Computer Security
[EN] securityvulns.ru no-pyccku


Linksys WRT54g authentication bypass
updated since 04.08.2006
Published:24.03.2008
Source:
SecurityVulns ID:6449
Type:remote
Threat Level:
5/10
Description:Configuration changes are applied without authentication through Web interface.
Affected:CISCO : Linksys WRT54G
Original documentdocumentSECUNIA, [SA29344] Linksys WRT54G Security Bypass Vulnerability (24.03.2008)
 documentGinsu Rabbit, [Full-disclosure] linksys WRT54g authentication bypass (04.08.2006)

Adobe Flash CS3 Professional / Macromedia Flash MX code execution
Published:24.03.2008
Source:
SecurityVulns ID:8826
Type:local
Threat Level:
5/10
Description:Multiple code execution vulnerabilities on .FLV files parsing.
Affected:ADOBE : Flash CS3 Professional 9.0
 ADOBE : Macromedia Flash MX 2004
CVE:CVE-2008-1201
Original documentdocumentcocoruder, [Full-disclosure] Adobe Flash CS3 Professional FLA File Parsing Multiple Local Code Execute Vulnerabilities (24.03.2008)

Novell Groupwise unauthorized access
Published:24.03.2008
Source:
SecurityVulns ID:8828
Type:remote
Threat Level:
5/10
Description:User who has access to shared folder of different user can gain access to the rest of the folders.
Affected:NOVELL : GroupWise 6.5
 NOVELL : GroupWise 7
Original documentdocumentSECURITEAM, [NEWS] GroupWise Windows Client API Security Vulnerability (24.03.2008)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:24.03.2008
Source:
SecurityVulns ID:8829
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Claroline: crossite scripting.
Affected:POWERSCRIPTS : PowerClan 1.14
 CLAROLINE : Claroline 1.8
 POWERSCRIPTS : PowerBook 1.21
 POWERSCRIPTS : PowerPHPBoard 1.00
 SERENDIPITY : serendipity 1.3
CVE:CVE-2008-0124
 CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1528-1] New serendipity packages fix cross site scripting (24.03.2008)
 documentZero-X ScriptKiddy, HIS-webshop is vulnerable against Directory-Traversal (www.shoppark.de) (24.03.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-020] RFI-LFI in PowerClan 1.14a (24.03.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-021] Multiple LFI in PowerPHPBoard 1.00b (24.03.2008)
 documentDigital Security Research Group [DSecRG], [DSECRG-08-019] LFI in PowerBook 1.21 (24.03.2008)
 documentMustLive, Vulnerability in Claroline (24.03.2008)

ircu and snircd IRC servers array index overflow
Published:24.03.2008
Source:
SecurityVulns ID:8825
Type:remote
Threat Level:
6/10
Description:Array index overflow in /mode command.
Affected:IRCU : ircu 2.10
 SNIRCD : snircd 1.3
Original documentdocumentChris Porter, [Full-disclosure] ircu/snircd remote crash vulnerability (24.03.2008)

Sun Solaris rpc.ypupdated code execution
Published:24.03.2008
Source:
SecurityVulns ID:8827
Type:remote
Threat Level:
6/10
Description:Insufficient RPC requests filtering.
Affected:ORACLE : Solaris 10
Original documentdocumentSECURITEAM, [EXPL] Sun Solaris rpc.ypupdated Arbitrary Command Execution (Exploit) (24.03.2008)
Files:Exploits KEYSERV/YPUPDATED (SunOS 4.1.3/RPC SERVICES)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod