Security - Ravens PHP Scripts

Ravens PHP Scripts: Security

phpBB Styles Demo Module SQL Injection and Cross-Site Scripting

Posted on Wednesday, September 19, 2007 @ 19:16:10 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26875

VERIFY ADVISORY: http://secunia.com/advisories/26875/

CRITICAL: Moderately critical

IMPACT: Cross Site Scripting, Manipulation of data, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Styles Demo 1.x (module for phpBB) - http://secunia.com/product/15765/

DESCRIPTION: nexen has discovered two vulnerabilities in the Styles Demo module for phpBB, which can be exploited by malicious people to conduct cross-site scripting attacks and SQL injection attacks.
Read More...

Shop-Script FREE Security Bypass and PHP Code Execution

Posted on Tuesday, September 18, 2007 @ 12:17:58 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26840

VERIFY ADVISORY: http://secunia.com/advisories/26840/

CRITICAL: Highly critical

IMPACT: Security Bypass, System access

WHERE: >From remote

SOFTWARE:
Shop-Script FREE 1.x - http://secunia.com/product/15759/
Shop-Script FREE 2.x - http://secunia.com/product/15760/

DESCRIPTION: Raz0r has discovered some vulnerabilities in Shop-Script FREE, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
Read More...

Microsoft Visual Studio Two ActiveX Controls Insecure Methods

Posted on Friday, September 14, 2007 @ 15:09:40 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26779

VERIFY ADVISORY: http://secunia.com/advisories/26779/

CRITICAL: Highly critical

IMPACT: Manipulation of data, System access

WHERE: >From remote

SOFTWARE:
Microsoft Visual Studio 6 Professional - http://secunia.com/product/409/
Microsoft Visual Studio 6 Enterprise - http://secunia.com/product/408/

DESCRIPTION: shinnai has reported some vulnerabilities in Microsoft Visual Studio, which can be exploited by malicious people to overwrite arbitrary files or potentially compromise a vulnerable system.
Read More...

WinSCP Protocol Handler Command Line Switch Injection

Posted on Friday, September 14, 2007 @ 13:02:00 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26820

VERIFY ADVISORY: http://secunia.com/advisories/26820/

CRITICAL: Highly critical

IMPACT: Manipulation of data, System access

WHERE: >From remote

SOFTWARE: WinSCP 4.x - http://secunia.com/product/14323/

DESCRIPTION: Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user's system and potentially to compromise a vulnerable system.
Read More...

Microsoft Agent URL Handling Memory Corruption Vulnerability

Posted on Tuesday, September 11, 2007 @ 18:09:23 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26753

VERIFY ADVISORY: http://secunia.com/advisories/26753/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Server - http://secunia.com/product/20/
Microsoft Windows 2000 Professional - http://secunia.com/product/1/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/

DESCRIPTION: A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system.
Read More...

PHP Multiple Vulnerabilities

Posted on Friday, August 31, 2007 @ 15:28:38 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA26642

VERIFY ADVISORY: http://secunia.com/advisories/26642/

CRITICAL: Moderately critical

IMPACT: Unknown, Security Bypass

WHERE: >From remote

SOFTWARE: PHP 5.2.x - http://secunia.com/product/13446/

DESCRIPTION: Some vulnerabilities have been reported in PHP, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions.
Read More...

phpBB Styles Demo Module SQL Injection and Cross-Site Scripting

Shop-Script FREE Security Bypass and PHP Code Execution

Microsoft Visual Studio Two ActiveX Controls Insecure Methods

WinSCP Protocol Handler Command Line Switch Injection

Microsoft Agent URL Handling Memory Corruption Vulnerability

PHP Multiple Vulnerabilities

Site Info

Site Navigation

Partners

Recommended Sites

Old Articles