Search:Vulnerability:02.12.2003 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple bugs in FortiGate
updated since 03.10.2003
Published: 02.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3157
Type: remote
Level: 5/10
Description: Multiple bugs in web interface.

Affected: FORTINET : FortiOS 2.50

Original document Maarten, [Full-Disclosure] exploiting fortigate firewall through webinterface (03.10.2003)

Discuss: Read or add your comments to this news (0 comments)

Linux kernel do_brk() privilege escalation
Published: 02.12.2003
Source: FULL-DISCLOSURE
SecurityVulns ID: 3289
Type: local
Level: 8/10
Description: Function may be used for allocation virtual memory exceeding user accessible memory limit, givin access to kernel internal structures.

Affected: LINUX : kernel 2.4

Original document Paul Starzetz, [Full-Disclosure] [iSEC] Linux kernel do_brk() lacks argument bound checking (02.12.2003)

DEBIAN, [Full-Disclosure] [SECURITY] [DSA-403-1] userland can access Linux kernel memory (02.12.2003)

Files: Linux kernel do_brk() proof-of-concept exploit code
Linux kernel do_brk(), another proof-of-concept code for i386
Discuss: Read or add your comments to this news (0 comments)

CGI bugs
updated since 02.12.2003
Published: 11.12.2003
Source:
SecurityVulns ID: 3288
Type: remote
Level: 5/10

Affected: XOOPS : xoops 2.0
XOOPS : xoops 1.3
VPASP : VP-ASP Shopping Cart 5.0
SURFBOARD : Surfboard 1.1
AESTHETIC : Jason Maloney's CGI Guestbook 3.0
CUTEPHP : CuteNews 1.3
ALABANZA : AlaCart 1.0
BITFOLGE : Snif 1.2
TODSAH : PieterPost 0.10
RNN : RNN Guestbook 1.2
ALANWARD : Alan Ward Acart 2.0
NEOCROME : Land Down Under 601
BMCWEB : BNCweb
MAMBOSERVER : Mambo Server 4.0
MAMBOSERVER : Mambo Server 4.5
FREESCRIPTS : VisitorBook LE

Original document Paul Johnston, Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax) (11.12.2003)

Chintan Trivedi, Mambo Open Source 4.0.14 SQL injection (11.12.2003)

Security Corporation Security Advisory, [SCSA-023] Multiple vulnerabilities in Mambo Server (11.12.2003)

document Matthias Bethke, BNCweb File Disclosure Vulnerability (09.12.2003)

SECURITEAM, [UNIX] Snif Script Cross Site Scripting Vulnerability (09.12.2003)

SECURITEAM, [UNIX] Land Down Under auth.php SQL Injection (09.12.2003)

Shaun Moore, Jason Maloney's Guestbook XSS Vulnerability. (09.12.2003)

document Xnuxer Research Laboratory, Cross Site Scripting in VP-ASP (09.12.2003)

Security Corporation Security Advisory, [SCSA-022] Multiple vulnerabilities in Xoops (06.12.2003)

parag0d_(at)_phreaker.net, Improper authentication checking in Alan Ward Acart (05.12.2003)

parag0d_(at)_phreaker.net, XSS vulnerabilities in register.asp in Alan Ward Acart (05.12.2003)

document parag0d_(at)_phreaker.net, Plaintext Vulnerability in Alan Ward Acart (05.12.2003)

parag0d_(at)_phreaker.net, XSS Vulnerabilities in Alan Ward Acart (05.12.2003)

Martin Ma�ok, XBoard < 4.2.7: pxboard insecure tmp file handling (05.12.2003)

Peter Winter-Smith, eZphotoshare Multiple Overflow Vulnerabilities (04.12.2003)

document SECURITEAM, [UNIX] RNN's Guestbook Multiple Vulnerabilities (03.12.2003)

datasink_(at)_op.pl, Pieterpost - access to "vitual" account (02.12.2003)

SECURITEAM, [UNIX] Snif File Disclosure Vulnerability (02.12.2003)

SECURITEAM, [NEWS] Alabanza AlaCart SQL Injection Vulnerability (02.12.2003)

document Securiteinfo.com, [Full-Disclosure] Cutenews 1.3 information disclosure (02.12.2003)

Shaun Moore, Jason Maloney's CGI Guestbook Remote Command Execution Vulnerability. (02.12.2003)

Luigi Auriemma, Surfboard <= 1.1.8 vulns (02.12.2003)

S-Quadra Security Research, Virtual Programming VP-ASP Shopping Cart 5.0 multiple SQL Injection Vulnerabilities (02.12.2003)

Discuss: Read or add your comments to this news (0 comments)