Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.01.2009
Source:
SecurityVulns ID:9590
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. e-Vision CMS: crossite scripting.
Affected:PHPLIST : phpList 2.10
 MKPORTAL : MKPortal 1.2
 EVISION : e-Vision CMS 2.02
Original documentdocumentpouya.s3rver_(at)_gmail.com, Active Bids (16.01.2009)
 documentpouya.s3rver_(at)_gmail.com, DMXReady Blog Manager (SQL/XSS) (16.01.2009)
 documentMustLive, Cross-Site Scripting vulnerability in e-Vision CMS (16.01.2009)
 documentJanek Vind, [waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1 (16.01.2009)
 documentadmin_(at)_bugreport.ir, phpList <= 2.10.8 Local File inclusion (16.01.2009)

Cisco VLAN trunking DoS
Published:16.01.2009
Source:
SecurityVulns ID:9591
Type:remote
Threat Level:
5/10
Description:Switch reloads on malformed VTP packet.
Original documentdocumentCISCO, RE: DoS code for Cisco VLAN Trunking Protocol Vulnerability (16.01.2009)
 documentshowrun.lee_(at)_gmail.com, DoS code for Cisco VLAN Trunking Protocol Vulnerability (16.01.2009)
Files:DoS code for Cisco VLAN Trunking Protocol Vulnerability
 Cisco Security Response: Cisco VLAN Trunking Protocol Vulnerability

WowWee Rovio webcam unauthorized access
Published:16.01.2009
Source:
SecurityVulns ID:9593
Type:remote
Threat Level:
5/10
Description:Unauthorized access to RTSP stream and different configuration pages is possible.
Affected:WOWWEE : Rovio
Original documentdocumentBrian Dowling, WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible (16.01.2009)

Syslserve DoS
Published:16.01.2009
Source:
SecurityVulns ID:9594
Type:remote
Threat Level:
5/10
Description:Crash on malformed syslog message parsing.
Affected:SYSLSERVE : Syslserve 1.0
Original documentdocumentvuln_research_(at)_princeofnigeria.org, Syslserve 1.058 Denial of Service Vulnerability (16.01.2009)

Cisco SIP VoIP phones DoS
Published:16.01.2009
Source:
SecurityVulns ID:9589
Type:remote
Threat Level:
5/10
Description:Crash on malformed RTP header parsing.
Affected:CISCO : Cisco 7960G
 CISCO : Cisco 7940G
CVE:CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.)
Original documentdocumentLaurent Butti, Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability (16.01.2009)

Cisco IOS crossite scripting
updated since 16.01.2009
Published:05.02.2009
Source:
SecurityVulns ID:9592
Type:remote
Threat Level:
5/10
Description:Crossite scripting in different scripts.
Affected:CISCO : Cisco IOS 12.0
 CISCO : Cisco IOS 12.1
 CISCO : Cisco IOS 12.2
 CISCO : Cisco IOS 12.3
 CISCO : Cisco IOS 12.4
CVE:CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.)
Original documentdocumentazask2_(at)_gmail.com, Cisco IOS XSS/CSRF Vulnerability (05.02.2009)
 documentCISCO, Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities (16.01.2009)
 documentProCheckUp Research, PR08-19: XSS on Cisco IOS HTTP Server (16.01.2009)
Files:Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod