 |
|
|
|
| WebMod Half-Life dedicated server plugin integer overflow | | Published: |  | 28.02.2005 | | Source: |  | SECUNIA | | SecurityVulns ID: |  | 4534 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Integer overflow with Content-Length: POST request. |
| Affected: |  | WEBMOD : WebMod 0.47 | | | | WEBMOD : WebMod 0.48 | | CVE: |  | CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.) |
| Mozilla and Firefox browsers buffer overflow | | Published: | | 28.02.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4536 | | Type: | | client | | Level: | | 5/10 | | Description: | | Heap based buffer overflow in text processing functions. |
| report bug bug reporting application weak permissions | | Published: | | 28.02.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 4537 | | Type: | | local | | Level: | | 5/10 | | Description: | | Per-user configuration file is world readable and may contain sensitive information, such as SMTP server password. |
| NX Server / FreeNX X Server protection bypass | | Published: | | 28.02.2005 | | Source: | | SECUNIA | | SecurityVulns ID: | | 4538 | | Type: | | local | | Level: | | 5/10 |
gaim instant messanger DoS
updated since 25.02.2005 | | Published: | | 28.02.2005 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 4524 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Application crashes on receiving file with with parenthesis in the name and during HTML parsing. |
| Insecure GFI Languard Network Security Scanner password storage | | Published: | | 28.02.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4540 | | Type: | | local | | Level: | | 4/10 | | Description: | | Password is stored in memory in cleartext. |
| Mitel 3300 ICP IP PBX VOIP device Web session hijack | | Published: | | 28.02.2005 | | Source: | | VULNWATCH | | SecurityVulns ID: | | 4541 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Predictable session id allos to hijack Web administration session. |
| kppp KDE dialer file descriptors leak | | Published: | | 28.02.2005 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 4535 | | Type: | | local | | Level: | | 5/10 | | Description: | | File descriptors are leaked for /etc/hosts and /etc/resolv.conf. |
PHP, ASP, CGI web applications security vulnerabilities
updated since 28.02.2005 | | Published: | | 03.03.2005 | | Source: | | | | SecurityVulns ID: | | 4539 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, etc. |
| Original document |  | DRUPAL, [Full-disclosure] [DRUPAL-SA-2005-001] New Drupal release fixes critical security issue (03.06.2005) |
| | | SECUNIA, [SA14515] Drupal Unspecified Cross-Site Scripting Vulnerability (07.03.2005) |
| | | kreon, wfsections 1.07 advisory (07.03.2005) |
| | | kreon, phpTourney 0.8.0 SQL-Injection (05.03.2005) |
| | | Wesley aka PPC, LOOKNMEET HTML INJECT EXPLOIT (05.03.2005) |
| | | Wesley aka PPC, phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- (05.03.2005) |
| | | HaCkZaTaN, -==phpBB 2.0.13 Full path disclosure==- (05.03.2005) |
| | | Filip Groszynski, PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx) (05.03.2005) |
| | | Filip Groszynski, Download Center Lite (DCL) - Arbitrary File Inclusion (VXSfx) (05.03.2005) |
| | | Black Angel, My-forum.org cookies vulnerability - data bug (04.03.2005) |
| | | Fabian Becker, TYPO3 SQL Injection vunerabilitie (04.03.2005) |
| | | Rift, [XSS] paBox 1.6 (04.03.2005) |
| | | SECUNIA, [SA14450] Woltlab Burning Board SQL Injection Vulnerability (03.03.2005) |
| | | SECUNIA, [SA14464] D-Forum "page" Parameter Cross-Site Scripting Vulnerability (03.03.2005) |
| | | ahmad muammar, Vulnerabilities in Aura CMS (03.03.2005) |
| | | Filip Groszynski, PHP News <= 1.2.4 - Remote File Inclusion (VXSfx) (02.03.2005) |
| | | SECUNIA, [SA14439] phpCOIN Multiple Vulnerabilities (02.03.2005) |
| | | SECUNIA, [SA14433] PostNuke Multiple Vulnerabilities (02.03.2005) |
| | | Raven, Forumwa search.php xss vulnerability (02.03.2005) |
| | | Raven, 427BB profile.php XSS vulnerability. (01.03.2005) |
| | | Raven, Software PBLang 4.63 sendpm.php reply file read vulnerability (01.03.2005) |
| | | Raven, Software PBLang 4.63 delpm.php authentication vulnerability (01.03.2005) |
| | | Kernelpanik Labs - Security Lists, [Full-Disclosure] Kernelpanik Labs Digest 2005-2 (01.03.2005) |
| | | JoCaNoR SeCuRiTy TeaM, [ Postnuke all versions + pnphpbb <=1.2 sql injection - jocanor ] (01.03.2005) |
| | | SECUNIA, [SA14416] CubeCart Cross-Site Scripting Vulnerabilities (01.03.2005) |
| | | Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke Critical SQL Injection 0.760-RC2=>x cXIb8O3.1 (01.03.2005) |
| | | Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke Critical XSS 0.760-RC2=>x cXIb8O3.2 (01.03.2005) |
| | | Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 (01.03.2005) |
| | | Maksymilian Arciemowicz, [SECURITYREASON.COM] PostNuke SQL Injection 0.760-RC2=>x cXIb8O3.3 (01.03.2005) |
| | | SECUNIA, [SA14413] phpBB "autologinid" Security Bypass (28.02.2005) |
|
|
|
|
|
|
|
|
