VARIoT IoT vulnerabilities database

Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. Netgear Router is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users

Unspecified vulnerability in the web server code in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, allows remote attackers to cause a denial of service (memory corruption) via unknown vectors. Xerox WorkCentre / CopyCentre are prone to multiple vulnerabilities. Exploiting these issues can allow remote attackers to trigger a denial-of-service condition in a device. Some of these issues may allow for arbitrary code execution as well, but this is unconfirmed. These software versions are vulnerable: - 1.001.02.073 or prior - Versions greater than 1.001.02.074 but less than 1.001.02.715. 1) An unspecified boundary error in the PostScript file interpreter can be exploited to cause a buffer overflow. Successful exploitation causes a denial of service on a vulnerable device. 2) Two unspecified errors in the handling of PostScript files can be exploited to cause a denial of service on a vulnerable device via a specially crafted PostScript file. 3) An unspecified error in the built-in web server can be exploited to cause a memory corruption. Successful exploitation causes a denial of service on a vulnerable device. 4) An unspecified error in the ESS / Network Controller causes an image overwrite to fail in certain situations after a power loss. * Xerox WorkCentre Pro 65, 75, and 90. SOLUTION: Install System Software Version 1.001.02.074 or 1.001.02.716 (the software versions can be obtained by contacting Xerox customer support). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.xerox.com/downloads/usa/en/c/cert_XRX06_002.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. DCC SEND, or (2) a DCC SEND with an IP address, port, and file size parameter value of 0. Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users. Linksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed

The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file. The McAfee Virex 7.7 Mac uses an online scanner. As shown in the EICAR test file. Virex is prone to a security bypass vulnerability

Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. This issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. http://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. 1) Various security issues exist in the PHP Apache module and scripting environment. For more information: SA17371 2) An error in automount makes it possible for malicious file servers to cause a vulnerable system to mount file systems with reserved names, which can cause a DoS (Denial of Service) or potentially allow arbitrary code execution. 3) An input validation error in the BOM framework when unpacking certain archives can be exploited to cause files to be unpacked to arbitrary locations via directory traversal attacks. 4) The "passwd" program creates temporary files insecurely, which can be exploited via symlink attacks to create or overwrite arbitrary files with "root" privileges. 5) User directories are insecurely mounted when a FileVault image is created, which may allow unauthorised access to files. 6) An error in IPSec when handling certain error conditions can be exploited to cause a DoS against VPN connections. 7) An error in the LibSystem component can be exploited by malicious people to cause a heap-based buffer overflow via applications when requesting large amounts of memory. 8) The "Download Validation" in the Mail component fails to warn users about unsafe file types when an e-mail attachment is double-clicked. 9) In certain cases a Perl program may fail to drop privileges. For more information: SA17922 10) A boundary error in rsync can be exploited by authenticated users to cause a heap-based buffer overflow when it's allowed to transfer extended attributes. 11) A boundary error in WebKit's handling of certain HTML can be exploited to cause a heap-based buffer overflow. 12) A boundary error in Safari when parsing JavaScript can be exploited to cause a stack-based buffer overflow and allows execution of arbitrary code when a malicious web page including specially crafted JavaScript is viewed. 13) An error in Safari's security model when handling HTTP redirection can be exploited to execute JavaScript in the local domain via a specially crafted web site. 14) An error in Safari / LaunchServices may cause a malicious application to appear as a safe file type. This may cause a malicious file to be executed automatically when the "Open safe files after downloading" option is enabled. This vulnerability is related to: SA18963 15) An input validation error in the Syndication (Safari RSS) component can be exploited to conduct cross-site scripting attacks when subscribing to malicious RSS content. SOLUTION: Apply Security Update 2006-001. 4) Vade 79 (the vendor also credits Ilja van Sprundel and iDEFENSE). 6) The vendor credits OUSPG from the University of Oulu, NISCC, and CERT-FI. 7) The vendor credits Neil Archibald, Suresec LTD. 10) The vendor credits Jan-Derk Bakker. 11) The vendor credits Suresec LTD. ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=303382 Vade79: http://fakehalo.us/xosx-passwd.pl OTHER REFERENCES: SA18963: http://secunia.com/advisories/18963/ SA17922: http://secunia.com/advisories/17922/ SA17371: http://secunia.com/advisories/17371/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

