Computer Security
[EN] securityvulns.ru no-pyccku


CheckPoint Firewall-1 directory traversal
Published:25.07.2006
Source:
SecurityVulns ID:6400
Type:remote
Threat Level:
5/10
Description:TCP/18264 built-in Web-server directory traversal.
Affected:CHECKPOINT : FireWall-1 NG R55
Original documentdocumentSec-Tec Lists, Check Point R55W Directory Traversal (25.07.2006)

libmikmod library buffer overflow
Published:25.07.2006
Source:
SecurityVulns ID:6401
Type:library
Threat Level:
5/10
Description:Heap memory overflow on GT2 file format parsing.
Affected:MIKMOD : mikmod 3.2
 MIKMOD : libmikmod 3.2
Original documentdocumentLuigi Auriemma, Heap overflow in the GT2 loader of libmikmod 3.2.2 (25.07.2006)
Files:Exploits libmikmod <= 3.2.2 and current CVS heap overflow with GT2 files

Siemens Speedstream Wireless Router Denial of Service Vulnerability
Published:25.07.2006
Source:
SecurityVulns ID:6402
Type:remote
Threat Level:
5/10
Description:Malformed request to Web interface causes router to hang.
Original documentdocumentinfo_(at)_digitalarmaments.com, Digital Armaments Security Advisory 24.07.2006: Siemens Speedstream Wireless/Router Denial of Service Vulnerability (25.07.2006)

Opsware Network Automation System weak permissions
Published:25.07.2006
Source:
SecurityVulns ID:6403
Type:remote
Threat Level:
5/10
Description:/etc/init.d/mysqll init script contains MySQL 'root' account password in cleartext.
Affected:OPSWARE : Opsware NAS 6.0
Original documentdocumentFreeman, Michael, Opsware NAS 6.0 reveals MySQL 'root' password (25.07.2006)

Password Safe protection bypass
Published:25.07.2006
Source:
SecurityVulns ID:6404
Type:local
Threat Level:
5/10
Description:Password database locking doesn't work under some specific conditions.
Affected:PASSWORDSAFE : Password Safe 2.11
 PASSWORDSAFE : Password Safe 2.16
 PASSWORDSAFE : Password Safe 3.0
Original documentdocumentSYMANTEC, SYMSA-2006-008:Password Safe - Lock Password Database Configuration Not Enforced (25.07.2006)

Warzone Resurrection game buffer overflows
Published:25.07.2006
Source:
SecurityVulns ID:6405
Type:remote
Threat Level:
5/10
Description:Buffer overflows in recvTextMessage and NETrecvFile functions.
Affected:GNA : Warzone Resurrection 2.0
 WARZONE : Warzone 2100
Original documentdocumentLuigi Auriemma, Buffer-overflow in recvTextMessage and NETrecvFile in Warzone Resurrection 2.0.3 (SVN 127) (25.07.2006)

DynaZip buffer overflow
Published:25.07.2006
Source:
SecurityVulns ID:6406
Type:library
Threat Level:
5/10
Description:Buffer overflows in DZIP32.DLL/DZIPS32.DLL libraries on ZIP archives processing.
Affected:DYNAZIP : DynaZip Max 5.0
 DYNAZIP : DynaZip Max Secure 6.0
 POWERARCHIVER : PowerArchiver 9.62
Original documentdocumentTAN Chew Keong, [Full-disclosure] [vuln.sg] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability (25.07.2006)
 documentTAN Chew Keong, [Full-disclosure] [vuln.sg] DynaZip DZIP32.DLL/DZIPS32.DLL Buffer Overflow Vulnerabilities (25.07.2006)

TurboZIP buffer overflow
Published:25.07.2006
Source:
SecurityVulns ID:6407
Type:local
Threat Level:
5/10
Description:Buffer overflow on corrupted archive repair.
Affected:TURBOZIP : TurboZIP 6.0
Original documentdocumentTAN Chew Keong, [Full-disclosure] [vuln.sg] TurboZIP ZIP Repair Buffer Overflow Vulnerability (25.07.2006)

AgePhone software SIP IP phone buffer overflow
Published:25.07.2006
Source:
SecurityVulns ID:6408
Type:remote
Threat Level:
6/10
Description:Buffer overflow on SIP packet parsing.
Affected:AGEPHONE : AGEphone 1.24
 AGEPHONE : AGEphone 1.38
Original documentdocumentTAN Chew Keong, [Full-disclosure] [vuln.sg] AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow (25.07.2006)

Apache crossite scripting
Published:25.07.2006
Source:
SecurityVulns ID:6409
Type:remote
Threat Level:
7/10
Description:By using Expect: header it's possible to inject HTML code to another site's context.
Affected:APACHE : Apache 1.3
 APACHE : Apache 2.0
 APACHE : Apache 2.2
 IBM : IBM HTTP Server 6.1
 IBM : IBM HTTP Server 6.0
Original documentdocumentSECUNIA, [SA21174] IBM HTTP Server "Expect" Header Cross-Site Scripting (25.07.2006)
 documentSECUNIA, [SA21172] Apache "Expect" Header Cross-Site Scripting Vulnerability (25.07.2006)

FreeCiv Civilization game clone DoS
updated since 07.03.2006
Published:25.07.2006
Source:
SecurityVulns ID:5863
Type:remote
Threat Level:
5/10
Description:Out of memory reference.
Affected:FREECIV : Freeciv 2.0
 FREECIV : Freeciv 2.1
Original documentdocumentLuigi Auriemma, Two crash vulnerabilities in Freeciv 2.1.0-beta1 (SVN 15 Jul 2006) (25.07.2006)
 documentLuigi Auriemma, Out of memory crash in Freeciv 2.0.7 (07.03.2006)
Files:Exploits Out of memory crash in Freeciv 2.0.7

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.07.2006
Source:
SecurityVulns ID:6399
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SQUERY : SQuery 4.5
 MUSICBOX : MusicBox 2.3
 DEVIUM : Devium CMS 1.5
 WBB : Woltlab Burning Board 1.1
 WBB : Woltlab Burning Board 1.2
 WBB : Woltlab Burning Board 2.1
 WBB : Woltlab Burning Board 2.2
Original documentdocumentSaudi Hackrz, SQuery v.x (devi.php) (armygame.php) Remote File Inclusion (25.07.2006)
 documentAesthetico, [MajorSecurity #26] Woltlab Burning Board - Multiple Cookie manipulation and session fixation vulnerabilities (25.07.2006)
 documentsecurityconnection_(at)_gmail.com, MusicBox <= 2.3.4 XSS SQL injection Vulnerability (25.07.2006)
 documentCyber Lords, XSS в Devium CMS 1.5 (25.07.2006)
 documentCyber Lords, SQL-Injection in Shop-Script PRO & Shop-Script Premium all version (25.07.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod