Computer Security

Search:Vulnerability:12.07.2006
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Finjan Appliance cleartext password
Published:12.07.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6367
Type:local
Level:5/10
Description:ps.fdb.bak file contains Firebird database server password.
Affected:FINJAN : Finjan Appliance 5100
 FINJAN : Finjan Appliance 8100 NG
Original documentdocumentfinde_schwachstelle_(at)_gmx.net, [Full-disclosure] [SECURITY] Plain text password in Finjan Appliance 5100/8100 NG backup file (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)

Microsoft Office buffer overflow
updated since 08.07.2006
Published:12.07.2006
Source:BUGTRAQ
SecurityVulns ID:6345
Type:remote
Level:8/10
Description:Buffer overflow in mso.dll LsCreateLine function. Buffer overflow on image formats parsing.
Affected:MICROSOFT : Office 2000
 MICROSOFT : Office XP
 MICROSOFT : Office 2003
Original documentdocumentNSFOCUS, [VulnWatch] NSFOCUS SA2006-04 : Microsoft Office GIF Filter Buffer Overflow Vulnerability (12.07.2006)
 documentSYMANTEC, SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability (11.07.2006)
 documentMICROSOFT, SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability (11.07.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384) (11.07.2006)
 documentMICROSOFT, Microsoft Security Bulletin MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284) (11.07.2006)
Files:Exploits Microsoft Word unchecked boundary condition vulnerability
 Microsoft Security Bulletin MS06-039 Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)
 Microsoft Security Bulletin MS06-038 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)
Discuss:Read or add your comments to this news (0 comments)

Linux cored ump files privilege escalation
Published:12.07.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6365
Type:local
Level:7/10
Description:Application can create coredump file in any directory by setting rlimits.
Affected:LINUX : kernel 2.6
Original documentdocumentRoman Medina, [Full-disclosure] Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 ) (12.07.2006)
 documentRPATH, [Full-disclosure] rPSA-2006-0122-1 kernel (12.07.2006)
 documentPaul Starzetz, [Full-disclosure] Re: rPSA-2006-0122-1 kernel (12.07.2006)
Files:Linux Kernel 2.6.x PRCTL Core Dump Handling - Local r00t Exploit ( BID 18874 / CVE-2006-2451 )
Discuss:Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:12.07.2006
Source:
SecurityVulns ID:6366
Type:remote
Level:5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:ZOPE : Zope 2.8
 ZOPE : zope 2.7
 HIVEMAIL : HiveMail 1.3
 FSCRIPTS : Fantastic Guestbook 2.0
 FATWIRE : FatWire Content Server 5.5
 FUJITSU : ServerView 3.60
 FUJITSU : ServerView 4.20
 DRUPAL : Drupal webform Module 4.6
 DRUPAL : Drupal webform Module 4.7
 ZOPE : Zope 2.9
Original documentdocumentSECUNIA, [SA20988] Zope reStructuredText "raw" Directive Information Disclosure (12.07.2006)
 documentSECUNIA, [SA21021] Drupal webform Module Script Insertion Vulnerabilities (12.07.2006)
 documentSECUNIA, [SA20993] HiveMail Cross-Site Scripting and SQL Injection Vulnerabilities (12.07.2006)
 documentSECUNIA, [SA21011] ServerView Cross-Site Scripting and Directory Traversal (12.07.2006)
 documentlabs_(at)_s21sec.com, [Full-disclosure] S21Sec-032-en: Vulnerability in Fatwire Content Server (12.07.2006)
 documentomnipresent_(at)_email.it, Fantastic Guestbook v2.0.1 Advisory (12.07.2006)
 documentomnipresent_(at)_email.it, Fantastic Guestbook v2.0.1 Advisory (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)

Cisco Router Web Setup weak default security settings
Published:12.07.2006
Source:BUGTRAQ
SecurityVulns ID:6368
Type:remote
Level:5/10
Description:By default it's possible to access IOS Web interface without authentication with highest access security level.
Affected:CISCO : Cisco Router Web Setup 3.3
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Cisco Router Web Setup Ships with Insecure Default IOS Configuration (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)

Cisco Intrusion Prevention System DoS
Published:12.07.2006
Source:FULL-DISCLOSURE
SecurityVulns ID:6370
Type:remote
Level:6/10
Description:Device failure on malformed network packet.
Affected:CISCO : IDS-4235
 CISCO : IPS-4240
 CISCO : IDS-4250
 CISCO : IPS-4255
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Cisco Intrusion Prevention System Malformed Packet Denial of Service (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)

Multiple Cisco Unified CallManager security vulnerabilities
Published:12.07.2006
Source:BUGTRAQ
SecurityVulns ID:6369
Type:remote
Level:6/10
Description:Multiple vulnerabilities with Command Line Interface and SIP protocol processing.
Affected:CISCO : Cisco Unified CallManager 5.0
Original documentdocumentCISCO, [Full-disclosure] Cisco Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)

eBay Enhanced Picture Services buffer overflow
Published:12.07.2006
Source:SECUNIA
SecurityVulns ID:6372
Type:remote
Level:5/10
Affected:EBAY : eBay Enhanced Picture Services ActiveX Control 1.0
Original documentdocumentSECUNIA, [SA20969] eBay Enhanced Picture Services ActiveX Control Buffer Overflow (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)

Ruby Safe Level security bypass
updated since 12.07.2006
Published:04.08.2006
Source:SECUNIA
SecurityVulns ID:6371
Type:library
Level:5/10
Description:"alias" can be exploited to replace safe function, directory access protection bypass. Few potentially dangerous methods are not limited.
Affected:RUBY : Ruby 1.6
 RUBY : Ruby 1.8
Original documentdocumentDEBIAN, [SECURITY] [DSA 1139-1] New ruby1.6 packages fix privilege escalation (04.08.2006)
 documentSECUNIA, [SA21009] Ruby Safe Level Security Bypass Vulnerabilities (12.07.2006)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru