Ravens PHP Scripts: Security



Search on This Topic:   
[ Go to Home | Select a New Topic ]
 

 

phpBB SpamBlockerMod *phpbb_root_path* File Inclusion Vulnerability More about Read More...

Posted on Friday, October 13, 2006 @ 10:53:15 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22356

VERIFY ADVISORY: http://secunia.com/advisories/22356/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

SOFTWARE: SpamBlockerMod 1.x (module for phpBB) - http://secunia.com/product/12298/

DESCRIPTION: Ashiyane Corporation has reported a vulnerability in the SpamBlockerMod module for phpBB, which can be exploited by malicious people to compromise a vulnerable system. Read More...


 

 

Invision Gallery Information Disclosure and SQL Injection More about Read More...

Posted on Friday, October 13, 2006 @ 10:48:00 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22400

VERIFY ADVISORY: http://secunia.com/advisories/22400/

CRITICAL: Moderately critical

IMPACT: Manipulation of data, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Invision Gallery 2.x - http://secunia.com/product/6022/

DESCRIPTION: _1nf3ct0r_ has reported some vulnerabilities in Invision Gallery, which can be exploited by malicious people to disclose potentially sensitive information and conduct SQL injection attacks. The vulnerabilities are reported in version 2.0.7. Other versions may also be affected.

1) Input passed to the "dir" parameter in index.php is not properly verified before being used in a "readfile()" call. Read More...


 

 

McAfee Network Agent Invalid String Position Denial of Service More about

Posted on Friday, October 13, 2006 @ 10:41:53 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22371

VERIFY ADVISORY: http://secunia.com/advisories/22371/

CRITICAL: Less critical

IMPACT: DoS

WHERE: >From local network

SOFTWARE:
McAfee Personal Firewall Plus 7.x/2006 - http://secunia.com/product/267/
McAfee Internet Security Suite 2006 - http://secunia.com/product/11210/
McAfee VirusScan 10.x/2006 - http://secunia.com/product/9052/

DESCRIPTION: JAAScois has discovered a vulnerability in various McAfee products,which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in McAfee Network Agent (McNASvc.exe) when processing received network messages. This can be exploited to crash the service by sending a specially crafted message with an invalid value in the string position field. The vulnerability is confirmed in McAfee Internet Security Suite 2006 including McAfee Network Agent version 1.0.178.0. Other versions and products may also be affected.

SOLUTION: Restrict access to the service.

PROVIDED AND/OR DISCOVERED BY: JAAScois


 

 

Eazy Cart Multiple Vulnerabilities More about Read More...

Posted on Wednesday, October 11, 2006 @ 02:35:23 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22286

VERIFY ADVISORY: http://secunia.com/advisories/22286/

CRITICAL: Moderately critical

IMPACT: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information

WHERE: >From remote

SOFTWARE: Eazy Cart 2.x - http://secunia.com/product/12259/

DESCRIPTION: Some vulnerabilities have been discovered in Eazy Cart, which can be exploited by malicious people to bypass certain security restriction, disclose sensitive information, manipulate orders, and to conduct cross-site scripting attacks. The vulnerabilities have been confirmed in version 2.01. Other versions may also be affected. Read More...


 

 

Microsoft XML Core Services Information Disclosure and Code Execution More about Read More...

Posted on Wednesday, October 11, 2006 @ 02:29:11 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22333

VERIFY ADVISORY: http://secunia.com/advisories/22333/

CRITICAL: Highly critical

IMPACT: Exposure of sensitive information, System access

WHERE: >From remote

SOFTWARE:
Microsoft XML Parser 2.x - http://secunia.com/product/12261/
Microsoft XML Core Services 3.x - http://secunia.com/product/12262/
Microsoft Core XML Services (MSXML) 6.x - http://secunia.com/product/6473/
Microsoft Core XML Services (MSXML) 4.x - http://secunia.com/product/6472/
DESCRIPTION: Two vulnerabilities have been reported in Microsoft XML Core Services, which can be exploited by malicious people to disclose certain information and compromise a vulnerable system.

1) An unspecified error exists in the XMLHTTP ActiveX control when interpreting a HTTP server-side redirect. This can be exploited to disclose certain information e.g. via a specially crafted web page.

2) A boundary error exists in the XSLT processing in MSXML. This can be exploited to cause a buffer overflow via a specially crafted web page and allows execution of arbitrary code.  Read More...


 

 

Microsoft Office Multiple Code Execution Vulnerabilities More about Read More...

Posted on Wednesday, October 11, 2006 @ 02:19:07 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA22339

VERIFY ADVISORY: http://secunia.com/advisories/22339/

CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system.

SOFTWARE:
Microsoft Word 2003 Viewer - http://secunia.com/product/5523/
Microsoft Word 2003 - http://secunia.com/product/4908/  Read More...


 



Page 71 of 102 (608 total stories) [ << | < | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | > | >> ]  

News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 513,860,511
  • Today: 94,804
Server InfoServer Info
  • Apr 28, 2025
  • 05:15 pm CDT
 
 

Site Navigation