Computer Security
[EN] securityvulns.ru no-pyccku


Symantec AntiVirus privilege escalation
updated since 05.10.2006
Published:26.10.2006
Source:
SecurityVulns ID:6686
Type:remote
Threat Level:
6/10
Description:Insufficient address checks in SAVRT, NAVENG and NAVEX15 devices IOCTLS calls allos to overwrite kernel memory.
Affected:SYMANTEC : Symantec Client Security 1.1
 SYMANTEC : Symantec Client Security 2.0
 SYMANTEC : Symantec AntiVirus 9.0
 SYMANTEC : Symantec AntiVirus 8.1
Original documentdocumentSYMANTEC, Symantec Product Security: Symantec Device Driver Elevation of Privileg (26.10.2006)
 documentReversemode, [Reversemode Advisory] Symantec Antivirus Engine Privilege Escalation (07.10.2006)
 documentIDEFENSE, [Full-disclosure] iDefense Security Advisory 10.05.06: Symantec AntiVirus IOCTL Kernel Privilege Escalation Vulnerability (05.10.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:26.10.2006
Source:
SecurityVulns ID:6743
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:WEBAPP : WebAPP 0.9
 PHPNUKE : PHP-Nuke 7.9
 WIKINI : WikiNi 0.4
 PROGSYS : ProgSys 0.151
 AROUNDME : AROUNDMe 0.6
 WHM : WHM 10.8
 CPANEL : cPanel 10.9
 CENTOS : CentOS 4.4
 WHM : WHM X 3.1
 CRUISEWORKS : CruiseWorks 1.09
 PACPOLL : PacPoll 4.0
CVE:CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access to certain privileged actions, which allows local users to change the configuration or have other unspecified impact. NOTE: some of these details are obtained from third party information.)
Original documentdocumentfarhad koosha, [KAPDA::#61] - PacPoll <= 4.0 Multiple Vulnerabilities (26.10.2006)
 documentTAN Chew Keong, [vuln.sg] CruiseWorks Directory Traversal and Buffer Overflow Vulnerabilities (26.10.2006)
 documentraphael.huck_(at)_free.fr, WikiNi Multiple Cross Site Scripting Vulnerabilities (26.10.2006)
 documentsecurity_(at)_vigilon.com, ProgSys verion 0.151 XSS vulnerability (26.10.2006)
 documentthe_free_kernel_(at)_b0rizq.net, Application orders Linux in WebAPP v0.9.9.2.1 (26.10.2006)
 documentDebasis Mohanty, Multiple HTTP response splitting vulnerabilities in SHOP-SCRIPT (26.10.2006)
 documentpaisterist.nst_(at)_gmail.com, -==PHP Nuke <= 7.9 SQL Injection and Bypass SQL Injection Protection vulnerabilities==- (26.10.2006)
 documentnoislet_(at)_gmail.com, AROUNDMe 0.6.9 remonte file inclusion (26.10.2006)
 documentcrackers_child_(at)_sibersavascilar.com, WHM 10.8.0 cPanel 10.9.0 R50 CentOS 4.4 i686 WHM X v3.1.0 Xss Vulnerability (26.10.2006)
 documentSome One, XSS in Zwahlen Online Shop (26.10.2006)

Multiple D-Link DSL-G624T ADSL Router security vulnjerabilities
Published:26.10.2006
Source:
SecurityVulns ID:6744
Type:remote
Threat Level:
5/10
Description:Crossite scripting, dfirectory traversal and another Web-interface vulnerabilities.
Affected:DLINK : D-Link DSL-G624T
Original documentdocumentjose.palanco_(at)_eazel.es, D-Link DSL-G624T several vulnerabilities (26.10.2006)

INCA IM-204 DSL router multilpe security vulnerabilities
Published:26.10.2006
Source:
SecurityVulns ID:6745
Type:remote
Threat Level:
5/10
Description:Directory traversal, information leak.
Affected:INCA : INCA IM-204
Original documentdocumentcrackers_child_(at)_ibersavascilar.om, INCA IM-204 Dsl several vulnerabilities (26.10.2006)

Cisco Security Agent for Linux DoS
Published:26.10.2006
Source:
SecurityVulns ID:6746
Type:remote
Threat Level:
5/10
Description:Port scanning causes system resources exhaustion.
Affected:CISCO : Cisco Security Agent for Linux 4.5
 CISCO : Cisco Security Agent for Linux 5.0
Original documentdocumentCISCO, Cisco Security Advisory: Cisco Security Agent for Linux Port Scan Denial of Service (26.10.2006)

NullSoft WinAmp Ultravox support multiple security vulnerabilities
Published:26.10.2006
Source:
SecurityVulns ID:6747
Type:client
Threat Level:
6/10
Description:Buffer overflows on parsing different tags and headers.
Affected:WINAMP : Winamp 5.3
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox Lyrics3 v2.00 tags Heap Overflow Vulnerability (26.10.2006)
 documentIDEFENSE, iDefense Security Advisory 10.25.06: AOL Nullsoft Winamp Ultravox 'ultravox-max-msg' Header Heap Overflow Vulnerability (26.10.2006)
Files:Nullsoft Winamp < 5.31 Ultravox "Ultravox-Max-Msg" Heap Overflow Dos POC

AOL browser multiple security vulnerabilities
Published:26.10.2006
Source:
SecurityVulns ID:6748
Type:remote
Threat Level:
6/10
Description:Buffer overflows in different ActiveX controls.
Affected:AOL : AOL 9.0
Original documentdocumentIDEFENSE, iDefense Security Advisory 10.25.06: AOL YGPPDownload AddPictureNoAlbum ActiveX Control Heap Corruption Vulnerability (26.10.2006)
 documentIDEFENSE, iDefense Security Advisory 10.25.06: AOL YGPPDownload downloadFileDirectory ActiveX Control Heap Corruption Vulnerability (26.10.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod