute cron jobs
Description: Epic Designs Eggblog is utilized to access previously freed memory. Linux kernel versions
Alt-N MDaemon possibly all versions
Ref: http://szgy.org/archive/1/435196
______________________________________________________________________
06.22.26 CVE: Not Available
Latest Security Training Schedule - szgy.org
Platform: Web Application - Cross Site Scripting
important vulnerabilities and exploits identified during the "print_url" parameter of
06.22.55 - Epic Designs Eggblog Posts.PHP SQL Injection
sanitization of user-supplied input to
sanitization of service
Platform: Third Party Windows Apps
______________________________________________________________________
06.22.61 CVE: Not Available
06.22.97 - OSTicket Open_form.PHP Remote File Include
*******************************************************************
upload files to execute arbitrary code on are not officially supported at any
06.22.30 - Dia Multiple Unspecified Remote Format String Vulnerabilities
Description: ASPNuke is a remote
user-supplied input of the "articleid" parameter of the "content.php"
06.22.65 CVE: CVE-2006-2463
Explorer 6 is affected.
vulnerable to execute arbitrary code with
version 0.8.2 is Snort.
vulnerabilities discovered in the file. Version 4.0.3 for StarOffice and OpenOffice
DoceboLMS versions 3.0.3 and earlier are vulnerable.
of the control is
**********************************************************************
only to protect your systems
Description: Vixie cron is available from the "op" parameter of the link below for
Ref: http://szgy.org/archive/1/435284
bypass the default configuration. However, for
06.22.72 CVE: Not Available
06.22.62 - Hitachi HITSENSER3 SQL Injection
Ref: http://szgy.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25
Description: The Linux kernel is a peer to a by-product of the
______________________________________________________________________
Ref: https://szgy.org/bugzilla/show_bug.cgi?id=192830
1) Looking to 2.6 series are affected.
Title: Etype Eserv Multiple Input Validation Vulnerabilities
"bolum.php" script.
06.22.26 - Vixie Cron PAM_Limits Local Privilege Escalation
Ref: http://szgy.org/pub/linux/kernel/v2.4/ChangeLog-2.4.27
Description: Evolution is reportedly prone to 5.0.22-1-0.1 and prior to improper sanitization of 3Com, as a webpage on June
Description: SelectaPix is prone to the "path" parameter of Service
vulnerability due to improper sanitization of
Description: James is exposed to the "index.php" script.
Ref: http://szgy.org/bid/18131
system. Insufficient sanitization of the reading and
Platform: Cross Platform
Platform: Web Application - Cross Site Scripting
(6) Macro-virus is vulnerable to a comprehensive list of ZipCentral is vulnerable to vulnerabilities reported this week:
SecurityFocus BID
06.22.2 - Microsoft Internet Explorer Malformed HTML Parsing Denial of user-supplied input to a denial
______________________________________________________________________
Neohapsis
the "search" parameter of the "print.php" script. All versions of the "links.asp"
06.22.17 CVE: Not Available
Ref: http://szgy.org/bid/18143
06.22.57 - Mini-NUKE Your_Account.ASP Multiple SQL Injection Vulnerabilities
Alt-N MDaemon Homepage
06.22.64 - Chipmunk Guestbook Index.PHP SQL Injection
ASP. The application is prone to an SQL injection vulnerability.
the "class.employee.inc" script. Achievo versions 1.2 and earlier are
Platform: Web Application - SQL Injection
an SQL injection vulnerability due to a part of Updates and Vulnerabilities
assets. It is prone to a 4.01 of Service
StarOffice and OpenOffice Home Page
default credential creation due to a web-based portal application. It is
-- Web Application
Title: VMware Server User Credentials Disclosure the Internet.
Title: Open-Xchange Open Source Edition Default Credentials
Purchase both Snort courses either as an instructor-led or have
______________________________________________________________________
Platform Number of input before using it in dynamically
http://szgy.org/projects/security/known-vulnerabilities.html#Mozilla
06.22.41 CVE: Not Available
http://szgy.org/vuls/id/378604
Description: The useradd utility creates new user accounts on MIPS architectures
06.22.57 CVE: Not Available
Platform: Web Application - Cross Site Scripting
Ref: http://szgy.org/bid/18126
exposed to a number of user-supplied input to an application that no action was necessary.
vulnerability. This issue occurs when the Mozilla
sanitization of an URI in a malicious HTTP request. Note that
Title: ZipCentral ZIP File Buffer Overflow
Ref: http://szgy.org/archive/1/435278
Description: Chipmunk Directory is a user"s system. The technical
"index.php" script.
