Computer Security
[EN] securityvulns.ru no-pyccku


Cisco VPN Concentrator DoS
Published:27.07.2006
Source:
SecurityVulns ID:6415
Type:remote
Threat Level:
5/10
Description:IKE requests flood leads to resource exhaustion.
Affected:CISCO : Cisco VPN 3005
 CISCO : Cisco VPN 3015
 CISCO : Cisco VPN 3030
 CISCO : Cisco VPN 3060
 CISCO : Cisco VPN 3080
 CISCO : Cisco VPN 3020
Original documentdocumentCISCO, RE: [Full-disclosure] Cisco VPN Concentrator IKE resource exhaustionDoS Advisory (27.07.2006)
 documentRoy Hills, Cisco VPN Concentrator IKE resource exhaustion DoS Advisory (27.07.2006)

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:27.07.2006
Source:
SecurityVulns ID:6416
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:OPENCMS : OpenCms 6.0
 ETOMITE : Etomite CMS 0.6
 OPENCMS : OpenCms 6.2
 PHPPROBID : Phpprobid 5.24
 XGUESTBOOK : xGuestBook 1.02
 EZSCRIPTS : EzUpload Pro 2.2
CVE:CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 allows remote attackers to execute arbitrary PHP code via a URL in the SRC attribute of an HTML element in the lang parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.)
Original documentdocumentl2odon_(at)_yahoo.com, wwwThreads XSS (27.07.2006)
 documentl2odon_(at)_yahoo.com, PHP-Auction SQL injection (27.07.2006)
 documenthack2prison_(at)_yahoo.com, EzUpload multi file vulnerabilities (27.07.2006)
 documentdicomdk_(at)_gmail.com, Full Path Disclosure xGuestBook v1.02 (27.07.2006)
 documentsecurityconnection_(at)_gmail.com, Phpprobid <= 5.24 XSS SQL injection Vulnerability (27.07.2006)
 documentMeder Kydyraliev, Multiple vulnerabilities in OpenCMS (27.07.2006)
Files:Exploits Etomite CMS <= 0.6.1 'rfiles.php' remote command execution

Sheila unfiltered shell characters problem
Published:27.07.2006
Source:
SecurityVulns ID:6417
Type:local
Threat Level:
5/10
Description:Filenames shell characters problem.
Affected:SHEILA : sheila 1.1
Original documentdocumentOPENPKG, [OpenPKG-SA-2006.014] OpenPKG Security Advisory (shiela) (27.07.2006)

Zyxel Prestige 660H-61 crossite scripting
Published:27.07.2006
Source:
SecurityVulns ID:6418
Type:remote
Threat Level:
5/10
Affected:ZYXEL : Prestige 660H-61
Original documentdocumentjose.palanco_(at)_eazel.es, Zyxel Prestige 660H-61 Cross-Site Scripting (27.07.2006)

Multiple Mozilla / Firefox / Seamonkey / Thunderbird security vulnerabilities
updated since 27.07.2006
Published:02.08.2006
Source:
SecurityVulns ID:6414
Type:client
Threat Level:
9/10
Description:Multiple vulnerabilities allow unrestricted code execution. Can be used for hidden malware installation.
Affected:MOZILLA : Thunderbird 1.0
 NETSCAPE : Netscape 8.1
 MOZILLA : Firefox 1.5
 MOZILLA : Seamonkey 1.0
 KMELEON : K-Meleon 1.0
 FLOCK : Flock 0.7
CVE:CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.)
 CVE-2006-6955 (Opera allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.)
 CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service (application crash) via a web page that contains a large number of nested marquee tags, a related issue to CVE-2006-2723.)
 CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.)
Original documentdocumentJuha-Matti Laurio, Netscape/K-Meleon/Flock JavaScript navigator Vulnerability (02.08.2006)
 documentCERT, US-CERT Technical Cyber Security Alert TA06-208A -- Mozilla Products Contain Multiple Vulnerabilities (28.07.2006)
 documentSECUNIA, [Full-disclosure] Secunia Research: Mozilla Firefox XPCOM Event Handling Memory Corruption (27.07.2006)
 documentUBUNTU, [USN-323-1] mozilla vulnerabilities (27.07.2006)
 documentUBUNTU, [USN-297-3] Thunderbird vulnerabilities (27.07.2006)
 documentSECUNIA, [SA19873] Mozilla Firefox Multiple Vulnerabilities (27.07.2006)
 documentZDI, [Full-disclosure] ZDI-06-025: Mozilla Firefox Javascript navigator Object Vulnerability (27.07.2006)
Files:Firefox <= 1.5.0.4 Javascript navigator Object Code Execution PoC

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod