BlooMooWeb ActiveX unauthorized access
Published:		01.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6757
Type:		remote
Level:		5/10
Description:		Control has unsafe functions.

Affected:

BLOOMOOWEB : BlooMooWeb 1.0

Original document

maxgipeh_(at)_yahoo.com, ActiveX security leaks in the TV owned web game platform (01.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Hawking Technology WR254-CA wireless routers hardcoded DNS server address
Published:		01.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6758
Type:		remote
Level:		4/10
Description:		139.175.55.244 DNS address is hardcoded.

Affected:

HAWKING : WR254-CA

Original document

Nikolai Grigoriev, Hawking Technology wireless router WR254-CA DNS issue (01.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		01.11.2006
Source:
SecurityVulns ID:		6759
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPNUKE : PHP-Nuke 7.9
		PHPMYCONFERENCES : phpMyConferences 8.0
		BFEXPLORER : bfExplorer 0.0
		ZENDGDATA : ZendGData Preview 0.2

Original document		LegendaryZion, Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" (01.11.2006)
		security_(at)_armorize.com, Multiple XSS Vulnerabilities in Zend Google Data Client Library Preview 0.2.0 (01.11.2006)
		LegendaryZion, Cross Site Scripting (XSS) Vulnerability in Web Mail service by "Walla! Communications LTD" (01.11.2006)
		LegendaryZion, Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server Messenger Express by "Sun" (01.11.2006)
		paisterist.nst_(at)_gmail.com, PHP-Nuke <= 7.9 Journal module (search.php) "forwhat" SQL Injection vulnerability (01.11.2006)
		mfp.c_(at)_hotmail.com, phpMyConferences <= 8.0.2 Remote File Inclusion (01.11.2006)
		security_(at)_armorize.com, SQL Injection Vulnerability in bfExplorer 0.0.6 (01.11.2006)
		handrix_(at)_gmail.com, Sun java System Messenger Express XSS (01.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

B-FOCuS Wireless routers unauthorized access
Published:		01.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6760
Type:		remote
Level:		5/10
Description:		It's possible to access router's internal information with URL like http://target/html/defs/.

Original document

LegendaryZion, Directory listing on B-FOCuS Wireless 802.11b/g ADSL2+ Router by "ECI Telecom LTD" (01.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Novell iManager DoS
Published:		01.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6761
Type:		remote
Level:		5/10
Description:		Oversized TREE parameter of HTTP POST request causes NULL pointer dereference.

Affected:

NOVELL : iManager 2.5

Original document

IDEFENSE, iDefense Security Advisory 10.31.06: Novell iManager Tomcat DoS Vulnerability (01.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Novell eDirectory DoS
Published:		01.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6762
Type:		remote
Level:		5/10
Description:		Service crash on malformed login request.

Affected:

NOVELL : eDirectory 8.8

Original document

IDEFENSE, iDefense Security Advisory 10.27.06: Novell eDirectory NMAS BerDecodeLoginDataRequeset DoS Vulnerability (01.11.2006)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Asterisk security vulnerabilities
Published:		01.11.2006
Source:		BUGTRAQ
SecurityVulns ID:		6763
Type:		remote
Level:		5/10
Description:		Different malcrafted packets sequences cause service to crash.

Affected:

ASTERISK : Asterisk 1.2

Original document

J. Oquendo, [Full-disclosure] Asterisk Local and Remote Denial of Service Vulnerability (01.11.2006)

Files:		Asteroid is a lame SIP denial of service attack
Discuss:		Read or add your comments to this news (0 comments)