Security - Ravens PHP Scripts

Ravens PHP Scripts: Security

PHP-Update blog.php Multiple Vulnerabilities

Posted on Wednesday, December 20, 2006 @ 15:58:03 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23407

VERIFY ADVISORY: http://secunia.com/advisories/23407/

CRITICAL: Highly critical

IMPACT: Security Bypass, Manipulation of data, System access

SOFTWARE: PHP-Update 2.x - http://secunia.com/product/12926/

DESCRIPTION: rgod has discovered some vulnerabilities in PHP-Update, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to compromise vulnerable systems and manipulate data. The vulnerabilities are confirmed in version 2.7 flat file edition but not in version 2.7 MySQL edition. Other versions may also be affected. Read More...

Sun Java JRE Applet Security Bypass

Posted on Wednesday, December 20, 2006 @ 15:56:47 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23398

VERIFY ADVISORY: http://secunia.com/advisories/23398/

CRITICAL: Moderately critical

IMPACT: Security Bypass

SOFTWARE:
Sun Java JDK 1.5.x - http://secunia.com/product/4621/
Sun Java JRE 1.5.x / 5.x - http://secunia.com/product/4228/
Sun Java JRE 1.4.x - http://secunia.com/product/784/
Sun Java JRE 1.3.x - http://secunia.com/product/87/
Sun Java SDK 1.4.x - http://secunia.com/product/1661/
Sun Java SDK 1.3.x - http://secunia.com/product/1660/

DESCRIPTION: Two vulnerabilities have been reported in Sun Java JRE (Java Runtime Environment), which can be exploited by malicious people to bypass certain security restrictions. Read More...

phpProfiles Multiple File Inclusion Vulnerabilities

Posted on Wednesday, December 20, 2006 @ 15:55:22 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23423

VERIFY ADVISORY: http://secunia.com/advisories/23423/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: phpProfiles 3.x - http://secunia.com/product/12934/

DESCRIPTION: nuffsaid has discovered several vulnerabilities in phpProfiles, which can be exploited by malicious people to compromise vulnerable systems. The vulnerabilities are confirmed in version 3.1.2. Other versions may also be affected. Read More...

WebCalendar format Cross-Site Scripting Vulnerability

Posted on Tuesday, December 19, 2006 @ 09:50:38 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23341

VERIFY ADVISORY: http://secunia.com/advisories/23341/

CRITICAL: Less critical

IMPACT: Cross Site Scripting

SOFTWARE:
WebCalendar 1.x - http://secunia.com/product/5606/
WebCalendar 0.9.x - http://secunia.com/product/1901/

DESCRIPTION: 7all has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks. Read More...

Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities

Posted on Wednesday, December 13, 2006 @ 09:12:50 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23325

VERIFY ADVISORY: http://secunia.com/advisories/23325/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE:
Sophos Anti-Virus for Windows 6.x - http://secunia.com/product/12449/
Sophos Anti-Virus 3.x - http://secunia.com/product/164/
Sophos Anti-Virus 4.x - http://secunia.com/product/5391/
Sophos Anti-Virus 5.x - http://secunia.com/product/5390/

DESCRIPTION: Two vulnerabilities have been reported in Sophos Anti-Virus, which can be exploited by malicious people to compromise a user's system. Successful exploitation of the vulnerabilities allows execution of arbitrary code. Read More...

BLOG:CMS DIR_ADMIN File Inclusion Vulnerability

Posted on Wednesday, December 13, 2006 @ 09:09:37 CST in Security
by Raven

SECUNIA ADVISORY ID: SA23345

VERIFY ADVISORY: http://secunia.com/advisories/23345/

CRITICAL: Highly critical

IMPACT: System access

SOFTWARE: BLOG:CMS 4.x - http://secunia.com/product/6051/

DESCRIPTION: HACKERS PAL has discovered a vulnerability in BLOG:CMS, which can be exploited by malicious people to compromise vulnerable systems. Read More...

PHP-Update blog.php Multiple Vulnerabilities

Sun Java JRE Applet Security Bypass

phpProfiles Multiple File Inclusion Vulnerabilities

WebCalendar format Cross-Site Scripting Vulnerability

Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities

BLOG:CMS DIR_ADMIN File Inclusion Vulnerability

Site Info

Site Navigation

Partners

Recommended Sites

Old Articles

PHP-Update blog.php Multiple Vulnerabilities

Sun Java JRE Applet Security Bypass

phpProfiles Multiple File Inclusion Vulnerabilities

WebCalendar *format* Cross-Site Scripting Vulnerability

Sophos Anti-Virus SIT/CPIO File Processing Vulnerabilities

BLOG:CMS *DIR_ADMIN* File Inclusion Vulnerability

Site Info

Site Navigation

Partners

Recommended Sites

Old Articles

WebCalendar format Cross-Site Scripting Vulnerability

BLOG:CMS DIR_ADMIN File Inclusion Vulnerability