Search:Vulnerability:14.11.2005 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Real player media player multiple buffer overflow
updated since 11.11.2005
Published: 14.11.2005
Source: BUGTRAQ
SecurityVulns ID: 5443
Type: client
Level: 6/10
Description: Buffer overflows on parsing .rm streams and skin files.

Affected: REAL : RealPlayer 8
REAL : RealPlayer 10
REAL : RealOne Player 2
REAL : RealOne Player 1
REAL : RealPlayer 10.5
REAL : Helix Player 10.0

Original document NGSSoftware Insight Security Research, High Risk Flaw in RealPlayer (14.11.2005)

EEYE, [EEYEB-20050701] - RealPlayer Zipped Skin File Buffer Overflow II (11.11.2005)

EEYE, [EEYEB-20050510] - RealPlayer Data Packet Stack Overflow (11.11.2005)

Discuss: Read or add your comments to this news (0 comments)

VERITAS Cluster Server for UNIX buffer overflow
updated since 10.11.2005
Published: 14.11.2005
Source: BUGTRAQ
SecurityVulns ID: 5435
Type: local
Level: 6/10
Description: Buffer overflow in 'ha' suid utility on environment variables parsing.

Affected: VERITAS : VERITAS Storage Foundation Cluster File System 4.0
VERITAS : VERITAS SANPoint Control Quickstart 3.5
VERITAS : VERITAS Storage Foundation For DB2 1.0
VERITAS : VERITAS Storage Foundation For DB2 4.0
VERITAS : VERITAS Storage Foundation for Oracle 3.0
VERITAS : VERITAS Storage Foundation for Oracle 3.5
VERITAS : VERITAS Storage Foundation for Oracle 4.0
VERITAS : VERITAS Storage Foundation for Sybase 4.0
VERITAS : VERITAS Storage Foundation for UNIX 2.2
VERITAS : VERITAS Storage Foundation for UNIX 3.4
VERITAS : VERITAS Storage Foundation for UNIX 3.5
VERITAS : VERITAS Storage Foundation for UNIX 4.0
VERITAS : VERITAS Cluster Server 2.2
VERITAS : VERITAS Cluster Server 3.5
VERITAS : VERITAS Cluster Server 4.0

Original document Kevin Finisterre, [Full-disclosure] DMA[2005-1112a] - 'Veritas Storage Foundation VCSI18N_LANG buffer overflow' (14.11.2005)

SECUNIA, [SA17502] VERITAS Cluster Server for UNIX Buffer Overflow Vulnerability (10.11.2005)

Discuss: Read or add your comments to this news (0 comments)

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
updated since 14.11.2005
Published: 20.11.2005
Source:
SecurityVulns ID: 5446
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected: XMB : XMB 1.9
HORDE : Horde 2.2
PHPADSNEW : phpAdsNew 2.0
MYBB : MyBB 1.0
PHPMYFAQ : phpMyFAQ 1.5
CLASS1 : Class-1 0.24
XOOPS : XOOPS 2.2
UNCLASSIFIED : Unclassified NewsBoard 1.5
PHPNUKE : PHP-Nuke 7.8
CYPHOR : Cyphor 0.19
PHPWEBTHINGS : PHPWebthings 1.4
3CFR : 3CFR
PEEL : PEEL 2.6
PEEL : PEEL 2.7
COGILENT : iCMS
PHPSYSINFO : phpSysInfo 2.4
CODEGRRL : PHPCalendar 1.0
CODEGRRL : PHPClique 1.0
CODEGRRL : PHPCurrently 2.0
CODEGRRL : PHPFanBase 2.1
CODEGRRL : PHPQuotes 1.0
POLLVOTE : PollVote
FIPSCMS : fipsCMS
EKINBOARD : EKINboard 1.0
MIDICART : MIDICART
WALLA : Walla TeleSite 3.0
WIZZCOMPUTERS : Wizz Forum 1.20
PHPMYADMIN : phpmyadmin 2.7
ACID : ACID 0.9
PHPWCMS : phpwcms 1.2
ALSTRASOFT : Template Seller Pro 3.25
ALSTRASOFT : Affiliate Network Pro 7.2
PHPGEN : PHP GEN 1.2
HELPCENTERLIVE : Help Center Live 2.0
WHMAUTOPILOT : WHM AutoPilot 2.5
CLASS1 : class-1 Poll 0.4
INTERSPIRE : ArticleLive NX 0.3
ARKIDB : Arki-DB 1.0
REVIZECMS : Revize CMS 4.0
URESK : Uresk Links 2.0
EAZYCMS : eazyCMS 2
MAGICWINMAIL : Winmail Server 4.2
VPASP : VP-ASP Shopping Cart 5.50
PHPCOMASY : phpComasy 0.7
EXOSCRIPTS : ExoPHPDesk 1.2
CVE: CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka MyBulletinBoard) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field, a different vector than CVE-2006-2949.)

