Section: .. / 0605-advisories /
| /// File Name: |
yapbb_advisory.txt |
Description:
|
YapBB versions 1.2 Beta2 and below suffer from a SQL injection vulnerability in find.php.
| | Author: | x90c | | Homepage: | http://www.chollian.net/~jyj9782 | | File Size: | 1911 | | Last Modified: | May 22 00:27:48 2006 |
| MD5 Checksum: | 9def23b1d53976b37e635da9202c1436 |
|
| /// File Name: |
ZDI-06-012.txt |
Description:
|
ZDI-06-012 - A vulnerability in Sophos AntiVirus, PureMessage, and MailMonitor allows remote attackers to execute arbitrary code. Authentication is not required to exploit this vulnerability.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2871 | | Related CVE(s): | CVE-2006-0994 | | Last Modified: | May 17 02:57:27 2006 |
| MD5 Checksum: | 8523f72ea99666ff2f22a9539892673c |
|
| /// File Name: |
ZDI-06-013.txt |
Description:
|
ZDI-06-013 - A flaw in TippingPoint SMS servers exists within the web management interface. Due to insufficient protections on specific directories, an attacker with access to the web interface may be able to view benign data such as the user manual. In the event that the device was being used for backup purposes, it may be possible for an attacker to identify additional information such as configuration settings.
| | Author: | Micheal Cottingham | | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2395 | | Related CVE(s): | CVE-2006-0993 | | Last Modified: | May 21 13:55:40 2006 |
| MD5 Checksum: | 2d3bedc6043162cf656a6a6f1cbf1062 |
|
| /// File Name: |
ZDI-06-014.txt |
Description:
|
ZDI-06-014 - The Verisign i-Nav ActiveX Control suffers from a vulnerability that allows remote attackers to execute arbitrary code on vulnerable installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2699 | | Related CVE(s): | CVE-2006-2273 | | Last Modified: | May 21 14:40:19 2006 |
| MD5 Checksum: | 40c73a1ed2336599cdb73f5812099633 |
|
| /// File Name: |
ZDI-06-015.txt |
Description:
|
ZDI-06-015 - This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Apple's QuickTime media player. The specific flaw exists within the parsing of H.264 content. The implicit trust of a user-supplied size value during a memory copy loop allows an attacker to create an exploitable memory corruption condition. Exploitation requires that an attacker either coerce the target to open a malformed media file or visit a website embedding the malicious file. Versions prior to 7.1 of Apple Quicktime are affected.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2662 | | Related CVE(s): | CVE-2006-1463 | | Last Modified: | May 21 15:15:50 2006 |
| MD5 Checksum: | df19f70a0f598f9afa328427a852326c |
|
| /// File Name: |
ZDI-06-016.txt |
Description:
|
ZDI-06-016 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell eDirectory. Exploitation does not require authentication. Affected are Novell eDirectory version 8.8 and Novell iMonitor version 2.4.
| | Homepage: | http://www.zerodayinitiative.com/ | | File Size: | 2546 | | Related CVE(s): | CVE-2006-2496 | | Last Modified: | May 24 05:03:24 2006 |
| MD5 Checksum: | 6ca474be94fe39518a6b982b4e055771 |
|
| /// File Name: |
ZH2006-20.txt |
Description:
|
CosmicShoppingCart suffers from multiple SQL injection and XSS vulnerabilities.
| | Homepage: | http://www.zone-h.org/ | | File Size: | 1391 | | Last Modified: | May 29 03:55:08 2006 |
| MD5 Checksum: | 20bbfcb7c013213249edf864af2357a3 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
