Shoreline Firewall (ShoreWall) protection bypass Published: 18.07.2005 Source: BUGTRAQ SecurityVulns ID: 5013 Type: remote Level: 5/10 Description: If MAC addres authentication is used, all security rules and policies are bypassed. Affected: SHORELINE : Shorewall 2.2 SHORELINE : Shorewall 2.4 Original document Patrick Blitz , [Full-disclosure] Shorewall MACLIST Problem (18.07.2005 )
Futuresoft TFTP Server multiple vulnerabilities Published: 18.07.2005 Source: SECUNIA SecurityVulns ID: 4844 Type: remote Level: 5/10 Description: Directory traversal, buffer overflow. Affected: FUTURESOFT : TFTP Server 2000 1.0 CVE: CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.) CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. NOTE: Some details are obtained from third party information.) CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.) Original document SECUNIA , [SA15539] FutureSoft TFTP Server 2000 Directory Traversal and Buffer Overflows (01.06.2005 )
PHP, ASP, CGI web applications security vulnerabilities Published: 22.07.2005 Source: SecurityVulns ID: 5014 Type: remote Level: 5/10 Affected: PHPBB : phpBB 2.0 OPENBB : OpenBB 1.0 UPB : Ultimate PHP Board 1.9 CUTEPHP : CuteNews 1.3 VPASP : VP-ASP 5.0 PHPNEWS : PHPNews 1.2 HOSTINGCONTROLLE : Hosting Controller 6.1 PHPFUSION : PHP-Fusion 6.0 PHPPGADMIN : phppgadmin 3.5 PHPSLASH : phpSlash 0.7 PHPSLASH : phpSlash 0.8 PHPPAGEPROTECT : PHPPageProtect 1.0 CALOGIC : CaLogic 1.2 PHPFINANCE : PHPFinance 0.3 SEOBOARD : Seo-Board 1.0 E107 : e107 0.6171 REVIEWPOST : ReviewPost PHP PRO 2.0 DVBBS : Dvbbs 7.1 PHPSURVEYOR : PHP Surveyor 0.98 CONTREXX : Contrexx 1.0 HITACHI : Groupmax Web Workflow Server Set for Active Server Pages 6.52 HITACHI : Groupmax Form for Active Server Pages 3.10 PYROX : Pyrox Search 1.05 CMSIMPLE : CMSimple 2.4 DXXO : dxxo Count Web Statistics PHPSITESEARCH : PHPSiteSearch 1.7 SENDCARD : sendcard 3.0 CYBERSOURCE : Business Center Original document No Sue Please , [Full-disclosure] User privilege escalation exploit. (22.07.2005 ) SECUNIA , [SA16165] sendcard "id" SQL Injection Vulnerability (22.07.2005 ) SECUNIA , [SA16148] PHPNews "user" and "password" SQL Injection Vulnerability (22.07.2005 ) SECUNIA , [SA16149] phpBB BBcode "url" Script Insertion Vulnerability (22.07.2005 ) SECUNIA , [SA16156] PHPSiteSearch "query" Cross-Site Scripting Vulnerability (22.07.2005 ) SECUNIA , [SA16143] dxxo Count Web Statistics SQL Injection Vulnerability (22.07.2005 ) SECUNIA , [SA16144] Ultimate PHP Board Cross-Site Scripting and Script Insertion (22.07.2005 ) SECUNIA , [SA16147] CMSimple "search" Cross-Site Scripting Vulnerability (22.07.2005 ) SECUNIA , [SA16154] Pyrox Search "whatdoreplace" Cross-Site Scripting Vulnerability (22.07.2005 ) SECUNIA , [SA16135] Hitachi Groupmax Form and Web Workflow Server Set Denial of Service (22.07.2005 ) Christopher Kunz , [Full-disclosure] Advisory 11/2005: Multiple vulnerabilities in Contrexx (22.07.2005 ) morning_wood , [Full-disclosure] PHPTopSites (22.07.2005 ) r_i_t_b_15_(at)_yahoo.com , SQL Injection in Chinese ASP Webcounter (21.07.2005 ) ghc_(at)_ghc.ru , PHPNews SQL injection vulnerability (21.07.2005 ) PHPBB , phpBB 2.0.17 released (21.07.2005 ) thegreatone2176_(at)_yahoo.com , Multiple Vulnerabilities in PHP Surveyor (21.07.2005 ) SECUNIA , [SA16096] PHP-Fusion BBcode "color" CSS Code Insertion Vulnerability (20.07.2005 ) SECURITEAM , [EXPL] phpSlash Account Hijacking (Exploit) (20.07.2005 ) SECUNIA , [SA16131] DVBBS "showerr.asp" Cross-Site Scripting Vulnerability (20.07.2005 ) SECUNIA , [SA16134] ReviewPost PHP Pro "sort" SQL Injection Vulnerability (20.07.2005 ) SECUNIA , [SA16129] CuteNews "selected_search_arch" Cross-Site Scripting Vulnerability (20.07.2005 ) SECUNIA , [SA16117] e107 Nested BBcode Script Insertion Vulnerability (20.07.2005 ) SECURITEAM , [EXPL] OpenBB CID SQL Injection (Exploit) (20.07.2005 ) SECUNIA , [SA16051] SEO-Board "smilies_popup.php" Cross-Site Scripting (19.07.2005 ) SECUNIA , [SA13276] PHPFinance Logon Bypass Vulnerability (19.07.2005 ) SECUNIA , [SA16090] CaLogic "CLPATH" Arbitrary File Inclusion Vulnerability (19.07.2005 ) SECUNIA , [SA16110] PHPPageProtect Cross-Site Scripting Vulnerabilities (19.07.2005 ) DEBIAN , [SECURITY] [DSA 759-1] New phppgadmin packages fix directory traversal vulnerability (19.07.2005 ) SECUNIA , [SA16115] Hosting Controller Multiple Vulnerabilities (18.07.2005 ) SECUNIA , [SA16104] VP-ASP Shopping Cart SQL Injection Vulnerabilities (18.07.2005 )