uConfig agent in Compex NetPassage WPE54G router allows remote attackers to cause a denial of service (unresposiveness) via crafted datagrams to UDP port 7778. NetPassage WPE54G is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the device to properly handle user-supplied input. An attacker can exploit this issue to crash the affected device, effectively denying service to legitimate users. TITLE: Compex NetPassage WPE54G Denial of Service Vulnerability SECUNIA ADVISORY ID: SA19037 VERIFY ADVISORY: http://secunia.com/advisories/19037/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Compex NetPassage WPE54G http://secunia.com/product/8471/ DESCRIPTION: /dev/0id has reported a vulnerability Compex NetPassage WPE54G, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the uConfig agent within the handling of certain UDP datagrams. SOLUTION: Use of the network device on trusted networks only. PROVIDED AND/OR DISCOVERED BY: /dev/0id, Ukr Security Team. ORIGINAL ADVISORY: http://www.security.nnov.ru/Ldocument605.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The ncprwsnt service in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to execute arbitrary code by modifying the connect.bat script, which is automatically executed by the service after a connection is established. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (memory usage and cpu utilization) via a flood of arbitrary UDP datagrams to ports 0 to 65000. NOTE: this issue was reported as a buffer overflow, but that term usually does not apply in flooding attacks. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. NuFW is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle excessive authentication requests. This issue results in the 'nuauth' module failing to respond to new authentication requests, denying service to further users. NuFW versions prior to 1.0.21 are affected by this issue

