Sukria backup manager weak repository permissions updated since 10.06.2005
Published:		12.07.2005
Source:		SECUNIA
SecurityVulns ID:		4876
Type:		local
Level:		5/10
Description:		Repository is world readable. Insecure temporary files creation.

Affected:

SUKRIA : Backup Manager 0.5

Original document		SECUNIA, [SA15989] Backup Manager Unspecified Insecure Temporary File Creation (12.07.2005)
		SECUNIA, [SA15615] Backup Manager Exposure of Archive Repository (10.06.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple McAffee Intrushield IPS (intrusion prevention system) vulnerabilities updated since 07.07.2005
Published:		12.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		4965
Type:		remote
Level:		5/10
Description:		Multiple web interface vulnerabilities including crosssite scripting and privilege escalation.

Affected:		MCAFEE : IntruShield 4010
		MCAFEE : IntruShield 4000
		MCAFEE : IntruShield 3000
		MCAFEE : IntruShield 2700
		MCAFEE : IntruShield 1400
		MCAFEE : IntruShield 1200

Original document		AsTriXs, McAfee Intrushield IPS Abuse Update is available (12.07.2005)
		c0ntexb_(at)_gmail.com, McAfee Intrushield IPS Abuse (07.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Hardware Cisco IP phones SIP messages spoofing updated since 07.07.2005
Published:		12.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		4966
Type:		remote
Level:		5/10
Description:		Due to insufficient data validation an attacker can send Messages-Waiting message to phone.

Affected:		CISCO : Cisco 7940
		CISCO : Cisco 7960

Original document

Tobias Glemser, VoIP-Phones: Weakness in proccessing SIP-Notify-Messages (07.07.2005)

Files:		Notify Message Spoofing Vulnerability With VoIP Phones Exploit
Discuss:		Read or add your comments to this news (1 comments)

Squid proxy server DNS reply spoofing
Published:		12.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		4979
Type:		remote
Level:		6/10
Description:		Blind DNS server reply spoofing is possible.

Affected:

SQUID : squid 2.5

Original document

DEBIAN, [SECURITY] [DSA 751-1] New squid packages fix IP spoofing vulnerability (12.07.2005)

Discuss:

Read or add your comments to this news (2 comments)

Microsoft IIS RCP/Encoded SOAP services DoS
Published:		12.07.2005
Source:		FULL-DISCLOSURE
SecurityVulns ID:		4982
Type:		client
Level:		5/10
Description:		Infinite loop on complex arrey parsing.

Affected:

MICROSOFT : Windows 2003 Server

Original document

SPI Labs, [Full-disclosure] ASP.NET RCP/Encoded Web service DOS (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

xpvm symbolic links problem
Published:		12.07.2005
Source:		SECUNIA
SecurityVulns ID:		4985
Type:		local
Level:		5/10
Description:		Symbolic links problem in xpvm.tcl during temporary files creation.

Affected:

XPVM : xpvm 1.2

Original document

SECUNIA, [SA16040] xpvm "xpvm.tcl" Insecure Temporary File Creation (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple Cisco Call Manager vulnerabilities updated since 12.07.2005
Published:		12.07.2005
Source:		FULL-DISCLOSURE
SecurityVulns ID:		4987
Type:		remote
Level:		6/10
Description:		Memory corruptions, memory leaks and DoS.

Affected:		CISCO : Cisco CallManager 3.2
		CISCO : Cisco CallManager 3.3
		CISCO : Cisco CallManager 4.0
		CISCO : Cisco CallManager 4.1

Original document		Vicky Ames, [Full-disclosure] PatchAdvisor Vulnerability Alert - Cisco CallManager Remote Denial of Service Vulnerability (20.07.2005)
		X-FORCE, ISS Protection Brief: Cisco VoIP Call Manager Remote Compromise (13.07.2005)
		CISCO, [Full-disclosure] Cisco Security Advisory: Cisco CallManager Memory Handling Vulnerabilities (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

dhcpcd DHCP client DoS
Published:		12.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		4980
Type:		remote
Level:		5/10
Description:		Size conformance between datagrame size and data size is not controlled.

Affected:

DHCPCD : dhcpcd 1.3

Original document

DEBIAN, [SECURITY] [DSA 750-1] New dhcpcd packages fix denial of service (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

MMS Ripper Microsoft Media Services streams buffer overflow
Published:		12.07.2005
Source:		SECUNIA
SecurityVulns ID:		4984
Type:		client
Level:		5/10
Description:		Heap overflow on MMST stream ID parsing.

Affected:

MMSRIP : MMS Ripper 0.6

Original document

SECUNIA, [SA15987] MMS Ripper MMST Streams Buffer Overflow Vulnerability (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

SMS symbolic links problem
Published:		12.07.2005
Source:		SECUNIA
SecurityVulns ID:		4986
Type:		local
Level:		5/10
Description:		Symbolic links problem during insecure tamporary files creation in mpl.sh.

Affected:

SMS : SMS 1.9

Original document

SECUNIA, [SA16038] SMS "mpl.sh" Insecure Temporary File Creation (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Linux kernel ia32 compatibility for 64 bit platforms race condtions
Published:		12.07.2005
Source:		BUGTRAQ
SecurityVulns ID:		4981
Type:		local
Level:		6/10
Description:		Race conditions with heap memory corruption in execve() syscall.

Affected:

LINUX : kernel 2.6

Original document

advisories, [ Suresec Advisories ] - Linux kernel ia32 compatibility (ia64/x86-64) race condition (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)

Multiple NateOn Messenger vulnerabilities updated since 12.07.2005
Published:		29.09.2005
Source:		FULL-DISCLOSURE
SecurityVulns ID:		4983
Type:		remote
Level:		5/10
Description:		Directory listing leakage, DoS.

Affected:

NATEON : NateOn Messenger 3.0

Original document		saintlinu, [Full-disclosure] [NRVA05-08] - Arbitrary file download by NateOn Messagener's ActiveX and DoS (29.09.2005)
		saintlinu, [Full-disclosure] NateOn Messenger Version 3.0 Directory listing vulnerability (12.07.2005)

Discuss:

Read or add your comments to this news (0 comments)