 |
|
|
|
| ON Command CCM default pasword | | Published: |  | 27.09.2004 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 4026 | | Type: |  | local | | Level: |  | 5/10 | | Description: |  | Few accounts with default passwords for Sybase database. |
| Affected: |  | SYMANTEC : ON Command CCM 5.4 |
| Original document |  | Jonas Olsson, Default username/password pairs in ON Command CCM 5.x database backend (27.09.2004) |
| Multiple getmail bugs | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4027 | | Type: | | local | | Level: | | 5/10 | | Description: | | Problems with file handling if application is executed with superuser privileges. |
| Affected: | | GETMAIL : getmail 4.1 | | | | GETMAIL : getmail 3.2 |
| Original document | | David Watson, Local root compromise possible with getmail (27.09.2004) |
| jabberd DoS | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4028 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Server crashes on UTF8 data. |
| Affected: | | JABBER : jabberd 1.4 | | | | JABBERD : jabberd 2.0 |
| Original document | | JABBER, Possible DoS attack against jabberd 1.4.3 and jadc2s 0.9.0 (27.09.2004) |
| PopMessenger DoS | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4029 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Program crashes on large number of characters outside base64 allowed range. |
| Affected: | | LEADMIND : PopMessenger 1.60 |
| Original document | | Luigi Auriemma, Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004) (27.09.2004) |
| Pinnacle ShowCenter DoS | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4030 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Web interface DoS with non-existant skin. |
| Affected: | | PINNACLE : ShowCenter 1.51 |
| Original document | | Marc Ruef, Pinnacle ShowCenter Skin Denial of Service (27.09.2004) |
| Sophos Small Business Suite special DOS devices access | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4031 | | Type: | | remote | | Level: | | 5/10 | | Description: | | By using special device name as a filename it's possible to access DOS device and bypass protection. |
| Affected: | | SOPHOS : Sophos Small Business Suite 1.0 |
| Original document | | IDEFENSE, iDEFENSE Security Advisory 09.22.04 - Sophos Small Business Suite Reserved Device Name Handling Vulnerability (27.09.2004) |
| FreeRADIUS DoS | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4032 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Multiple bugs on malcrafted packet handling. |
| Affected: | | FREERADIUS : FreeRADIUS 1.0 |
| Original document | | GENTOO, [ GLSA 200409-29 ] FreeRADIUS: Multiple Denial of Service vulnerabilities (27.09.2004) |
| MDaemon buffer overflows | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4033 | | Type: | | remote | | Level: | | 7/10 | | Description: | | Buffer overflows in multiple SMTP and IMAP commands. |
| Multiple ActivePost bugs | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4034 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Buffer overflows, directory traversal, weak password encryption. |
| Affected: | | ACTIVEPOST : ActivePost 3.1 |
| Original document | | Luigi Auriemma, Multiple vulnerabilities in ActivePost Standard 3.1 (27.09.2004) |
| Canon imageRunner unauthorized access | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4035 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Printer accepts and prints SMTP messages. |
| Affected: | | CANON : iR5000i |
| Original document | | Andrew Daviel, Promiscuous email printing in Canon imageRunner (27.09.2004) |
| Zinf buffer overflow | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4036 | | Type: | | client | | Level: | | 5/10 | | Description: | | Buffer overflow on parsing .jpg files. |
| Affected: | | ZINF : Zinf 2.2 |
| Original document | | Luigi Auriemma, Buffer overflow in Zinf 2.2.1 for Win32 (27.09.2004) |
| Motorola Wireless Router WR850G unauthorized access | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4037 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Authentication bypass through web interface. |
| Affected: | | MOTOROLLA : WR850G |
| Original document | | Daniel Fabian, Motorola Wireless Router WR850G Authentication Circumvention (27.09.2004) |
| OpenBSD wuth RADIUS authorization module unauthorized access | | Published: | | 27.09.2004 | | Source: | | VULNWATCH | | SecurityVulns ID: | | 4038 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Response authenticator is not checked, it allows to spoof response from RADIUS server. |
| Affected: | | OPENBSD : OpenBSD 3.5 |
| Original document | | E.Bos_(at)_reseau.nl, [VulnWatch] OpenBSD radius authentication vulnerability (27.09.2004) |
| Symantec Enterprise Firewall/Symantec Gateway Security multiple bugs | | Published: | | 27.09.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4024 | | Type: | | remote | | Level: | | 6/10 | | Description: | | DoS, UDP filtering bypass, SNMP information leakage. |
| Affected: | | SYMANTEC : Symantec Firewall/VPN Appliances 100 | | | | SYMANTEC : Firewall/VPN Appliances 200 | | | | SYMANTEC : Firewall/VPN Appliances 200R | | | | SYMANTEC : Symantec Gateway Security 320 | | | | SYMANTEC : Symantec Gateway Security 360 | | | | SYMANTEC : Symantec Gateway Security 360R |
| Original document | | SYMANTEC, Symantec Enterprise Firewall/VPN and Gateway Security 300 Series Appliances Multiple Issues (27.09.2004) |
| | | Mike Sues, Multiple Vulnerabilities in Symantec Enterprise Firewall/Gateway Security Products (27.09.2004) |
CGI bugs
updated since 27.09.2004 | | Published: | | 02.10.2004 | | Source: | | | | SecurityVulns ID: | | 4025 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | WAGORA : W-Agora 4.1 | | | | PAFILEDB : paFileDB 3.1 | | | | TUTOS : Tutos 1.1 | | | | CUTEPHP : CuteNews 1.3 | | | | MAMBOSERVER : Mambo Server 4.5 | | | | YABB : YaBB 1.3 | | | | BBLOG : BBlog 0.7 | | | | POSTNUKE : Postnuke 0.75 | | | | PHPFUSION : PHP-Fusion 4.0 | | | | CA : UniCenter Management Portal 2.0 | | | | CA : UniCenter Management Portal 3.1 | | | | FULLREVOLUTION : aspWebCalendar | | | | FULLREVOLUTION : aspWebAlbum | | | | MEGABBS : MegaBBS 2.1 | | | | BROADBOARD : Instant ASP Message Board | | | | S9Y : Serendipity 0.7 | | | | ALEXPHPTEAM : @lex Guestbook | | | | BAALSYSTEMS : Baal Smart Forms 3.1 | | | | VIGNETTE : Vignette Application Portal | | | | WORDPRESS : WordPress 1.2 | | | | YAHOO : Yahoo! Store | | | | PBLANG : PBLang 4.60 | | | | SILENTSTORM : Silent Storm 2.1 | | | | SILENTSTORM : Silent Storm 2.2 | | | | AJFORK : AJ-Fork 167 | | | | MEDIAWIKI : MediaWiki 1.3 |
| Original document | | SECUNIA, [SA12704] Silent Storm Portal Cross-Site Scripting and Security Bypass Vulnerabilities (02.10.2004) |
| | | SECUNIA, [SA12692] MediaWiki "raw" Page Output Mode Cross-Site Scripting Vulnerability (02.10.2004) |
| | | ahmad muammar, Multiple Vulnerabilities in AJ-Fork (02.10.2004) |
| | | tjomka1_(at)_navigator.lv, 1. Exploit for Cutenews 1.3 1.3.1 1.3.2, AND Bug in Cutenews v1.3.6 (01.10.2004) |
| | | James McGlinn, [Full-Disclosure] SQL Injection vulnerability in bBlog 0.7.3 (01.10.2004) |
| | | R00tCr4ck, Multiple Vulnerabilities in Silent Storm Portal (30.09.2004) |
| | | tjomka1_(at)_navigator.lv, PBLang v4.60 bug (30.09.2004) |
| | | Alexander Antipov, [Full-Disclosure] Multiple vulnerabilities in w-agora forum (30.09.2004) |
| | | Stuart Moore, Yahoo! Store Security Advisory (30.09.2004) |
| | | Thomas Waldegger, Multiple XSS Vulnerabilities in Wordpress 1.2 (30.09.2004) |
| | | L0PHT, [VulnWatch] Vignette Application Portal Unauthenticate Diagnostics (30.09.2004) |
| | | SECUNIA, [SA12662] PHP-Fusion "homepage address" Script Insertion Vulnerability (28.09.2004) |
| | | SECUNIA, [SA12654] PHP-Fusion Cross-Site Scripting and Identify Spoof Vulnerabilities (28.09.2004) |
| | | SECUNIA, [SA12609] YaBB Input Validation Vulnerabilities (28.09.2004) |
| | | SECUNIA, [SA12649] Baal Smart Forms "Admin Change Password" Security Bypass (28.09.2004) |
| | | Himeur Nourredine, @lex Guestbook (PHP) Include file (28.09.2004) |
| | | aCiDBiTS, [Full-Disclosure] Serendipity 0.7-beta1 SQL Injection PoC (28.09.2004) |
| | | pigrelax, [Full-Disclosure] SQL injection in BroadBoard Instant ASP Message Board (27.09.2004) |
| | | pigrelax, [Full-Disclosure] HTTP Response Splitting and SQL injection in megabbs forum (27.09.2004) |
| | | alireza hassani, New XSS vulnerabilities in paFileDB 3.1 final (27.09.2004) |
| | | Pedro Sanches, aspWebCalendar /aspWebAlbum: SQL injection (27.09.2004) |
| | | thomas adams, CA UniCenter Management Portal Username Enumeration Vulnerability (27.09.2004) |
| | | FAiN182, Multiple Full Disclosure Path in postnuke 0.750 phoenix (27.09.2004) |
| | | Jose Antonio, Vulnerabilities in Mambo (27.09.2004) |
| | | Jose Antonio, Vulnerabilities in TUTOS (27.09.2004) |
|
|
|
|
|
| |
|
| |