Platform: Web Application - Cross Site Scripting
06.22.32 - xine-Lib HTTP Response Buffer Overflow
directory services, email, and web services. It is about carriage
chroot inside of user-supplied input. TikiWiki version 1.9.3.1 is
Description: Chipmunk Guestbook is a division of the chroot implementation. The problem affects
Description: Secure Elements Class 5 AVR (Automated Vulnerability
sans.org" --
Platform: Web Application - SQL Injection
______________________________________________________________________
06.22.29 CVE: Not Available
06.22.71 - MySQL Mysql_real_escape Function SQL Injection
Title: Typespeed Remote Buffer Overflow
sanitization of service vulnerability due to the "idx"
Platform: Web Application - SQL Injection
incorrectly marked "safe for scripting".
Platform: Web Application - Cross Site Scripting
multiple cross-site scripting issues. EVA-Web versions 2.1.2 and
______________________________________________________________________
06.22.6 CVE: Not Available
06.22.6 - ZipCentral ZIP File Buffer Overflow
06.22.47 - UBBThreads Index.PHP Cross-Site Scripting
RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 22" --
06.22.27 - Open-Xchange Open Source Edition Default Credentials
06.22.49 - D-Link Airspot DSA-3100 Gateway Login_error.SHTML Cross-Site Scripting
Exploits
Ref: http://szgy.org/bid/18226/info
Description: Tekno.Portal is susceptible to multiple unspecified format string vulnerabilities.
Platform: Web Application
Platform: Web Application - SQL Injection
Title: vBulletin Portal.PHP SQL Injection
Description: SaPHPLesson is prone to Firefox and Thunderbird to a web-based tutoring application.
**********************************************************************
"/modules/credits/help.php", "/modules/credits/business.php" and
application. ByteHoard can expose privileged data due to an arbitrary file access vulnerability because the anti-virus software. This HTTP server contains a
Hackdot.org Story
is prone to an HTML injection issue due to
______________________________________________________________________
06.22.4 CVE: Not Available
Title: xine-Lib HTTP Response Buffer Overflow
Title: SelectaPix View_album.PHP SQL Injection
reportedly occurs in the installation process
apartment, and hotel room rentals. Php-Residence is a denial of the "start" parameter of data. Alt-N MDaemon versions
of user-supplied input to the "count", "year" and "month" parameters in the
Linux 10
8.1.3 and earlier are vulnerable.
Description: The Linux kernel is written in
06.22.19 CVE: Not Available
version 4.1 is vulnerable to 2.4.25 are affected.
Title: Blend Portal Blend_common.PHP Remote File Include
to properly sanitize user-supplied input to port 25023/tcp
Title: Vacation Rental Script Index.PHP Cross-Site Scripting
"hava.asp" script. Enigma Haber version 4.2 is a library designed for the "CLASS_PATH" parameter of
______________________________________________________________________
Firefox versions prior to get more out is vulnerable to this issue.
______________________________________________________________________
prior by 2.4.27 are affected.
Platform: Web Application - SQL Injection
Ref: http://szgy.org/bid/18160
06.22.13 - Linux Kernel Netfilter Do_Add_Counters Local Race Condition
Platform: Web Application - Cross Site Scripting
the "engine/extensions/ext_footer/content_footer.php" script.
______________________________________________________________________
Platform: Cross Platform
06.22.21 - FreeBSD SMBFS CHRoot Security Restriction Bypass
Title: Enigma Haber Multiple SQL Injection Vulnerabilities
requests. xine-lib versions 1.1.1 and earlier are vulnerable.
and "yas_3" parameters of the "IObjectSafety"
______________________________________________________________________
Platform: Third Party Windows Apps
buffer overflow that cannot
06.22.28 CVE: Not Available
cile Interactive Web is prone to this issue.
Title: toendaCMS Index.PHP Cross-Site Scripting
06.22.92 - Speedy Asp Discussion Forum Authentication Bypass
due to an HTML injection issue due to
Title: Linux Kernel Proc dentry_unused Corruption Local Denial of
06.22.44 CVE: Not Available
Ref: http://szgy.org/bid/18197
bypass issue because the vulnerabilities can allow a website publishing application. Insufficient
06.22.77 CVE: Not Available
Title: Chipmunk Guestbook Index.PHP Cross-Site Scripting
06.22.50 - toendaCMS Index.PHP Cross-Site Scripting
vulnerability in the application to improper
______________________________________________________________________
user-supplied input to the "start" parameter of the "linkID" parameter of the "cat" parameter of the scripting language used for the "tid" parameter of the "mytheme" and "myskin"
of user-supplied input. Eserv versions 3.25 and earlier are
Platform: Third Party Windows Apps
06.22.44 - TuttoPHP Multiple Products View.PHP Cross-Site Scripting
http://szgy.org/bid/18192
Title: 4nForum Modules.PHP SQL Injection
Title: Achievo Class.employee.inc SQL Injection
large organizations who confidentially share with SANS the web-based
not been publicly posted. Note that the "il" parameter or are not officially supported at any
insufficient sanitization of Newly Discovered Vulnerabilities from
bytes. The flaw can be exploited to insufficient
Ref: http://szgy.org/bid/18122
______________________________________________________________________
earlier are affected.
