Computer Security
[EN] securityvulns.ru no-pyccku


Tuxpaint paint program for children symbolic links problem
Published:16.01.2006
Source:
SecurityVulns ID:5638
Type:local
Threat Level:
5/10
Description:Symbolic links problem on temporary files creation (bad guy can overwrite your child's files).
Affected:TUXPAINT : tuxpaint 0.9
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 941-1] New tuxpaint packages fix insecure temporary file creation (16.01.2006)

Linksys VPN routers DoS
Published:16.01.2006
Source:
SecurityVulns ID:5637
Type:remote
Threat Level:
5/10
Description:IP packet with invalid IP options causes router to crash.
Affected:LINKSYS : Linksys BEFVP41
Original documentdocumentpaul14075_(at)_gmail.com, Linksys VPN Router (BEFVP41) DoS Vulnerability (16.01.2006)

Sun Solaris lpsched privilege escalation
Published:16.01.2006
Source:
SecurityVulns ID:5641
Type:local
Threat Level:
5/10
Original documentdocumentSECUNIA, [SA18498] Sun Solaris lpsched Unspecified Vulnerability (16.01.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.01.2006
Source:
SecurityVulns ID:5636
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LWCAL : Light Weight Calendar 1.0
 123FLASHCHAT : 123flaschat server 5.1
 123FLASHCHAT : 123flaschat server 5.0
 ALBATROSS : albatross 1.20
 REDKERNEL : RedKernel Referrer Tracker 1.1
 WIDEXL : Widexl Download Tracker 1.06
 GTP : GTP iCommerce
 APACHE : Apache Geronimo 1.0
 NETBULA : Netbula Anyboard 9.0
 WORDPRESS : WP-Stats 2.0
Original documentdocumentSECUNIA, [SA18471] WP-Stats WordPress Plug-in "author" SQL Injection Vulnerability (16.01.2006)
 documentSECUNIA, [SA18469] Netbula Anyboard "tK" Cross-Site Scripting Vulnerability (16.01.2006)
 documentSECUNIA, [SA18470] GTP iCommerce Cross-Site Scripting Vulnerabilities (16.01.2006)
 documentSECUNIA, [SA18472] Widexl Download Tracker "ID" Parameter Cross-Site Scripting (16.01.2006)
 documentSECUNIA, [SA18473] RedKernel Referrer Tracker "rkrt_stats.php" Cross-Site Scripting (16.01.2006)
 documentSECUNIA, [SA18464] Bit 5 Blog Script Insertion and SQL Injection Vulnerabilities (16.01.2006)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 942-1] New albatross packages fix arbitrary code execution (16.01.2006)
 documentISecAuditors Security Advisories, [ISecAuditors Advisories] Arbitrary remote file creation in 123flashchat server (16.01.2006)
 documentkhc_(at)_bsdmail.org, DDSN CMS Admin Panel SQL Injection Vulnerability (16.01.2006)
 documentAliaksandr Hartsuyeu, [eVuln] Light Weight Calendar PHP Code Execution (16.01.2006)
 documentnight_warrior771_(at)_hotmail.com, AlstraSoft Template Seller Pro Cross-Site Scripting Vulnerability (16.01.2006)
 documentnight_warrior771_(at)_hotmail.com, DCP Portal Cross-Site Scripting Vulnerability (16.01.2006)
 document:) :), WHITEAlbum Sql Injection (16.01.2006)

Multiple Windows wireless adapters WEP protection bypass
Published:16.01.2006
Source:
SecurityVulns ID:5639
Type:remote
Threat Level:
5/10
Description:Atacker can force client to downgradte to unencrypted cleartext mode operations.
Affected:MICROSOFT : Windows XP
Original documentdocumentsecurity_(at)_hammerjammer.net, [Full-disclosure] WEP-Client-Communication-Dumbdown (WCCD) Vulnerability (16.01.2006)

Perl integer overflow
Published:16.01.2006
Source:
SecurityVulns ID:5640
Type:library
Threat Level:
6/10
Affected:PERL : perl 5.8
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 943-1] New Perl packages fix arbitrary code execution (16.01.2006)

Cisco IP Phones DoS
Published:16.01.2006
Source:
SecurityVulns ID:5642
Type:remote
Threat Level:
6/10
Description:Syn-flood causes phone to reload.
Affected:CISCO : Cisco IP Phone 7940
 CISCO : Cisco IP Phone 7960
 CISCO : Cisco IP Phone 7900
Original documentdocumentSECUNIA, [SA18479] Cisco IP Phones SYN Flood Device Reload Vulnerability (16.01.2006)

Linux kernel multiple DoS conditions
Published:16.01.2006
Source:
SecurityVulns ID:5643
Type:remote
Threat Level:
6/10
Description:Local DoS with netlink_rcv_skb(), few DoS conditions with PPTP NAT.
Affected:LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA18482] Linux Kernel Multiple Denial of Service Vulnerabilities (16.01.2006)

mailman mailing lists processor DoS
updated since 14.11.2005
Published:16.01.2006
Source:
SecurityVulns ID:5448
Type:remote
Threat Level:
5/10
Description:Scrubber.py fails to process attachment with UTF-8 character in the name and messages with large numbers in dates.
Affected:MAILMAN : mailman 2.1
Original documentdocumentUBUNTU, [Full-disclosure] [USN-242-1] mailman vulnerabilities (16.01.2006)
 documentSECUNIA, [SA17511] Mailman Attachment Filename Scrubbing Denial of Service (14.11.2005)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod