Old FreeBSD versions ECCEflag ipfw protection bypass
Published:		13.04.2004
Source:		SECURITEAM
SecurityVulns ID:		3597
Type:		remote
Level:		5/10
Description:		ACK packets with ECE flags bypass filtering.

Original document

SECURITEAM, [EXPL] IPFW ECE Firewall Bypassing Exploit (13.04.2004)

Files:		IPFW ECE Firewall Bypassing Exploit
Discuss:		Read or add your comments to this news (0 comments)

linux threaded processes DoS
Published:		13.04.2004
Source:		BUGTRAQ
SecurityVulns ID:		3598
Type:		local
Level:		5/10
Description:		SIGRT_1 signal can be delivired to application causing invalid handling of child threads termination.

Affected:		LINUX : kernel 2.4
		LINUX : kernel 2.6

Original document

Nikita V. Youshchenko, Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow. (13.04.2004)

Discuss:

Read or add your comments to this news (0 comments)

Citadel/UX weak permissions
Published:		13.04.2004
Source:		BUGTRAQ
SecurityVulns ID:		3599
Type:		local
Level:		5/10
Description:		Messageboxes are world readable.

Affected:

CITADEL : Citadel/UX 6.14

Original document

CITADEL, Citadel/UX 6.20 fixes local permissions vulnerability (13.04.2004)

Discuss:

Read or add your comments to this news (0 comments)

asleap - offline LEAP authentication hacking
Published:		13.04.2004
Source:		BUGTRAQ
SecurityVulns ID:		3600
Type:		m-i-t-m
Level:		5/10
Description:		MS-CHAP (NTLM) vulnerability allows offline passwords attacks.

Original document		CISCO, UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability (13.04.2004)
		Joshua Wright, Release of Cisco Attack tool Asleap (13.04.2004)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs updated since 13.04.2004
Published:		17.04.2004
Source:
SecurityVulns ID:		3601
Type:		remote
Level:		5/10

Affected:		TUTOS : Tutos 1.1
		NPHP : newsPHP 216
		POSTNUKE : PostNuke 0.726
		TIKIWIKI : TikiWiki 1.8
		PHPNUKE : PHP-Nuke 7.2
		SCT : Campus Pipeline
		ISESAM : gemitel 3
		NUKEDKLAN : Nuked-KlaN 1.4
		NUKEDKLAN : Nuked-KlaN 1.5

Original document		Security Corporation Security Advisory, [SCSA-028] Nuked-Klan Multiple Vulnerabilities (17.04.2004)
		jaguar, Include vulnerability in GEMITEL v 3.50 (16.04.2004)
		spiffomatic 64, SCT javascript execution vulnerability (16.04.2004)
		pokleyzz, [Full-Disclosure] [SCAN Associates Sdn Bhd Security Advisory] Postnuke v 0.726 and below SQL injection (15.04.2004)
		SECURITEAM, [UNIX] Multiple Vulnerabilities in NewsPHP (Admin Privileges, File Upload, XSS) (14.04.2004)
		François SORIN, [KSA-005] Multiple vulnerabilities in Tutos (14.04.2004)
		Janek Vind, [waraxe-2004-SA#016 - Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3] (13.04.2004)
		Janek Vind, [waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2] (13.04.2004)
		Janek Vind, [waraxe-2004-SA#017 - User-level authentication bypass in phpnuke 6.x-7.2] (13.04.2004)
		JeiAr, Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ] (13.04.2004)

Discuss:

Read or add your comments to this news (0 comments)

X-Micro WLAN backdoor account updated since 13.04.2004
Published:		17.04.2004
Source:		BUGTRAQ
SecurityVulns ID:		3595
Type:		remote
Level:		5/10
Description:		Built-in account 'super' wirh password 'super' or '1502' with password '1502'.

Affected:

XMICRO : X-Micro WLAN 11b Broadband Router

Original document		RISKO Gergely, [Full-Disclosure] NEW backdoor in X-Micro WLAN 11b Broadband Router (17.04.2004)
		RISKO Gergely, Backdoor in X-Micro WLAN 11b Broadband Router (13.04.2004)

Discuss:

Read or add your comments to this news (0 comments)