Search:Vulnerability:01.05.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple Kerio WinRoute Firewall, Kerio Personal Firewall and Kerio MailServer administration protocol vulnerabilities
updated since 30.04.2005
Published: 01.05.2005
Source: BUGTRAQ
SecurityVulns ID: 4746
Type: remote
Level: 5/10
Description: Password bruteforcing, DoS.

Affected: KERIO : Kerio Personal Firewall 4.1
KERIO : Kerio MailServer 6.0
KERIO : Winroute 6.0

Original document Secure Computer Group, [CAN-2005-1062] Administration protocol abuse allows local/remote password cracking (30.04.2005)

Secure Computer Group, [CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service (30.04.2005)

Discuss: Read or add your comments to this news (0 comments)

Mac OS X Cocktail information leak
Published: 01.05.2005
Source: BUGTRAQ
SecurityVulns ID: 4747
Type: remote
Level: 5/10
Description: Password is used on command line.

Affected: MACOSXCOCTAIL : Mac OS X Cocktail 3.5

Original document sonderling, Mac OS X Cocktail 3.5.4 admin password disclosure (01.05.2005)

Discuss: Read or add your comments to this news (0 comments)

GOCR optical character recognitin program integer overflow
Published: 01.05.2005
Source: SECURITEAM
SecurityVulns ID: 4748
Type: local
Level: 5/10
Description: Integer overflow on PGM format parsing.

Affected: GOCR : gocr 0.40

Original document SECURITEAM, [UNIX] Buffer Overflow in GOCR (01.05.2005)

Discuss: Read or add your comments to this news (0 comments)

BIG-IP 3-DNS Controller protection bypass
Published: 01.05.2005
Source: SECUNIA
SecurityVulns ID: 4750
Type: remote
Level: 5/10

Affected: F5 : BIG-IP 4.5
F5 : BIG-IP 4.6
F5 : 3-DNS Controller 4.5
F5 : 3-DNS Controller 4.6

Original document SECUNIA, [SA15098] BIG-IP / 3-DNS Radius Authentication "login_radius" Security Bypass (01.05.2005)

Discuss: Read or add your comments to this news (0 comments)

PHP, ASP, CGI web applications security vulnerabilities
updated since 25.04.2005
Published: 01.05.2005
Source:
SecurityVulns ID: 4724
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc.

Affected: PHPBB : phpBB 2.0
INVISION : Invision Power Board 2.0
HORDE : IMP 3.2
PHPMYADMIN : phpMyAdmin 2.6
COMERSUS : Comersus ASP Shopping Cart 6.01
PHPNUKE : PHP-Nuke 7.6
PHPCOIN : phpCOIN 1.2
MYPHP : MyPHP Forum 3.0
WOLTLAB : Woltlab Burning Board 2.3
YAZAPORT : E-Cart 1.1
WEBAPP : WebAPP 0.9
BKDEV : BK Forum 4
ACSBLOG : ACSblog 0.8
ACSBLOG : ACSblog 1.0
ACSBLOG : ACSblog 1.1
ARTMEDIC : artmedic_links 5
CARTWIZ : CartWIZ 1.1
PHPMYVISITES : phpMyVisites 1.3
STOREPORTAL : StorePortal 2.63
METALINKS : MetaCart e-Shop 8
METALINKS : MetaCart2
METALINKS : MetaBid Auctions
GRAYMUR : GrayCMS 1.1
DREAM4 : koobi-cms 4.2
CLARONLINE : Claroline RC1
HORDE : Forwards 2.2
HORDE : mnemo 1.1
HORDE : chora 1.2
HORDE : nag 1.1
HORDE : Horde passwd 2.2
HORDE : turba 1.2
HORDE : Horde accounts 2.1
HORDE : Kronolith 1.1
HORDE : Horde vacation 2.2
OXPUS : phpBB Notes Mod
OCEAN12 : Ocean12 Mailing list manager 1.06
ALL4WWW : All4WWW-Homepagecreator 1.0

Original document SECUNIA, [SA15173] enVivo!CMS SQL Injection Vulnerabilities (01.05.2005)

GENTOO, [Full-disclosure] [ GLSA 200504-30 ] phpMyAdmin: Insecure SQL script installation (01.05.2005)

SECURITEAM, [UNIX] All4WWW-Homepagecreator site Parameter Command Execution (01.05.2005)

