Computer Security
[EN] securityvulns.ru no-pyccku


Cisco VPN 3000 VPN Concentrator Denial of Service
updated since 26.01.2006
Published:26.04.2006
Source:
SecurityVulns ID:5700
Type:remote
Threat Level:
6/10
Description:HTTP traffic parsing DoS.
Affected:CISCO : Cisco VPN 3000
Original documentdocumentCISCO, Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.04.2006)
 documentEldon Sprickerhoff, Re: [VulnWatch] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (01.02.2006)
 documentCISCO, [Full-disclosure] Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted HTTP Attack (26.01.2006)

abc2ps / abcmidi abc music files to postscript converter buffer overflow
updated since 25.04.2006
Published:26.04.2006
Source:
SecurityVulns ID:6048
Type:client
Threat Level:
5/10
Description:Buffer overflow on abc format parsing.
Affected:ABC2PS : abc2ps 1.3
 ABCMIDI : abcmidi 17
Original documentdocumentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1043-1] New abcmidi packages fix arbitrary code execution (26.04.2006)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1041-1] New abc2ps packages fix arbitrary code execution (25.04.2006)

Multiple DNS servers different security vulnerabilities
Published:26.04.2006
Source:
SecurityVulns ID:6053
Type:remote
Threat Level:
6/10
Description:Multiple vulnerabilities were discovered with automated testing tool.
Affected:ISC : bind 9.2
 BIND : bind 8.4
 BIND : bind 9.3
 MYDNS : MyDNS 1.0
 PDNSD : pdnsd 1.2
 POWERDNS : RECURSOR 3.0
 DELEGATE : DeleGate 8.11
 DELEGATE : DeleGate 9.0
 FITELNET : FITELnet-F40
 FITELNET : FITELnet-F80
 FITELNET : FITELnet-F100
 FITELNET : FITELnet-F120
 FITELNET : FITELnet-F1000
 FITELNET : FITELnet-E20
 FITELNET : FITELnet-E30
 FITELNET : MUCHO-EV/PK
 FUJITSU : NetShelter/FW
 FUJITSU : NetShelter/FW-P
 FUJITSU : NetShelter/FW-L
 FUJITSU : NetShelter/FW-M
Original documentdocumentPOWERDNS, Recursor version 3.0.1 (26.04.2006)
 documentNISCC, NISCC - Vulnerability Issues in Implementations of the DNS Protocol (26.04.2006)

Mozilla browsers and mail agents memory corruption
Published:26.04.2006
Source:
SecurityVulns ID:6054
Type:client
Threat Level:
8/10
Description:Memory corruption on displaying corrupted HTML tables. Can be used for silent malware installation.
Affected:MOZILLA : Mozilla 1.7
 MOZILLA : Firefox 1.0
 MOZILLA : Thunderbird 1.0
 MOZILLA : Thunderbird 1.5
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
Original documentdocumentZDI, [Full-disclosure] ZDI-06-011: Mozilla Firefox Table Rebuilding Code Execution Vulnerability (26.04.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.04.2006
Source:
SecurityVulns ID:6055
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:CARTWEAVER : Cartweaver ColdFusion 2.16
 QUICKESTORE : QuickEStore 7.9
 WSNLINKS : WSN Links 2.56
 TRINETCMS : Trinet CMS 2006.04.17
 DCFORUMLITE : DCForumLite 3.0
CVE:CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatID parameter.)
Original documentdocumentqex_(at)_bsdmail.org, DCForumLite V 3.0<--XSS/SQL Injection (26.04.2006)
 documentqex_(at)_bsdmail.org, Instant Photo Gallery <= Multiple XSS (26.04.2006)
 documentqex_(at)_bsdmail.org, Instant Photo Gallery <= Multiple XSS (26.04.2006)
 documentElmago Elmago, уязвимость в trinet cms (26.04.2006)
 documentCyber Lords, XSS in WSN Links 2.56 (26.04.2006)
 documentr0t, QuickEStore 7.9 vuln. (26.04.2006)
 documentr0t, Cartweaver ColdFusion vuln. (26.04.2006)

Microsoft Outlook information leak
Published:26.04.2006
Source:
SecurityVulns ID:6056
Type:client
Threat Level:
6/10
Description:mailto: command processor allow outlook.exe command line modification to include any system file.
Affected:MICROSOFT : Outlook 2003
Original documentdocumentinge.henriksen_(at)_booleansoft.com, Multiple browsers Windows mailto protocol Office 2003 file attachment exploit (26.04.2006)

Multiple IP3 Networks NetAccess security vulnerabilities
Published:26.04.2006
Source:
SecurityVulns ID:6057
Type:remote
Threat Level:
5/10
Description:SQL injections, unfiltered shell characters, etc.
Affected:IP3NETWORKS : NA75
Original documentdocumentMoonen, Ralph, Multiple vulnerabilities in IP3 Networks 'NetAccess' NA75 appliance (26.04.2006)

beagle file indexing tool code execution
Published:26.04.2006
Source:
SecurityVulns ID:6058
Type:client
Threat Level:
5/10
Original documentdocumentChris Evans, beagle insecure command line construction (26.04.2006)

Sun Solaris libpkcs11 library privilege escalation
Published:26.04.2006
Source:
SecurityVulns ID:6059
Type:library
Threat Level:
5/10
Description:Privilege escalation with getpwnam() functions family.
Affected:ORACLE : Solaris 10
Original documentdocumentSECUNIA, [SA19789] Sun Solaris "libpkcs11" Privilege Escalation Vulnerability (26.04.2006)

3COM 2848-SFP switch DoS
Published:26.04.2006
Source:
SecurityVulns ID:6060
Type:remote
Threat Level:
5/10
Description:Device crash on long DHCP packet.
Affected:3COM : 3COM 2848-SFP
Original documentdocumentSECUNIA, [SA19756] 3Com Baseline Switch 2848-SFP DHCP Potential Denial of Service (26.04.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod