 |
|
|
|
| Axesstel CDMA-routers unauthorized access | | Published: |  | 29.07.2008 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9176 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | It's possible to access configuration pages directly without password. |
| DoS through HP OpenView Internet Services Probe Builder | | Published: | | 29.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9177 | | Type: | | remote | | Level: | | 5/10 | | Description: | | It's possible to terminate any system process through TCP/32968 |
| AVG antivirus DoS | | Published: | | 29.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9178 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Division by zero on UPX files parsing. |
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 26.07.2008 | | Published: | | 29.07.2008 | | Source: | | | | SecurityVulns ID: | | 9174 | | Type: | | remote | | Level: | | 5/10 | | Description: | | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
FireStats WordPress plugin: crossite scripting, automation protection bypass, DoS, information leak, unauthorized access. |
| Original document |  | Ghost hacker, PhpJobScheduler 3.1 Remote File Inclusion Vulnerability (29.07.2008) |
| | | Fabian Fingerle, Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100 (29.07.2008) |
| | | JeiAr, ViArt <= 3.5 SQL Injection (29.07.2008) |
| | | supportrup_(at)_gmail.com, Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02 (29.07.2008) |
| | | JeiAr, JamRoom <= 3.3.8 Authentication Bypass (29.07.2008) |
| | | Digital Security Research Group [DSecRG], [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1 (29.07.2008) |
| | | MustLive, Vulnerabilities in FireStats (29.07.2008) |
| | | MustLive, Multiple vulnerabilities in FireStats (29.07.2008) |
| | | HACKERS PAL, ezContents CMS Renote File inclusion (26.07.2008) |
| | | azzcoder_(at)_hotmail.com, XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities (26.07.2008) |
| | | MustLive, Vulnerabilities in PostNuke Phoenix (26.07.2008) |
Multiple DNS servers and clients DNS records spoofing
updated since 12.07.2008 | | Published: | | 29.07.2008 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9142 | | Type: | | client | | Level: | | 6/10 | | Description: | | DNS poisoning attack may be used to spoof query results. |
| Affected: |  | CISCO : IOS 12.2 | | | | CISCO : IOS 12.3 | | | | BIND : bind 9.3 | | | | CISCO : IOS 12.4 | | | | PDNS : pdns-recursor 3.1 | | | | PYTHON : python-dns 2.3 | | CVE: |  | CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.) | | | | CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug.") |
|
|
|
|
|
|
|
|
