Search:Vulnerability:16.01.2009 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published: 16.01.2009
Source:
SecurityVulns ID: 9590
Type: remote
Level: 5/10
Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. e-Vision CMS: crossite scripting.

Affected: PHPLIST : phpList 2.10
MKPORTAL : MKPortal 1.2
EVISION : e-Vision CMS 2.02

Original document pouya.s3rver_(at)_gmail.com, Active Bids (16.01.2009)

pouya.s3rver_(at)_gmail.com, DMXReady Blog Manager (SQL/XSS) (16.01.2009)

MustLive, Cross-Site Scripting vulnerability in e-Vision CMS (16.01.2009)

Janek Vind, [waraxe-2009-SA#070] - Multiple Vulnerabilities in MKPortal <= 1.2.1 (16.01.2009)

document admin_(at)_bugreport.ir, phpList <= 2.10.8 Local File inclusion (16.01.2009)

Discuss: Read or add your comments to this news (0 comments)

WowWee Rovio webcam unauthorized access
Published: 16.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9593
Type: remote
Level: 5/10
Description: Unauthorized access to RTSP stream and different configuration pages is possible.

Affected: WOWWEE : Rovio

Original document Brian Dowling, WowWee Rovio - Insufficient Access Controls - Covert Audio/Video Snooping Possible (16.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Syslserve DoS
Published: 16.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9594
Type: remote
Level: 5/10
Description: Crash on malformed syslog message parsing.

Affected: SYSLSERVE : Syslserve 1.0

Original document vuln_research_(at)_princeofnigeria.org, Syslserve 1.058 Denial of Service Vulnerability (16.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Cisco SIP VoIP phones DoS
Published: 16.01.2009
Source: BUGTRAQ
SecurityVulns ID: 9589
Type: remote
Level: 5/10
Description: Crash on malformed RTP header parsing.

Affected: CISCO : Cisco 7960G
CISCO : Cisco 7940G
CVE: CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.)

Original document Laurent Butti, Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability (16.01.2009)

Discuss: Read or add your comments to this news (0 comments)

Cisco IOS crossite scripting
updated since 16.01.2009
Published: 05.02.2009
Source: BUGTRAQ
SecurityVulns ID: 9592
Type: remote
Level: 5/10
Description: Crossite scripting in different scripts.

Affected: CISCO : Cisco IOS 12.0
CISCO : Cisco IOS 12.1
CISCO : Cisco IOS 12.2
CISCO : Cisco IOS 12.3
CISCO : Cisco IOS 12.4
CVE: CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI.)

Original document azask2_(at)_gmail.com, Cisco IOS XSS/CSRF Vulnerability (05.02.2009)

CISCO, Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities (16.01.2009)

ProCheckUp Research, PR08-19: XSS on Cisco IOS HTTP Server (16.01.2009)

Files: Cisco Security Response: Cisco IOS Cross-Site Scripting Vulnerabilities
Discuss: Read or add your comments to this news (0 comments)

test server