 |
|
|
|
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 22.02.2010 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 10633 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| IBM Cognos Server backdoor | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10635 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Undocumented Apache Tomcat account for TCP/19300 administration server. |
| Cisco Security Agent multiple security vulnerabilities | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10638 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Directpry traversal, SQL injection, DoS. |
| Affected: |  | CISCO : Cisco Security Agent 5.1 | | | | CISCO : Cisco Security Agent 5.2 | | | | CISCO : Cisco Security Agent 6.0 | | CVE: |  | CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets.") | | | | CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.) | | | | CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco Security Agents 6.0 allows remote authenticated users to read arbitrary files via unspecified vectors.) |
| Portwise SSL VPN crossite scripting | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10634 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting on login page. |
| Cisco Firewall Services Module DoS | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10636 | | Type: | | remote | | Level: | | 5/10 | | Description: | | DoS on Module Skinny Client Control Protocol (SCCP) inspection. |
| Affected: | | CISCO : FWSM 4.0 | | CVE: | | CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message.) |
| Asterisk dialplan modification | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10639 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Atacker can control dialplan if ${EXTEN} macro is used. |
| Cisco ASA multiple security vulnerabilities | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10637 | | Type: | | remote | | Level: | | 6/10 | | Description: | | NTLM authentication bypass, multiple DoS conditions. |
| Affected: | | CISCO : Cisco ASA 5500 | | CVE: | | CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018.) | | | | CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953.) | | | | CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.) | | | | CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219.) | | | | CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability.") | | | | CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message.) | | | | CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157.) | | | | CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.46), 8.0 before 8.0(4.38), 8.1 before 8.1(2.29), and 8.2 before 8.2(1.5); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (prevention of new connections) via crafted TCP segments during termination of the TCP connection that cause the connection to remain in CLOSEWAIT status, aka "TCP Connection Exhaustion Denial of Service Vulnerability.") |
| polipo proxy server DoS | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10640 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crash on processing HTTP request and response headers. |
| Affected: | | POLIPO : Polipo 0.9 | | | | POLIPO : Polipo 1.0 | | CVE: | | CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.) | | | | CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors.) |
SAP Web AS multiple security vulnerabilities
updated since 21.01.2010 | | Published: | | 22.02.2010 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 10546 | | Type: | | local | | Level: | | 5/10 | | Description: | | Code execution with Internet Communication Framework, information leak, crossite scripting, directory traversal. |
|
|
|
|
|
|
|
|