Luis Fernando, Multiples Full Path Disclosure in php-nuke 7.6 (and below) (30.04.2005)

document dcrab_(at)_hackerscenter.com, Multiple Sql injections in phpCoin v1.2.2 and below (30.04.2005)

Zinho, [HSC Security Group] Ocean12 Mailing List Manager Pro SQL injection (30.04.2005)

JeiAr, phpBB Notes Mod SQL Injection Vulnerability (30.04.2005)

durito, еще один бажный скрипт в WebAPP v0.9.9. (30.04.2005)

document SECUNIA, [SA15073] Vacation Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15080] Kronolith Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15081] Accounts Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

document SECUNIA, [SA15074] Turba Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15075] Passwd Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15077] Horde IMP Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

document SECUNIA, [SA15079] Nag Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15083] Chora Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

SECUNIA, [SA15078] Mnemo Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

document SECUNIA, [SA15082] Forwards Parent Frame Page Title Cross-Site Scripting Vulnerability (28.04.2005)

Sieg Fried, ZRCSA-200501 - Multiple vulnerabilities in Claroline (28.04.2005)

CENSORED, SQL-injections in koobi-cms (28.04.2005)

Terencentanio Enache, myPHP Forum v3 (possible v1 & 2 also) Identification 'spoof' (27.04.2005)

document Zinho, [HSC Security Group] Comersus v6 Script injection (27.04.2005)

Kold, GrayCMS php code injection (27.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaBid Auctions (27.04.2005)

dcrab_(at)_hackerscenter.com, MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities (27.04.2005)

document dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart2 for SQL Server Special Edition U.K (27.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart2 for PayPal (27.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in MetaCart e-Shop V-8 (27.04.2005)

document Zinho, [Hackers Center Security Group] Sqwebmail Http Splitting Vulnerability (27.04.2005)

CENSORED, SQL-injections in Invision Power Board v2.0.1 (27.04.2005)

fireboy fireboy, remote command execution in text.cgi script (26.04.2005)

fireboy fireboy, index.cgi script XSS + file show (26.04.2005)

document fireboy fireboy, remote command execution in forum.pl script (26.04.2005)

fireboy fireboy, remote command execution in ad.cgi script (26.04.2005)

admin_(at)_batznet.com, WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05) (26.04.2005)

fireboy fireboy, remote command execution in includer.cgi script (26.04.2005)

document fireboy fireboy, remote command execution in citat.pl script (26.04.2005)

dcrab_(at)_hackerscenter.com, Multiple SQL Injections in StorePortal 2.63 (26.04.2005)

fireboy fireboy, remote command execution in include.cgi script (26.04.2005)

fireboy fireboy, remote command execution in inserter.cgi script (26.04.2005)

document Max Cerny, [exploit] phpMyVisites 1.3 local file retrieval (26.04.2005)

Nicolas Montoza, E-Cart v1.1 Remote Command Execution (25.04.2005)

dcrab_(at)_hackerscenter.com, Multiple Sql injection and XSS in CartWIZ ASP Cart (25.04.2005)

Adam n30n Simuntis, artmedic_links5 remote file access exploit (25.04.2005)

document HaCkZaTaN, -==phpBB 2.0.14 Multiple Vulnerabilities==- (25.04.2005)

farhad koosha, ACSblog bug (25.04.2005)

dcrab_(at)_hackerscenter.com, Multiple Sql injection vulnerabilities in BK Forum v.4 (25.04.2005)

durito, Просмотр файлов и директорий в WebAPP Web Automated Perl Portal System v0.9.9. (25.04.2005)

Discuss: Read or add your comments to this news (0 comments)

pound reverse proxy / load balancer / HTTPS front-end buffer overflow
updated since 01.05.2005
Published: 10.01.2006
Source: FULL-DISCLOSURE
SecurityVulns ID: 4749
Type: remote
Level: 6/10
Description: Buffer overflow on oversized hostname.

Affected: POUND : pound 1.8
POUND : pound 1.9

Original document DEBIAN, [SECURITY] [DSA 934-1] New pound packages fix multiple vulnerabilities (10.01.2006)

GENTOO, [Full-disclosure] [ GLSA 200504-29 ] Pound: Buffer overflow vulnerability (01.05.2005)

Discuss: Read or add your comments to this news (0 comments)