 |
|
|
|
| PHP mysql_error() crosssite scripting | | Published: |  | 21.09.2006 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 6639 | | Type: |  | library | | Level: |  | 4/10 | | Description: |  | Crossite scripting is possible if mysql_error() result is used in application output. |
| TFTPDWIN TFTP server buffer overflow | | Published: | | 21.09.2006 | | Source: | | SECUNIA | | SecurityVulns ID: | | 6641 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized requested resource filename. |
| Affected: |  | TFTPDWIN : TFTPdWin 0.4 | | CVE: |  | CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote attackers to cause a denial of service via a long UDP packet that is not properly handled in a recv_from call. NOTE: this issue might be related to CVE-2006-4948.) | | | | CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.) |
| RSA Keyon Manager audit functionality bypass | | Published: | | 21.09.2006 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 6640 | | Type: | | local | | Level: | | 5/10 | | Description: | | Log records blocks are independently signed, making it possible to remove whole block without notice. Records are collected locally before being signed and sent to server, making it possible to tamper log entries. |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 21.09.2006 | | Published: | | 21.09.2006 | | Source: | | | | SecurityVulns ID: | | 6642 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
|
|
|
|
|
|
|
|