Original document group_(at)_soulblack.com.ar, [Full-disclosure] ExoPHPDesk is helpdesk written in PHP/SQL. (20.11.2005)

tk_(at)_trapkit.de, [TKADV2005-11-004] Multiple Cross Site Scripting vulnerabilities in phpMyFAQ (20.11.2005)

r0t, phpComasy "id" SQL Injection Vulnerability (20.11.2005)

document SECUNIA, [SA17614] Unclassified NewsBoard "DateFrom" SQL Injection Vulnerability (18.11.2005)

SECUNIA, [SA17602] VP-ASP Shopping Cart "UserName" Cross-Site Scripting Vulnerability (18.11.2005)

SECUNIA, [Full-disclosure] Secunia Research: Winmail Server Multiple Vulnerabilities (18.11.2005)

document r0t, eazyCMS "page_id" SQL Injection Vulnerability (18.11.2005)

SECUNIA, [SA17625] Uresk Links Missing Administration Authentication (18.11.2005)

SECUNIA, [SA17627] Arki-DB "catid" SQL Injection Vulnerability (18.11.2005)

alireza hassani, [KAPDA::#13] - XMB HTML Injection & Path Disclosure. (18.11.2005)

document SECUNIA, [SA17585] Interspire ArticleLive NX "Query" SQL Injection Vulnerability (17.11.2005)

r0t, class-1 Poll Software Multiple SQL Injection Vulnerabilities. (17.11.2005)

r0t, Multiple SQL Injection Vulnerabilities in class-1 Forum Software (v 0.24.4) (17.11.2005)

Agna Zilchi, [Full-disclosure] WMH AutoPilot: Unauthorized hosting account cancellation request (17.11.2005)

document SECUNIA, [SA17580] Help Center Live "file" Local File Inclusion Vulnerability (16.11.2005)

SECUNIA, [SA17582] AudienceView "TSerrorMessage" Cross-Site Scripting Vulnerability (16.11.2005)

SECUNIA, [SA17560] PHP GEN Cross-Site Scripting Vulnerabilities (16.11.2005)

bad boy, [Full-disclosure] mambo remote code sexecution (16.11.2005)

document sp3x_(at)_securityreason.com, Critical SQL Injection PHPNuke <= 7.8 (16.11.2005)

r.verton_(at)_gmail.com, Affiliate Network Pro v7.2 SQL Injections, Arbitrary code execution, XSS (16.11.2005)

r.verton_(at)_gmail.com, Template Seller Pro 3.25 (16.11.2005)

Steve, PHPWCMS - Directory traversal vulnerability,CSS attack (16.11.2005)

document SECUNIA, [SA17552] ACID Cross-Site Scripting and SQL Injection Vulnerabilities (15.11.2005)

Toni Koivunen, [Full-disclosure] [FS-05-02] Multiple vulnerabilities in phpMyAdmin (15.11.2005)

bhs_team_(at)_yahoo.com, 1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin (15.11.2005)

document s2b_(at)_hotmail.com, Multible Sql injections in Wizz Forum (15.11.2005)

sinneR, Walla TeleSite Multiple Vulnerabilities (15.11.2005)

s2b_(at)_hotmail.com, Cyphor (Release: 0.19) Sql injection (15.11.2005)

crazy frog, Midicart sql injection (15.11.2005)

Preben Nylokken, [KAPDA::#12] - ekinboard XSS and HTML Injection (15.11.2005)

document Preben Nylokken, fipsCMS light - vulnerable to script injection. (15.11.2005)

retrogod_(at)_aliceposta.it, XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads module v 2.05 SQL Injection (15.11.2005)

r.verton_(at)_gmail.com, PHPCalendar (and some more codegrrl.com products) arbitrary code execution (15.11.2005)

document stormhacker_(at)_hotmail.com, PollVote Remote File Inclusion (15.11.2005)

August Christopher, Multiple Bugs in MyBB 1.0 PR2 Rev 686(Updated Nov 1, 2005) (15.11.2005)

A.1.M_(at)_Hotmail.com, SQL injection in phpWebThing 1.4.4 (15.11.2005)

Sieg Fried, ZRCSA-200502 - phpAdsNew SQL Injection Vulnerabilities (15.11.2005)

document SECUNIA, [SA17542] CodeGrrl Products "siteurl" File Inclusion Vulnerability (14.11.2005)

SECUNIA, [SA17468] Horde Error Messages Cross-Site Scripting Vulnerability (14.11.2005)

Christopher Kunz, [Full-disclosure] Advisory 22/2005: Multiple vulnerabilities in phpSysInfo (14.11.2005)

document r0t, iCMS Remote File Include Vulnerability (14.11.2005)

r0t, PEEL 2.x sql injection (14.11.2005)

r0t, Sql injection in 3CFR (14.11.2005)

Files: XOOPS WF_Downloads Module v 2.05 SQL injection Admin credentials disclosure & remote commands execution all-in-one exploit
Wizz Forum SQL Injection Exploit
Discuss: Read or add your comments to this news (0 comments)

Multiple OSs, routers and firewalls IPSec ISAKMP IKE DoS
updated since 14.11.2005
Published: 11.12.2005
Source: FULL-DISCLOSURE
SecurityVulns ID: 5447
Type: remote
Level: 6/10
Description: Multiple vulnerabilities detected with PROTOS IPSec security scanner.

Affected: HP : HP-UX 11.00
CISCO : IOS 12.2
HP : HP-UX 11.11
ORACLE : Solaris 9
CISCO : PIX 6.3
CISCO : IOS 12.3
ORACLE : Solaris 10
CISCO : Cisco VPN 3000
HP : HP-UX 11.23
CHECKPOINT : VPN-1 R54
CHECKPOINT : VPN-1 R55
SYMANTEC : Symantec Enterprise Firewall 8.0
CHECKPOINT : Firewall-1 R55
JUNIPER : JunOS 5.2
JUNIPER : JunOS 5.3
JUNIPER : JunOS 7.0
SYMANTEC : Symantec Firewall Appliance 200
SYMANTEC : Symantec VPN Appliance 200
CISCO : IOS 12.4
SCO : OpenServer 6.0
CISCO : PIX 7.0
CISCO : FWSM 2.3
CISCO : SanOS 2.1
SECGO : Secgo Crypto IP Gateway 3.2
SECGO : Secgo Crypto IP Gateway 3.1
SECGO : Secgo Crypto IP Gateway 3.0
SECGO : Secgo Crypto IP Gateway 2.3
SECGO : Secgo Crypto IP Client 2.3
SECGO : Secgo Crypto IP Client 3.0
SECGO : Secgo Crypto IP Client 3.1
SECGO : Secgo Crypto IP Client 3.2
JUNIPER : JunOS 6.0
JUNIPER : JunOS 6.1
JUNIPER : JunOS 7.1
STONEGATE : StoneGate Firewall 2.6
STONEGATE : StoneGate VPN Client 2.6
OPENSWAN : Openswan 2.4
NORTEL : Nortel Switched Firewall 5000
NORTEL : Nortel Switched Firewall 5100
NORTEL : Nortel Switched Firewall 6000
HP : Jetdirect 635n
CHECKPOINT : Firewall-1 R54
CHECKPOINT : VPN-1 Pro NGX R60
CHECKPOINT : Check Point Express CI R57
CHECKPOINT : Firewall-1 GX 3.0
SYMANTEC : Symantec Gateway Security 400
SYMANTEC : Symantec Gateway Security 300
SYMANTEC : Symantec Gateway Security 5100
SYMANTEC : Symantec Gateway Security 5200
SYMANTEC : Symantec Gateway Security 5300
SYMANTEC : Symantec Gateway Security 5310
SYMANTEC : Symantec Gateway Security 5400
SYMANTEC : Symantec Gateway Security 5000
SYMANTEC : Symantec Firewall Appliance 100
SYMANTEC : Symantec VPN Appliance 100
IPSECTOOLS : IPsec-Tools 0.6
CLAVISTER : Clavister Firewall 8.30
CLAVISTER : Clavister Security Gateway 8.40
CLAVISTER : Clavister Security Gateway 8.50
CLAVISTER : Clavister Security Gateway 8.60
APANI : EpiForce 1.9

Original document mkuch_(at)_apani.com, Apani Network Response to ISAKMP cert-fi:7710 Alert (11.12.2005)

SCO, [Full-disclosure] SCOSA-2005.52 OpenServer 6.0.0 : KAME Racoon Daemon Denial of Service Vulnerability (28.11.2005)

SECUNIA, [SA17663] Clavister Products ISAKMP IKE Message Processing Denial of Service (24.11.2005)

document SECUNIA, [SA17668] IPsec-Tools ISAKMP IKE Message Processing Denial of Service (23.11.2005)

SECUNIA, [SA17684] Symantec Firewall/VPN/Gateway ISAKMP Message Processing Denial of Service (23.11.2005)

SECUNIA, [SA17621] Check Point Firewall/VPN ISAKMP IKE Message Processing Denial of Service (17.11.2005)

document HP, [security bulletin] SSRT5979 - HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) Remote Denial of Service (DoS) (17.11.2005)

HP, [security bulletin] SSRT5979 - HP-UX Running IPSec Remote Denial of Service (DoS) (17.11.2005)

SECUNIA, [SA17608] Nortel Switched Firewall ISAKMP IKE Message Processing Denial of Service (16.11.2005)

document SECUNIA, [SA17554] Sun Solaris in.iked ISAKMP IKE Message Processing Denial of Service (15.11.2005)

SECUNIA, [SA17581] Openswan ISAKMP IKE Message Processing Denial of Service (15.11.2005)

SECUNIA, [SA17566] StoneGate Firewall and VPN ISAKMP IKE Message Processing Denial of Service (15.11.2005)

document SECUNIA, [SA17568] Juniper JUNOS/JUNOSe ISAKMP IKE Message Processing Denial of Service (15.11.2005)

SECUNIA, [SA17567] Secgo Crypto IP Gateway/Client ISAKMP IKE Message Processing Vulnerability (15.11.2005)

SECUNIA, [SA17553] Cisco ISAKMP IKE Message Processing Denial of Service (15.11.2005)

document CISCO, [Full-disclosure] Cisco Security Advisory: Multiple Vulnerabilities Found by PROTOS IPSec Test Suite (14.11.2005)

Discuss: Read or add your comments to this news (0 comments)

mailman mailing lists processor DoS
updated since 14.11.2005
Published: 16.01.2006
Source: BUGTRAQ
SecurityVulns ID: 5448
Type: remote
Level: 5/10
Description: Scrubber.py fails to process attachment with UTF-8 character in the name and messages with large numbers in dates.

Affected: GNU : Mailman 2.1

Original document UBUNTU, [Full-disclosure] [USN-242-1] mailman vulnerabilities (16.01.2006)

SECUNIA, [SA17511] Mailman Attachment Filename Scrubbing Denial of Service (14.11.2005)

Discuss: Read or add your comments to this news (0 comments)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server