UTStarcom iAN-02EX ATA (VoIP Analog Terminal Adaptor) defaul password unauthorized access Published: 14.03.2005 Source: SECURITEAM SecurityVulns ID: 4574 Type: remote Level: 5/10 Description: Access from WAN network with default password. Affected: UTSTARCOM : iAN-02EX Original document SECURITEAM , [NEWS] UTStarcom's iAN-02EX Remote Access Vulnerability (14.03.2005 )
OpenSLP (Service Location Protocol) buffer overflow Published: 14.03.2005 Source: BUGTRAQ SecurityVulns ID: 4576 Type: remote Level: 5/10 Description: Multiple buffer overflow on SLP packets parsgin. Affected: OPENSLP : OpenSLP 1.1 Original document SUSE , [Full-disclosure] SUSE Security Announcement: openslp (SUSE-SA:2005:015) (14.03.2005 )
Multiple Ehereal sniffer bugs Published: 14.03.2005 Source: BUGTRAQ SecurityVulns ID: 4565 Type: remote Level: 5/10 Description: Buffer overflow during parsing of CDMA 2000 RADIUS authentication. Buffer overflow on IAPP parsing. Affected: ETHEREAL : Ethereal 0.10 Original document LSS Security , Ethereal remote buffer overflow #2 (14.03.2005 ) LSS Security , Ethereal remote buffer overflow (09.03.2005 )
PlatinumFTP FTP Server format string vulnerability Published: 17.03.2005 Source: BUGTRAQ SecurityVulns ID: 4572 Type: remote Level: 5/10 Description: Format string bug in username during FTP authentication. Affected: ROBOSHAREWARE : PlatinumFTP 1.0 Original document c0d3r_(at)_ihsteam.com , PlatinumFTPserver format string vulnerability ( IHSTeam ) (17.03.2005 ) Ramon Kukla , PlatinumFTP 1.0.18 remote DoS (14.03.2005 )
PHP, ASP, CGI web applications security vulnerabilities Published: 20.03.2005 Source: SecurityVulns ID: 4573 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, etc. Affected: PHPBB : phpBB 2.0 MCNEWS : mcNews 1.3 PHORUM : Phorum 5.0 PHPMYADMIN : phpMyAdmin 2.6 PHPADSNEW : phpAdsNew 2.0 ASPJAR : ASPJar 1.0 CYCLADES : AlterPath Manager 1.2 PHPFUSION : PHP-Fusion 5.01 PHPWEBLOG : phpWebLog 0.5 HOLACMS : Hola CMS 1.4 SIMPGB : SimpGB 1.35 PABOX : pabox 2.0 YABB : YaBB 2 ZPANEL : ZPanel 2.0 VOTEBOX : VoteBox 2.0 IBM : WebSphere Commerce 5.6 PHPOPENCHAT : PhpOpenChat 3.0 ASPRESS : ACS Blog 1.1 MYPHP : MyPHP Forum 1.0 MYPHP : MyPHP Forum 2.0 MYPHP : MyPHP Forum 3.0 SUBDREAMER : Subdreamer 1.1 RUNCMS : Runcms 1.1 NOTIFYLINK : NotifyLink 2.0 PHPMYFAMILY : phpmyfamily 1.4 CIAMOS : Ciamos 0.9 CVE: CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.) CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the body parameter to templates/ZPanelV2/template.php or (2) the page parameter to zpanel.php. NOTE: the zpanel.php vector may overlap CVE-2005-0793.2. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.) CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter.) Original document Pedram hayati , [PersianHacker.NET 200503-10]PHP-Fusion v5.01 Html Injection Vulnerability (20.03.2005 ) Majid NT , Ciamos Highlight.php Security Hole(IHS) (20.03.2005 ) Majid NT , Ciamos Installation path(IHS) (20.03.2005 ) kreon , phpMyFamily 1.4.0 SQL vulnerabilities (20.03.2005 ) SECUNIA , [SA14617] NotifyLink Enterprise Server Multiple Vulnerabilities (19.03.2005 ) Terencentanio Enache , PHP-Post Exploit (19.03.2005 ) Majid NT , runcms highlight.php hole (19.03.2005 ) Majid NT , runcms installation path (19.03.2005 ) foster_(at)_ghc.ru , possible SQL injection in Subdreamer (19.03.2005 ) Terencentanio Enache , myPHP Forum v1, 2 & 3 (18.03.2005 ) Pedram hayati , [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability (18.03.2005 ) Jonathan Whiteley , PHP mcNews arbitrary file inclusion (18.03.2005 ) farhad koosha , XSS in ACS blog (18.03.2005 ) SECUNIA , [SA14600] PHPOpenChat "sourcedir" File Inclusion Vulnerability (17.03.2005 ) SECUNIA , [SA14599] phpMyAdmin "_" Wildcard Permissions Security Bypass (17.03.2005 ) SECURITEAM , [UNIX] Multiple Vulnerabilities in phpWebLog (Cross Site Scripting, File Inclusion) (17.03.2005 ) farhad koosha , ASPjar Tell-a-Friend (17.03.2005 ) SECUNIA , [SA14589] WebSphere Commerce Private Information Disclosure (16.03.2005 ) SECUNIA , [SA14577] VoteBox "VoteBoxPath" File Inclusion Vulnerability (16.03.2005 ) Virginity Security , Virginity Security Advisory 2005-002 : Hola CMS - Another File destruction and System access (16.03.2005 ) Mik- , Few remote bugs in zPanel (16.03.2005 ) pureone , phpbb cookie admin access (16.03.2005 ) bad boy , phpbb <= 2.0.12 uid vuln + admin_styles.php php code injection exploit (16.03.2005 ) WoRmZ Web , html code include in phpnuke news crash IE 6 (16.03.2005 ) alireza hassani , YaBB2 rc1 XSS (16.03.2005 ) Maksymilian Arciemowicz , [SECURITYREASON.COM] phpAdsNew 2.0.4-pr1 Multiple vulnerabilities cXIb8O3.9 (16.03.2005 ) Jon Oberheide , 3 XSS Vulnerabilities in Phorum <= 5.0.14 (16.03.2005 ) Rift , [XSS] paBox 2.0 (16.03.2005 ) Alexander Müller , SimpGB SQL Injection Vulnerability (16.03.2005 ) SECUNIA , [SA14580] aeNovo Database Disclosure of Sensitive Information (14.03.2005 ) Jon Oberheide , [Full-disclosure] 3 XSS Vulnerabilities in Phorum <= 5.0.14 (14.03.2005 ) SECURITEAM , [NEWS] AlterPath Manager Information Multiple Vulnerabilities (14.03.2005 )
Wine Windows Windows on Unix emulator symbolic links problem Published: 09.08.2005 Source: FULL-DISCLOSURE SecurityVulns ID: 4575 Type: local Level: 5/10 Description: Unsafe temporary files creation.
