Axesstel CDMA-routers unauthorized access Published: 29.07.2008 Source: BUGTRAQ SecurityVulns ID: 9176 Type: remote Level: 5/10 Description: It's possible to access configuration pages directly without password. Affected: AXESSTEL : AXESSTEL CDMA 1xEV-DO Original document Bboyhacks_(at)_gmail.com , Security Bypass Vulnerabilities AXESSTEL (29.07.2008 )
DoS through HP OpenView Internet Services Probe Builder Published: 29.07.2008 Source: BUGTRAQ SecurityVulns ID: 9177 Type: remote Level: 5/10 Description: It's possible to terminate any system process through TCP/32968 Affected: HP : Internet Services Probe Builder 2.2 CVE: CVE-2008-1667 Original document IDEFENSE , iDefense Security Advisory 07.28.08: Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability (29.07.2008 ) HP , [security bulletin] HPSBMA02353 SSRT080066 rev.1 - HP OpenView Internet Services Running Probe Builder, Remote Denial of Service (DoS) (29.07.2008 )
AVG antivirus DoS Published: 29.07.2008 Source: BUGTRAQ SecurityVulns ID: 9178 Type: remote Level: 6/10 Description: Division by zero on UPX files parsing. Affected: AVG : AVG 8.0 Original document security_(at)_nruns.com , [Full-disclosure] n.runs-SA-2008.004 - AVG Anti-Virus Divide by Zero - DoS (remote) (29.07.2008 )
Multiple DNS servers and clients DNS records spoofing Published: 29.07.2008 Source: BUGTRAQ SecurityVulns ID: 9142 Type: client Level: 6/10 Description: DNS poisoning attack may be used to spoof query results. Affected: CISCO : IOS 12.2 CISCO : IOS 12.3 BIND : bind 9.3 CISCO : IOS 12.4 PDNS : pdns-recursor 3.1 PYTHON : python-dns 2.3 CVE: CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate (1) TRXID values and (2) UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to (a) algorithmic deficiencies in rand and random functions in external libraries, (b) use of a 32-bit seed value, and (c) choice of the time of day as the sole seeding information.) CVE-2008-1447 Original document DEBIAN , [SECURITY] [DSA 1619-1] New python-dns packages fix DNS response spoofing (29.07.2008 ) I)ruid , CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit (25.07.2008 ) DEBIAN , [SECURITY] [DSA 1544-2] New pdns-recursor packages fix predictable randomness (18.07.2008 ) CISCO , Cisco Security Advisory: Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks (12.07.2008 ) DEBIAN , [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver (12.07.2008 )
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) Published: 29.07.2008 Source: SecurityVulns ID: 9174 Type: remote Level: 5/10 Description: PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
FireStats WordPress plugin: crossite scripting, automation protection bypass, DoS, information leak, unauthorized access. Affected: POSTNUKE : PostNuke 0.726 PIXELPOST : PixelPost 1.7 XRMS : XRMS 1.99 FIRESTATS : FireStats 1.0 JAMROOM : Jamroom 3.3 WEBWIZ : Web Wiz Rich Text Editor 4.02 VIART : ViArt 3.5 OWL : Owl 0.95 PHPJOBSCHEDULER : PhpJobScheduler 3.1 CVE: CVE-2008-3100 Original document Ghost hacker , PhpJobScheduler 3.1 Remote File Inclusion Vulnerability (29.07.2008 ) Fabian Fingerle , Cross Site Scripting (XSS) in Owl <=0.95, CVE-2008-3100 (29.07.2008 ) JeiAr , ViArt <= 3.5 SQL Injection (29.07.2008 ) supportrup_(at)_gmail.com , Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02 (29.07.2008 ) JeiAr , JamRoom <= 3.3.8 Authentication Bypass (29.07.2008 ) Digital Security Research Group [DSecRG] , [DSECRG-08-033] Local File Include Vulnerability in Pixelpost 1.7.1 (29.07.2008 ) MustLive , Vulnerabilities in FireStats (29.07.2008 ) MustLive , Multiple vulnerabilities in FireStats (29.07.2008 ) HACKERS PAL , ezContents CMS Renote File inclusion (26.07.2008 ) azzcoder_(at)_hotmail.com , XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities (26.07.2008 ) MustLive , Vulnerabilities in PostNuke Phoenix (26.07.2008 )
