Computer Security
[EN] securityvulns.ru no-pyccku


Cisco Security Agent Management Center authentication bypass
Published:02.11.2006
Source:
SecurityVulns ID:6764
Type:remote
Threat Level:
5/10
Description:Acces with empty password is possible if NTLM authentication is configured.
Affected:CISCO : Cisco Security Agent Management Center 5.1
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Security Agent Management Center LDAP Administrator Authentication Bypass (02.11.2006)

Multiple wireshark sniffer DoS conditions
Published:02.11.2006
Source:
SecurityVulns ID:6765
Type:remote
Threat Level:
5/10
Description:DoS conditions on parsing different protocols.
Affected:WIRESHARK : wireshark 0.99
Original documentdocumentRPATH, rPSA-2006-0202-1 tshark wireshark (02.11.2006)

Mac OS X Apple Airport wireless driver memory corruption
Published:02.11.2006
Source:
SecurityVulns ID:6767
Type:remote
Threat Level:
7/10
Description:Memory corruption on probe response frame parsing.
Affected:APPLE : Mac OS X 10.4
Original documentdocumentH D Moore, [Full-disclosure] Fun with wireless cards... (02.11.2006)
Files:Exploits Apple Airport 802.11 Probe Response Kernel Memory Corruption

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:02.11.2006
Source:
SecurityVulns ID:6768
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:HOSTINGCONTROLLE : Hosting Controller 6.1
 INVISION : Invision Power Board 2.1
 TIKIWIKI : tikiwiki 1.9
 WORDPRESS : WordPress 2.0
 PHPMYADMIN : phpmyadmin 2.9
 BEN3W : 2BGal 3.0
 INNOVATEBOARD : Innovate Portal 2.0
 PWSPHP : PwsPHP 1.1
 TGSCMS : T.G.S. CMS 0.1
 LITHIUMCMS : Lithium CMS 4.04
Original documentdocumentSECUNIA, [SA22607] Hosting Controller Multiple Vulnerabilities (02.11.2006)
 documentMILW0RM, PwsPHP <= 1.1 (themes/fin.php) Remote File Include Vulnerablity (02.11.2006)
 documentLegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint" (02.11.2006)
 documentLegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in "ViewImage.asp" by Daronet Internet Solutions (02.11.2006)
 documentLegendaryZion, [Full-disclosure] Cross Site Scripting (XSS) Vulnerability in Netquery by "VIRtech" (02.11.2006)
 documentRapigator, [Full-disclosure] Invision Power Board 2.1.7 debug mode vulnerability (02.11.2006)
 documentJuha-Matti Laurio, [Full-disclosure] WordPress release 2.0.5 includes about 50 bugfixes (02.11.2006)
 documentStefan Esser, [Full-disclosure] Advisory 12/2006: phpMyAdmin - error.php XSS Vulnerability (02.11.2006)
 documentsecurfrog_(at)_gmail.com, tikiwiki 1.9.5 mysql password disclosure & xss (02.11.2006)
Files:Exploits Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7
 Innovate Portal <= 2.0 Remote Code Execution Exploit
 2BGal 3.0 Remote Command Execution Exploit
 T.G.S. CMS <= 0.1.7 Remote SQL Injection Exploit
 Lithium CMS <= 4.04c Remote Code Execution Exploit

SAP Web Application Server multiple security vulnerabilities
Published:02.11.2006
Source:
SecurityVulns ID:6769
Type:remote
Threat Level:
6/10
Description:Directory traversal, DoS, local privilege escalation thorugh named pipe.
Affected:SAP : SAP Web Application Server 6.40
 SAP : SAP Web Application Server 7.00
Original documentdocumentnicob_(at)_nicob.net, [Full-disclosure] Multiple vulnerabilities in SAP Web Application Server 6.40 and 7.00 (02.11.2006)

Linux kernel DoS
Published:02.11.2006
Source:
SecurityVulns ID:6770
Type:local
Threat Level:
5/10
Description:/proc/net/ip6_flowlabel endless loop.
Original documentdocumentSECUNIA, [SA22665] Linux Kernel IPv6 Flow Label Denial of Service (02.11.2006)

HP-UX privilege escalation
Published:02.11.2006
Source:
SecurityVulns ID:6771
Type:remote
Threat Level:
5/10
Affected:HP : HP-UX 11.00
 HP : HP-UX 11.11
 HP : HP-UX 11.04
Original documentdocumentHP, [security bulletin] HPSBUX02091 SSRT061099 rev.2 - HP-UX Local Increased Privilege (02.11.2006)

Outpost Firewall privilege escalation
updated since 02.11.2006
Published:16.11.2006
Source:
SecurityVulns ID:6766
Type:local
Threat Level:
5/10
Description:Insufficient incoming data validation for \Device\SandBox device driver and SSDT hoocked functions.
Affected:AGNITUM : Outpost Firewall Pro 4.0
Original documentdocumentMatousec - Transparent security Research, Outpost Multiple insufficient argument validation of hooked SSDT function Vulnerability (16.11.2006)
 documentMatousec - Transparent security Research, Outpost Insufficient validation of 'SandBox' driver input buffer (02.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod