Search:Vulnerability:15.12.2003 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

CVS directory traversal
updated since 15.12.2003
Published: 15.11.2003
Source: BUGTRAQ
SecurityVulns ID: 3312
Type: remote
Level: 5/10

Affected: CVS : cvs 1.11

Original document MANDRAKE, MDKSA-2003:112-1 - Updated cvs packages fix malformed module request vulnerability (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)

ltftp buffer overflow
Published: 15.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3313
Type: client
Level: 5/10
Description: Buffer overflow on 'ls' reply.

Affected: LFTP : lftp 2.6
LFTP : lftp 2.3
LFTP : lftp 2.4

Original document Härnhammar, Ulf, [Full-Disclosure] lftp buffer overflows (15.12.2003)

Files: LFTP Remote Stack-Based Overflow exploit
Discuss: Read or add your comments to this news (0 comments)

Doro privilege escalation
Published: 15.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3314
Type: local
Level: 5/10
Description: It's possible to access any file or pipe with local system privileges.

Affected: DORO : Doro

Original document Ramon Kukla, [Full-Disclosure] Get admin rights using Doro (pdf creator) (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)

Cisco PIX multiple bugs
Published: 15.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3315
Type: remote
Level: 5/10
Description: SNMPv3 message causes device to reboot. If device is configured as VPN client and another VPN client connects IPSec tunnel may be broken during IKE phase.

Affected: CISCO : PIX 6.1
CISCO : PIX 6.2
CISCO : PIX 6.3

Original document CISCO, Cisco Security Advisory: Cisco PIX Vulnerabilities (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)

Multiple IKE bugs
Published: 15.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3316
Type: m-i-t-m
Level: 5/10
Description: Type of cerificate is not checked. If XAUTH if used in IKE phase I, it's possible to user proxy attack for challenge-response based authentication.

Original document Thor Lancelot , Multiple vulnerabilites in vendor IKE implementations, including Cisco, (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)

Multiple Cisco FWSM bugs
Published: 15.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3317
Type: remote
Level: 5/10
Description: SNMPv3 message causes device to reboot, buffer overflow on RADIUS and TACACS authentication.

Affected: CISCO : FWSM 1.1

Original document CISCO, [Full-Disclosure] Cisco Security Advisory: Cisco FWSM Vulnerabilities (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)

Multiple mIRC bugs
updated since 14.10.2003
Published: 15.12.2003
Source: SECURITEAM
SecurityVulns ID: 3177
Type: client
Level: 6/10
Description: Buffer overflow on processing irc:// URL, DoS on DCC processing.

Affected: XCHAT : xchat 2.0
MIRC : mIRC 6.11
MIRC : mIRC 6.12

Original document Stefan Hecker, [Full-Disclosure] xchat 2.0.6 crashes with mirc 6.0-6.11 DCC exploit (15.12.2003)

K-OTiK Security, (Fw) : mIRC 6.12 (latest) DCC Exploit (24.10.2003)

SecuriTeam, [EXPL] mIRC Unspecified DCC Request Vulnerability (Exploit) (14.10.2003)

SecuriTeam, [NT] mIRC Buffer Overflow (irc:// Links) (14.10.2003)

document SecuriTeam, [NT] mIRC Unspecified DCC Request Vulnerability (14.10.2003)

Discuss: Read or add your comments to this news (0 comments)

Multiple Cisco PIX bugs
updated since 22.11.2002
Published: 15.12.2003
Source: CISCO
SecurityVulns ID: 2427
Type: remote
Level: 5/10
Description: Multiple bugs during authentication processing.

Affected: CISCO : PIX 5.2
CISCO : PIX 6.0
CISCO : PIX 6.1
CISCO : PIX 6.2

Original document CISCO, Cisco Security Advisory: Cisco PIX Multiple Vulnerabilities (22.11.2002)

Discuss: Read or add your comments to this news (0 comments)

CGI bugs
updated since 15.12.2003
Published: 15.12.2003
Source:
SecurityVulns ID: 3310
Type: remote
Level: 5/10

Affected: WILLWIN : Willwin's Web Voting 1.0
STALLION : Cyclonic Webmail
TRISKAM : CGINews 1.07
TRISKAM : CGIForum 1.09
OSCOMMERCE : osCommerce 2.2
INVISION : Invision Power Top Site List 1.1
INVISION : Invision Power Board 2.0
DUWARE : DU Portal 3.0
AARDVARKIND : Aardvark Topsites 4.1
WEBARTFACTORY : WebArtFactory
ECW : ECW Shop 5.5
ASPAPP : PortalApp
ASPAPP : IntranetApp
ASPAPP : ProjectApp
JMBSOFT : AutoRank 2.0
UPB : Ultimate PHP Board 1.5
EQUI4 : ProjectForum 8.4

Original document Peter Winter-Smith, ProjectForum Multiple Vulnerabilities (23.12.2003)

vLad aka vlbag, �� Ultimate PHP Board (UPB) Version 1.5 (19.12.2003)

JeiAr, Autorank PHP SQL Injection Vulnerabilities (19.12.2003)

JeiAr, Multiple Vulnerabilities In ASPapp Products (19.12.2003)

document SECURITEAM, [UNIX] ECW Shop Cross-Site Scripting Vulnerability (18.12.2003)

JeiAr, osCommerce Malformed Session ID XSS Vuln (18.12.2003)

Noticias, WebArtFactory CMS Vulnerability (18.12.2003)

JeiAr, Aardvark Topsites 4.1.0 Vulnerabilities (17.12.2003)

JeiAr, Multiple DUWare Product Vulnerabilities (17.12.2003)

document JeiAr, Invision Power Board SQL Injection Vuln [ All Versions ] (17.12.2003)

JeiAr, Invision Power Top Site List SQL Inection (17.12.2003)

JeiAr, osCommerce 2.2-MS1 SQL Injection Vulnerability (16.12.2003)

JeiAr, Issues In CGINews and CGIForum (16.12.2003)

Somers Raf, Cyclonic Webmail 4 multiple vulnerabilities (15.12.2003)

document vLad aka vlbag, �� Willwin's Web Voting v.1.0 (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)

irssi DoS
Published: 15.12.2003
Source: BUGTRAQ
SecurityVulns ID: 3311
Type: client
Level: 5/10
Description: It's possible to insert formatting commands into messages text.

Affected: IRSSI : irssi 0.8

Original document Timo Sirainen, irssi - potential remote crash (15.12.2003)

Discuss: Read or add your comments to this news (0 comments)