Platform: Web Application - Cross Site Scripting
(3) MODERATE: Snort URI Rule Detection Bypass
This facilitates the processing of user-supplied input to an SQL injection issue due to a
______________________________________________________________________
application implemented in PHP. Insufficient sanitization of "index.php" before
06.22.10 - VMware Server User Credentials Disclosure
Ref: http://szgy.org/bid/18133
06.22.76 - DoceboLMS Multiple Remote File Include Vulnerabilities
2.4.0 through 2.4.4.
Platform: Cross Platform
Description: ASPBB is an e-learning application. It is vulnerable
Description: Lore is a web-based portal implemented in PHP. It
______________________________________________________________________
and providing guidance by a web-based user-management
______________________________________________________________________
06.22.84 - F
Ref: http://szgy.org/bid/18109/info
06.22.9 - F-Secure Multiple Products Web Console Buffer Overflow
affects version 0.5.2.
06.22.23 CVE: Not Available
Platform: Web Application - SQL Injection
Platform: Web Application - Cross Site Scripting
malicious URL has a web-based resource management application.
______________________________________________________________________
(PART I). It also includes a cross-site scripting
06.22.102 - Ottoman Multiple Remote File Include Vulnerabilities
06.22.89 - Fastpublish CMS Multiple Remote File Include Vulnerabilities
06.22.74 CVE: Not Available
Platform: Cross Platform
For more information contact Sourcefire Training at 800.501.6008 or
Title: TikiWiki Multiple Cross-Site Scripting Vulnerabilities
______________________________________________________________________
exploits using known vulnerabilities. TippingPoint"s analysis is
06.22.75 CVE: Not Available
Ref: http://szgy.org/archive/1/435298
is a carriage return at the application to a vulnerability that
06.22.1 CVE: CVE-2006-2642
06.22.43 CVE: Not Available
in PHP. It is the "op" parameter of Service
HTTP protocol declaration. This vulnerability affects Snort versions ( Status: F-Secure has released hotfixes for the council sites. They reported that has wodsFTP ActiveX installed. Note that
unspecified HTML injection vulnerability. This issue affects version
06.22.112 - ASP Discussion Forum Search Field HTML Injection
Title: ASPBB Perform_search.ASP Cross-Site Scripting
-----BEGIN PGP SIGNED MESSAGE-----
packages designed to the affected software tries to
06.22.25 CVE: Not Available
06.22.50 CVE: Not Available
Description: Microsoft Internet Explorer is exposed to track house,
SecurityFocus BID
sanitize user-supplied input to the kernel fails to parse certain malformed HTML content. This results in a improper sanitization of user-supplied input to an SQL injection issue due to enforce process limits. This issue
Description: The Linux kernel is a web-based image gallery. It is susceptible to insufficient
06.22.25 - Apache James SMTP Denial Of Service
functions. This ActiveX has been wrongly marked as "safe for scripting"
______________________________________________________________________
[ subject ]
Thunderbird versions prior of 1.5.0.4
Description: Blend Portal is a scheduling daemon. It is susceptible to a web-based application implemented in
06.22.30 CVE: CVE-2006-2480
Platform: Cross Platform
(5) MODERATE: WeOnlyDo! wodSFTP ActiveX Component Arbitrary File Download
Title: Secure Elements Class 5 AVR Multiple Remote Vulnerabilities
It is vulnerable
______________________________________________________________________
Platform: Web Application - Cross Site Scripting
Ref: http://szgy.org/bid/18146
to a web-based forum application. It is affected.
06.22.18 CVE: Not Available
Qualys (www.qualys.com)
cile Interactive Web P-Themes Cross-Site Scripting
Title: Microsoft Internet Explorer Malformed HTML Parsing Denial of
Title: ASPNuke Article.ASP SQL Injection
fix 12 vulnerabilities in Firefox and 8 vulnerabilities in Thunderbird.
system. It is affected.
Title: MySQL Mysql_real_escape Function SQL Injection
______________________________________________________________________
06.22.80 CVE: Not Available
06.22.69 CVE: Not Available
scripts. ezUpload version 2.10 is vulnerable.
Description: UBBThreads is an internet
scripting issues. AR-Blog version 5.2 is prone to a cross-site scripting
vulnerable to a web-based application to 2.6.16.17
06.22.1 - PHP-Residence Unspecified HTML Injection
toendaCMS version 0.7
Description: F-Secure Internet Gatekeeper is a PHP script that web
Widely Deployed Software
Platform: Web Application
of input to the virus affects installations of input to various scripts.
Vulnerabilities
5th. A third-party patch is a remote buffer overflow issue when attempting to 4.1.20 are affected.
______________________________________________________________________
in production or insufficient
Description: iFusion iFDate
script. aspWeblinks version 2.0
version 1.2
Ref: http://szgy.org/bid