 |
|
|
|
LAND attack DoS against Microsoft Windows 2003 and Microsoft Windows XP
updated since 05.03.2005 | | Published: |  | 16.12.2005 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 4555 | | Type: |  | remote | | Level: |  | 7/10 | | Description: |  | LAND attack (ICMP or TCP SYN packet with equal SRC and DST IPs and ports) causes target host to freeze. |
| Affected: |  | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | LINKSYS : Linksys BEFW11S4 | | | | LINKSYS : Linksys WRT54GS | | | | WESTELL : Versalink 327W | | | | SCIENTIFICATLANT : Scientific Atlantic DPX2100 |
| Original document |  | Synister Syntax, RLA ("Remote LanD Attack") (16.12.2005) |
| | | Konrad Malewski, Windows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack. (17.05.2005) |
| | | Dejan Levaja, Windows Server 2003 and XP SP2 LAND attack vulnerability (05.03.2005) |
Multiple Microsoft Internet Explorer vulnerabilities
updated since 14.12.2005 | | Published: | | 16.12.2005 | | Source: | | CERT | | SecurityVulns ID: | | 5528 | | Type: | | client | | Level: | | 7/10 | | Description: | | Code execution, memory corruption, download dialog manipulation, unencrypted HTTPS proxy data leak. |
| Affected: | | MICROSOFT : Internet Explorer 5.5 | | | | MICROSOFT : Internet Explorer 6.0 |
| Original document | | SECUNIA, Secunia Research: Microsoft Internet Explorer Keyboard Shortcut Processing Vulnerability (16.12.2005) |
| | | MICROSOFT, Microsoft Security Bulletin MS05-054 Cumulative Security Update for Internet Explorer (905915) (14.12.2005) |
| | | SECUNIA, Secunia Research: Internet Explorer Suppressed "Download Dialog" Vulnerability (14.12.2005) |
| | | CERT, US-CERT Technical Cyber Security Alert TA05-347A -- Microsoft Internet Explorer Vulnerabilities (14.12.2005) |
| Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc) | | Published: | | 16.12.2005 | | Source: | | | | SecurityVulns ID: | | 5530 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: | | EZ : ezUpload 2.2 | | | | PHPNUKE : PHP-Nuke 7.9 | | | | EZDATABASE : ezDatabase 2.1 | | | | SMARTCHOICES : PDEstore 1.8 | | | | NIGHTMEDIA : The CITY Shop 1.3 | | | | CLICKCARTPRO : ClickCartPro 5.1 | | | | STATICSTORE : StaticStore 1.189 | | | | ZAYGO : HostingCart 2.0 | | | | ZAYGO : DomainCart 2.0 | | | | PLEXUM : PlexCart X3 | | | | PAYPALSHOPPINGCA : PPCal Shopping Cart 3.3 | | | | ECTOOLS : ECTOOLS 1.0 | | | | SOFT4E : ECW-Cart 2.03 | | | | EDATCART : eDatCat 3.0 | | | | COMMERCESQL : CommerceSQL 1.0 | | | | ATLANTPRO : AtlantForum 4.0 | | | | ATLANTPRO : Atlant Pro 8.09 | | | | ALMONDSOFT : Almond Classifieds 5.02 | | | | ALMONDSOFT : Almond Personals 4.05 | | | | DCSCRIPTS : DCForum 6.25 | | | | BBBOARD : bbBoard 2.56 | | | | FOCALMEDIA : SiteNet BBS 2.0 | | | | BINARYCONCEPTS : Binary Board System 0.2 | | | | SCARECROW : ScareCrow 2.13 | | | | PHPXPLORER : phpXplorer 0.9 | | | | PAFILEDB : paFileDB Extreme Edition | | | | LIMBOCMS : LIMBO CMS 1,0 | | | | OPENCMS : OpenCms 6.0 |
| Original document | | Marc Ruef, [Full-disclosure] [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting (16.12.2005) |
| | | hackeriri_(at)_yahoo.com, Bug in HC (16.12.2005) |
| | | B3g0k_(at)_hackermail.com, Bypass XSS filter in PHPNUKE 7.9=>x (16.12.2005) |
| | | B3g0k_(at)_hackermail.com, MarmaraWeb E-commerce Remote Command Exucetion (16.12.2005) |
| | | B3g0k_(at)_hackermail.com, MarmaraWeb E-commerce Script Cross Site Scripting (16.12.2005) |
| | | retrogod_(at)_aliceposta.it, LIMBO CMS <= v1.0.4.2 _SERVER[] array overwrite / remote code execution (16.12.2005) |
| | | r0t, PDEstore XSS vuln. (16.12.2005) |
| | | r0t, The CITY Shop XSS vuln. (16.12.2005) |
| | | r0t, ClickCartPro (CCP) XSS vuln. (16.12.2005) |
| | | r0t, StaticStore Search Engine Friendly E-Commerce XSS (16.12.2005) |
| | | r0t, HostingCart XSS (16.12.2005) |
| | | r0t, DomainCart XSS (16.12.2005) |
| | | r0t, PlexCart X3 SQL inj. vuln. (16.12.2005) |
| | | r0t, PPCal Shopping Cart XSS (16.12.2005) |
| | | r0t, ECTOOLS - Onlineshop XSS (16.12.2005) |
| | | r0t, ECW-Cart XSS vuln. (16.12.2005) |
| | | r0t, eDatCat XSS vuln. (16.12.2005) |
| | | r0t, CommerceSQL XSS vuln. (16.12.2005) |
| | | r0t, AtlantForum XSS vuln. (16.12.2005) |
| | | r0t, Atlant Pro XSS vuln. (16.12.2005) |
| | | r0t, AlmondSoft Products SQL inj. (16.12.2005) |
| | | r0t, DCForum XSS vuln. (16.12.2005) |
| | | r0t, bbBoard v2 XSS vuln. (16.12.2005) |
| | | r0t, SiteNet BBS XSS vuln (16.12.2005) |
| | | r0t, Binary Board System XSS vuln. (16.12.2005) |
| | | r0t, ScareCrow Message Board XSS vuln. (16.12.2005) |
| | | r0t, phpXplorer XSS vuln. (16.12.2005) |
| | | r0t, paFileDB Extreme Edition SQL inj (16.12.2005) |
| | | r0t, ezUpload Pro vuln (16.12.2005) |
| | | r0t, ezDatabase vuln. (16.12.2005) |
| Business Objects WebIntelligence DoS | | Published: | | 16.12.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 5534 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to lock out administrator's account with unsuccessfull authentication attempts. |
| |
|
| |
