Computer Security
[EN] securityvulns.ru no-pyccku


Cisco routers IOS TCL privilege escalation
Published:26.01.2006
Source:
SecurityVulns ID:5696
Type:remote
Threat Level:
5/10
Description:User can execute any command by switching to TCL (Tool Command Language) mode.
Affected:CISCO : IOS 12.0
 CISCO : IOS 12.1
 CISCO : IOS 12.2
 CISCO : IOS 12.3
 CISCO : IOS 12.4
Original documentdocumentSECUNIA, [SA18613] Cisco IOS AAA Command Authentication Bypass Vulnerability (26.01.2006)

FreeBSD ipfw /pf IP firewall packet filter DoS
updated since 11.01.2006
Published:26.01.2006
Source:
SecurityVulns ID:5619
Type:remote
Threat Level:
6/10
Description:Problem with fragmented packets handling.
Affected:FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 6.0
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:07.pf (26.01.2006)
 documentSECUNIA, [SA18609] FreeBSD "pf" IP Fragment Denial of Service Vulnerability (25.01.2006)
 documentSECUNIA, [SA18378] FreeBSD ipfw IP Fragment Denial of Service Vulnerability (11.01.2006)

FreeBSD ioctl kernal memory access
updated since 25.01.2006
Published:26.01.2006
Source:
SecurityVulns ID:5693
Type:local
Threat Level:
5/10
Description:Two vulnerabilities allow to read kernel memory.
Affected:FREEBSD : FreeBSD 5.3
 FREEBSD : FreeBSD 5.4
 FREEBSD : FreeBSD 6.0
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-06:06.kmem (26.01.2006)
 documentSECUNIA, [SA18599] FreeBSD Kernel Memory Disclosure Vulnerabilities (25.01.2006)

Sun StorEdge Enterprise Backup / Solstice Backup privilege escalation
Published:26.01.2006
Source:
SecurityVulns ID:5697
Type:local
Threat Level:
5/10
Affected:SUN : StorEdge Enterprise Backup 7.2
 SUN : StorEdge Enterprise Backup 7.1
 SUN : StorEdge Enterprise Backup 7.0
 SUN : Solstice Backup 6.1
 SUN : Solstice Backup 6.0
Original documentdocumentSECUNIA, [SA18615] Sun StorEdge Enterprise Backup / Solstice Backup Vulnerabilities (26.01.2006)

exiv2 IPTC library DoS
Published:26.01.2006
Source:
SecurityVulns ID:5698
Type:library
Threat Level:
5/10
Description:sscanf() is used for data wich is not NULL-terminated.
Affected:EXIV2 : exiv2 0.9
Original documentdocumentSECUNIA, [SA18619] Exiv2 IPTC Metadata Processing Denial of Service (26.01.2006)

nfs-server NFS rpc.mountd buffer overflow
Published:26.01.2006
Source:
SecurityVulns ID:5699
Type:remote
Threat Level:
6/10
Description:realpath() function buffer overflow. Kernel-level nfs-utils package is not vulnerable.
Affected:NFSSERVER : nfs-server 2.2
Original documentdocumentSUSE, [Full-disclosure] SUSE Security Announcement: nfs-server/rpc.mountd remote code execution (SUSE-SA:2006:005) (26.01.2006)

Crossite browsing tracing attacks
updated since 23.01.2003
Published:26.01.2006
Source:
SecurityVulns ID:2555
Type:client
Threat Level:
5/10
Description:Multiple browsing components allow to trace user browsing and to gather different information about user.
Original documentdocumentAmit Klein (AKsecurity), Technical Note by Amit Klein: "XST Strikes Back" (26.01.2006)
 documentRain Forest Puppy, [VulnWatch] administrivia: cross-site tracing (23.01.2003)
Files:White Hat security Cross-Site Tracing papers

libAST buffer overflow
updated since 26.01.2006
Published:28.01.2006
Source:
SecurityVulns ID:5695
Type:library
Threat Level:
5/10
Description:conf_find_file() buffer overflow
Affected:LIBAST : libAST 0.7
Original documentdocumentMichael Jennings, LibAST 0.7 Release Fixes Security Vulnerability (28.01.2006)
 documentangelo_(at)_rosiello.org, Rosiello Security - Eterm-LibAST Advisory (26.01.2006)
Files:Eterm libAST buffer overflow exploit

Cisco VPN 3000 VPN Concentrator Denial of Service
updated since 26.01.2006
Published:26.04.2006
Source:
SecurityVulns ID:5700
Type:remote
Threat Level:
6/10
Description:HTTP traffic parsing DoS.
Affected:CISCO : Cisco VPN 3000
Original documentdocumentCISCO, Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.04.2006)
 documentEldon Sprickerhoff, Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (01.02.2006)
 documentCISCO, [Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.01.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod