Computer Security
[EN] securityvulns.ru no-pyccku


Multiple Sun Solaris vulnerabilities
Published:12.01.2006
Source:
SecurityVulns ID:5626
Type:local
Threat Level:
5/10
Description:Different bugs lead to system crash and privilege escalation.
Affected:ORACLE : Solaris 9
 ORACLE : Solaris 10
Original documentdocumentSECUNIA, [SA18420] Sun Solaris "/proc" Filesystem Searching Denial of Service Vulnerability (12.01.2006)
 documentSECUNIA, [SA18421] Sun Solaris Unspecified Privilege Escalation and Denial of Service (12.01.2006)

Cisco Aironet wireless access points DoS
Published:12.01.2006
Source:
SecurityVulns ID:5627
Type:remote
Threat Level:
5/10
Description:arp-requests flood from wireless interface leads to memory exhaustion.
Affected:CISCO : Aironet 1100
 CISCO : Aironet 1200
 CISCO : Aironet 1400
 CISCO : Aironet 350
 CISCO : Aironet 1130
 CISCO : Aironet 1230
 CISCO : Aironet 1240
 CISCO : Aironet 1300
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks (12.01.2006)
Files:CisKill -- Aironet Cisco Killer (exploits Cisco Aironet arp packets DoS)

Multiple Cisco Security Monitoring, Analysis and Response System (CS-MARS) backdoors
Published:12.01.2006
Source:
SecurityVulns ID:5621
Type:remote
Threat Level:
7/10
Description:Undocumented account 'pnadmin' with standard password allows remote access to device. Undocumented 'expert' command allow unprivileged user to gain 'root' privileges.
Affected:CISCO : CS-MARS 4.1
Original documentdocumentCISCO, Cisco Security Advisory: Default Administrative Password in Cisco Security Monitoring, Analysis and Response System (CS-MARS) (12.01.2006)

PostgreSQL database DoS
Published:12.01.2006
Source:
SecurityVulns ID:5622
Type:remote
Threat Level:
6/10
Description:Large number of connections at same time causes fatal error.
Affected:POSTGRES : PostgreSQL 8.0
 POSTGRES : PostgreSQL 8.1
Original documentdocumentPOSTGRESQL, PostgreSQL security releases 8.0.6 and 8.1.2 (12.01.2006)

Web applications security vulnerabilities (PHP, ASP, JSP, CGI, Perl)
Published:12.01.2006
Source:
SecurityVulns ID:5623
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBWIZ : WebWiz Forums 6.34
 MYPHPIM : MyPhPim 1.05
 PAYPALPHPTOOLIT : PHP Toolkit for PayPal 0.50
 ASPSURVEY : ASPSurvey 1.10
 ACAL : ACal 2.2
Original documentdocumentSECUNIA, [SA18432] ACal "ACalAuthenticate" Authentication Bypass Vulnerability (12.01.2006)
 documentSECUNIA, [SA18422] ASPSurvey "Password" SQL Injection Vulnerability (12.01.2006)
 documentAlla Bezroutchko, [Full-disclosure] Session data pollution vulnerabilities in web applications (12.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] MyPhPim Arbitrary File Upload (12.01.2006)
 documentuinC Team, Multiple PHP Toolkit for PayPal Vulnerabilities (12.01.2006)

slsnif serial line sniffer buffer overflow
Published:12.01.2006
Source:
SecurityVulns ID:5624
Type:local
Threat Level:
5/10
Description:Buffer overflow on parsing HOME environment variable.
Affected:SLSNIF : slsnif 0.4
Original documentdocumentSintigan_(at)_shellcoders.com, Serial Line Sniffer 0.4.4 Buffer Overflow (12.01.2006)
Files:Exploits Serial Line Sniffer 0.4.4 Buffer Overflow

eStara Softphone SIP VoIP phone buffer overflow
updated since 12.01.2006
Published:14.02.2006
Source:
SecurityVulns ID:5625
Type:remote
Threat Level:
6/10
Description:Buffer overflow on oversized SIP packet attribute field. Integer overflows and format string bugs.
Affected:ESTARA : eStara Softphone 3.0
Original documentdocumentzwell_(at)_sohu.com, eStara SIP softphone several message-processing vulnerabilities (14.02.2006)
 documentzwell_(at)_sohu.com, eStara Softphone SIP stack Buffer Overflow Vulnerability (12.01.2006)
Files:Exploits eStara Softphone SIP stack Buffer Overflow Vulnerability

Apple QuickTime / iTunes multiple vulnerabilities
updated since 12.01.2006
Published:12.05.2007
Source:
SecurityVulns ID:5620
Type:client
Threat Level:
6/10
Description:Heap overflow on GIF images parsing, stack overflow on QTIF parsing, heap overflow on video samples parsing.
Affected:APPLE : QuickTime 7.0
CVE:CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.)
Original documentdocument3COM, TPTI-07-07: Apple QuickTime STSD Parsing Heap Overflow Vulnerability (12.05.2007)
 documentFortinet Research, [VulnWatch] Fortinet Advisory: Apple QuickTime Player Color Map Entry Size Buffer Overflow (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory: "Apple QuickTime Player ImageWidth Integer Overflow Vulnerability" (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Security Advisory: "Apple QuickTime Player Improper Memory Access Vulnerability" (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory: Apple Quick Time Player ImageWidth Denial of Service Vulnerability (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripOffsets Improper Memory Acces (13.01.2006)
 documentFortinet Research, [VulnWatch] Fortinet Advisory - Apple QuickTime Player StripByteCounts Buffer Overflow Vulnerability (13.01.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-011A -- Apple QuickTime Vulnerabilities (12.01.2006)
 documentEEYE, [EEYEB-20051117A] Apple QuickTime STSD Atom Heap Overflow (12.01.2006)
 documentEEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006)
 documentEEYE, [EEYEB-20051220] Apple QuickTime QTIF Stack Overflow (12.01.2006)
 documentEEYE, [EEYEB-20051117B] Apple iTunes (QuickTime.qts) Heap Overflow (12.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod