Cisco routers IOS TCL privilege escalation
Published:		26.01.2006
Source:		BUGTRAQ
SecurityVulns ID:		5696
Type:		remote
Level:		5/10
Description:		User can execute any command by switching to TCL (Tool Command Language) mode.

Affected:		CISCO : IOS 12.0
		CISCO : IOS 12.1
		CISCO : IOS 12.2
		CISCO : IOS 12.3
		CISCO : IOS 12.4

Original document

SECUNIA, [SA18613] Cisco IOS AAA Command Authentication Bypass Vulnerability (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

FreeBSD ipfw /pf IP firewall packet filter DoS updated since 11.01.2006
Published:		26.01.2006
Source:		SECUNIA
SecurityVulns ID:		5619
Type:		remote
Level:		6/10
Description:		Problem with fragmented packets handling.

Affected:		FREEBSD : FreeBSD 5.3
		FREEBSD : FreeBSD 5.4
		FREEBSD : FreeBSD 6.0

Original document		FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:07.pf (26.01.2006)
		SECUNIA, [SA18609] FreeBSD "pf" IP Fragment Denial of Service Vulnerability (25.01.2006)
		SECUNIA, [SA18378] FreeBSD ipfw IP Fragment Denial of Service Vulnerability (11.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

FreeBSD ioctl kernal memory access updated since 25.01.2006
Published:		26.01.2006
Source:		SECUNIA
SecurityVulns ID:		5693
Type:		local
Level:		5/10
Description:		Two vulnerabilities allow to read kernel memory.

Affected:		FREEBSD : FreeBSD 5.3
		FREEBSD : FreeBSD 5.4
		FREEBSD : FreeBSD 6.0

Original document		FREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:06.kmem (26.01.2006)
		SECUNIA, [SA18599] FreeBSD Kernel Memory Disclosure Vulnerabilities (25.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

Sun StorEdge Enterprise Backup / Solstice Backup privilege escalation
Published:		26.01.2006
Source:		SECUNIA
SecurityVulns ID:		5697
Type:		local
Level:		5/10

Affected:		SUN : StorEdge Enterprise Backup 7.2
		SUN : StorEdge Enterprise Backup 7.1
		SUN : StorEdge Enterprise Backup 7.0
		SUN : Solstice Backup 6.1
		SUN : Solstice Backup 6.0

Original document

SECUNIA, [SA18615] Sun StorEdge Enterprise Backup / Solstice Backup Vulnerabilities (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

exiv2 IPTC library DoS
Published:		26.01.2006
Source:		BUGTRAQ
SecurityVulns ID:		5698
Type:		library
Level:		5/10
Description:		sscanf() is used for data wich is not NULL-terminated.

Affected:

EXIV2 : exiv2 0.9

Original document

SECUNIA, [SA18619] Exiv2 IPTC Metadata Processing Denial of Service (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

nfs-server NFS rpc.mountd buffer overflow
Published:		26.01.2006
Source:		FULL-DISCLOSURE
SecurityVulns ID:		5699
Type:		remote
Level:		6/10
Description:		realpath() function buffer overflow. Kernel-level nfs-utils package is not vulnerable.

Affected:

NFSSERVER : nfs-server 2.2

Original document

SUSE, [Full-disclosure] SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005) (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		26.01.2006
Source:
SecurityVulns ID:		5694
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPCLANWEBSITE : Phpclanwebsite 1.23
		MYBB : MyBB 1.02
		CHEEZEPIZZA : CheesyBlog 1.0
		PMACHINE : ExpressionEngine 1.4
		MYWEBLAND : miniBloggie 1.0
		TEXTRIDER : Text Rider 2.4

Original document		h4cky0u, [Full-disclosure] HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities (26.01.2006)
		imei, MyBB 1.0.2 XSS attack in search.php redirection (26.01.2006)
		s3ude_(at)_hotmail.com, Newsphp Multiple SQL Injection Vulnerabilities (26.01.2006)
		roozbeh afrasiabi, [KAPDA::#25] - MyBB 1.x Cross_Site_Scripting (26.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] Text Rider Sensitive Information Disclosure (26.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] miniBloggie Authentication Bypass (26.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] ExpressionEngine 'Referer' XSS Vulnerability (26.01.2006)
		Aliaksandr Hartsuyeu, [eVuln] CheesyBlog XSS Vulnerability (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)

Crossite browsing tracing attacks updated since 23.01.2003
Published:		26.01.2006
Source:		BUGTRAQ
SecurityVulns ID:		2555
Type:		client
Level:		5/10
Description:		Multiple browsing components allow to trace user browsing and to gather different information about user.

Original document		Amit Klein (AKsecurity), Technical Note by Amit Klein: "XST Strikes Back" (26.01.2006)
		Rain Forest Puppy, [VulnWatch] administrivia: cross-site tracing (23.01.2003)

Files:		White Hat security Cross-Site Tracing papers
Discuss:		Read or add your comments to this news (0 comments)

libAST buffer overflow updated since 26.01.2006
Published:		28.01.2006
Source:		BUGTRAQ
SecurityVulns ID:		5695
Type:		library
Level:		5/10
Description:		conf_find_file() buffer overflow

Affected:

LIBAST : libAST 0.7

Original document		Michael Jennings, LibAST 0.7 Release Fixes Security Vulnerability (28.01.2006)
		angelo_(at)_rosiello.org, Rosiello Security - Eterm-LibAST Advisory (26.01.2006)

Files:		Eterm libAST buffer overflow exploit
Discuss:		Read or add your comments to this news (0 comments)

Cisco VPN 3000 VPN Concentrator Denial of Service updated since 26.01.2006
Published:		26.04.2006
Source:		BUGTRAQ
SecurityVulns ID:		5700
Type:		remote
Level:		6/10
Description:		HTTP traffic parsing DoS.

Affected:

CISCO : Cisco VPN 3000

Original document		CISCO, Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.04.2006)
		Eldon Sprickerhoff, Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (01.02.2006)
		CISCO, [Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.01.2006)

Discuss:

Read or add your comments to this news (0 comments)