 |
|
|
|
| 3COM TippingPoint intrusion prevension system DoS | | Published: |  | 25.04.2007 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 7634 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Packets flood to TCP/80 port leads to resources exhaustion. |
| Apache unfiltered HTTP methods | | Published: | | 25.04.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7637 | | Type: | | remote | | Level: | | 4/10 | | Description: | | HTTP request method is not checked for RFC2616 complience. Under specific conditions it may lead, for example, to crossite scripting. |
| Asterisk multiple security vulnerabilities | | Published: | | 25.04.2007 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 7638 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Multiple buffer overflows on T.38 SDP SIP channels parsing. DoS in administration interface. Multiple security vulnerabilities in parsing SIP replies. |
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: | | 25.04.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7633 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Original document |  | alijsb_(at)_yahoo.com, netbingo v 2000 >> RFI (25.04.2007) |
| | | alijsb_(at)_yahoo.com, HTMLeditbox & 2.2 >> RFI (25.04.2007) |
| | | s433d_only_linux_(at)_yahoo.de, WordPress v2.1.3 >> remote file include~ (25.04.2007) |
| | | alijsb_(at)_yahoo.com, HYIP Manager Pro Script >> Remote file Include (25.04.2007) |
| | | alijsb_(at)_yahoo.com, MyNewsGroups >> RFI in include.php (25.04.2007) |
| | | suresync_(at)_gmail.com, Progress Webspeed exploit for all releases (25.04.2007) |
| | | Irene Abezgauz, Security Advisory: CA CleverPath SQL Injection (25.04.2007) |
| | | s433d_only_linux_(at)_yahoo.de, dcp-portal v611 >> RFi (25.04.2007) |
| | | Aesthetico, [MajorSecurity Advisory #46]Plogger - Session fixation Issue (25.04.2007) |
| | | okan alp, Ahhp(php)-Portal Remote File Inclusion (25.04.2007) |
| HP StorageWorks unauthorized access | | Published: | | 25.04.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7636 | | Type: | | local | | Level: | | 5/10 |
| Cisco Network Services NetFlow Collection Engine default account | | Published: | | 25.04.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7639 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Account with hardcoded password is used for NetFlow information gathering. |
CA BrightStor ARCserve backup system multiple buffer overflows
updated since 25.04.2007 | | Published: | | 17.05.2007 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 7635 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Multiple buffer overflows in RPC-based Media Server service. |
| Affected: |  | CA : Brightstor ARCserve Backup 11.1 | | | | CA : BrightStor ARCserve Backup 9.01 | | | | CA : BrightStor Enterprise Backup 10.5 | | | | CA : Brightstor ARCserve Backup 11.5 | | | | CA : CA Server Protection Suite 2 | | | | CA : CA Business Protection Suite 2 | | | | CA : BrightStor ARCserve Backup 11 | | CVE: |  | CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA (formerly Computer Associates) BrightStor ARCserve Media Server, as used in BrightStor ARCserve Backup 9.01 through 11.5 SP2, BrightStor Enterprise Backup 10.5, Server Protection Suite 2, and Business Protection Suite 2, allow remote attackers to execute arbitrary code via malformed RPC strings, a different vulnerability than CVE-2006-5171, CVE-2006-5172, and CVE-2007-1785.) | | | | CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.) |
|
|
|
|
|
|
|
|