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. There is an SQL injection vulnerability in PHP-Nuke 7.8 Patched 3.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1264-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 7th, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : php4 Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0906 It was discovered that an integer overflow in the str_replace() function could lead to the execution of arbitrary code. CVE-2007-0907 It was discovered that a buffer underflow in the sapi_header_op() function could crash the PHP interpreter. CVE-2007-0908 Stefan Esser discovered that a programming error in the wddx extension allows information disclosure. CVE-2007-0909 It was discovered that a format string vulnerability in the odbc_result_all() functions allows the execution of arbitrary code. CVE-2007-0910 It was discovered that super-global variables could be overwritten with session data. CVE-2007-0988 Stefan Esser discovered that the zend_hash_init() function could be tricked into an endless loop, allowing denial of service through resource consumption until a timeout is triggered. For the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-19. For the unstable distribution (sid) these problems have been fixed in version 6:4.4.4-9 of php4 and version 5.2.0-9 of php5. We recommend that you upgrade your php4 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.dsc Size/MD5 checksum: 1686 65acb80d308f7625e8ec91bb6e29eb29 http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.diff.gz Size/MD5 checksum: 283658 c7c1e0ce432510ed48cd9e135a21a59e http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz Size/MD5 checksum: 4892209 73f5d1f42e34efa534a09c6091b5a21e Architecture independent components: http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-19_all.deb Size/MD5 checksum: 250024 8005785eca558044984ca6a66019c02f http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19_all.deb Size/MD5 checksum: 1142 bd2113b4fc760a9e2d81f67ccf24fcac Alpha architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_alpha.deb Size/MD5 checksum: 1701456 14d35e1ca06e0a4339b1b8c885a6bd8f http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_alpha.deb Size/MD5 checksum: 1699180 4e630e589b36cf5143c772802ef4bafc http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_alpha.deb Size/MD5 checksum: 3466040 56e187c9cabb148b5681074f2ebcf6d2 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_alpha.deb Size/MD5 checksum: 1743378 4251694e892c47e59dad839e9ab7a2bc http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_alpha.deb Size/MD5 checksum: 168220 6595a46953cfa5156cc9dfbebfb57238 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_alpha.deb Size/MD5 checksum: 18148 9944bd006a811a68280d58707dba0fca http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_alpha.deb Size/MD5 checksum: 325162 3bf569109326bf57a6db0908864d7d4f http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_alpha.deb Size/MD5 checksum: 39036 0c174134c0af3da2a44471e0b6a0c0d9 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_alpha.deb Size/MD5 checksum: 34546 12b9ead7e3d2bc3d586db7c639b25a71 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_alpha.deb Size/MD5 checksum: 38140 f600d5a57454eac81a59614e396d0a7e http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_alpha.deb Size/MD5 checksum: 21370 4bc085128a86ebe0b5aff3f33c6b85a5 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_alpha.deb Size/MD5 checksum: 18206 00041519f22ba5528a61384a1cd8ff25 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_alpha.deb Size/MD5 checksum: 8340 5faa2f4f4dcc1e6d691fb4e514be1206 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_alpha.deb Size/MD5 checksum: 22454 8b815228a909700fecf5bc08301605b6 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_alpha.deb Size/MD5 checksum: 28368 230200935d5b2fe06fc6d01abcf36dc6 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_alpha.deb Size/MD5 checksum: 7964 a6b4bbd2b60752668b3556cdcbafbf78 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_alpha.deb Size/MD5 checksum: 13770 76441138f5d1bed6c02f43c5a2c55f0c http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_alpha.deb Size/MD5 checksum: 23304 d7802126ab8dde4842a72fca318e0424 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_alpha.deb Size/MD5 checksum: 17886 f341be585bc1342cc87cf814283dc826 AMD64 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_amd64.deb Size/MD5 checksum: 1660864 6e8eea11106fd4b06d5d52ab41671003 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_amd64.deb Size/MD5 checksum: 1658212 e874bb3b60124b4e32732e9b3988c47a http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_amd64.deb Size/MD5 checksum: 3278508 aac0f56842fe12b91dc7acab71f1be03 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_amd64.deb Size/MD5 checksum: 1648682 51d7e77dba0ed241fa4bd60f110bcc69 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_amd64.deb Size/MD5 checksum: 168202 11bf04caba233142536151ff0decf329 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_amd64.deb Size/MD5 checksum: 17830 6079814a18fab1b42068de9fd1d35a29 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_amd64.deb Size/MD5 checksum: 325184 9c48363c84aa56f9020d83cef98d8b75 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_amd64.deb Size/MD5 checksum: 40800 d7ac88bc6c813a747c8ae14681605b35 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_amd64.deb Size/MD5 checksum: 34280 3b1eb57caa289d1c776f66d6734dee39 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_amd64.deb Size/MD5 checksum: 37726 014109aa721508ef8b6825e5e9744fac http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_amd64.deb Size/MD5 checksum: 21416 6b2bf18f6d6db5ee5bf57199639e9870 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_amd64.deb Size/MD5 checksum: 18886 01b618565ddfce919b8fffba1b336fad http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_amd64.deb Size/MD5 checksum: 8248 8e56bda6cd19f62248eba36057f9c381 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_amd64.deb Size/MD5 checksum: 22892 6789a85586205f00dd35f396012d437f http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_amd64.deb Size/MD5 checksum: 28786 87c5652813f3fc2e636d0de7c6504585 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_amd64.deb Size/MD5 checksum: 7918 c672b5d5a0dcc8ec56ae29b866909ee7 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_amd64.deb Size/MD5 checksum: 13684 7996ac194aad7b71aca2ce125f3fe53a http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_amd64.deb Size/MD5 checksum: 22444 fba5d84d8727dc342a4613cb4f0e5fca http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_amd64.deb Size/MD5 checksum: 17576 182a9c583741056b4f903071066aa777 ARM architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_arm.deb Size/MD5 checksum: 1592392 e6c3e603f4b01b8b6472a01fa5c8b149 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_arm.deb Size/MD5 checksum: 1591960 42fc42a21fafe9980b1cbbd1450b6ebe http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_arm.deb Size/MD5 checksum: 3172326 44e7b476a2e1f1d6a8a3515aa407dddb http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_arm.deb Size/MD5 checksum: 1593200 0b02299dad2f9a76ee4e11f2d1aba8f1 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_arm.deb Size/MD5 checksum: 168244 f3c5d8aa86020ded4056f329cb005fe4 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_arm.deb Size/MD5 checksum: 17652 459d0f476feee2720542be633d56a92b http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_arm.deb Size/MD5 checksum: 325472 a741698e463184d3b278412189c9c1c2 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_arm.deb Size/MD5 checksum: 36114 5de247081d931105d8dfcad25dead156 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_arm.deb Size/MD5 checksum: 31782 8581635d5ffcb20066ad8a17742bf27e http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_arm.deb Size/MD5 checksum: 35462 da35a74bd0d0db3f7488860e19cfa79d http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_arm.deb Size/MD5 checksum: 19736 9be69fb529fcf733a91ac24b024a9958 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_arm.deb Size/MD5 checksum: 17086 5e372f2c55c6db64733458342fd27952 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_arm.deb Size/MD5 checksum: 7826 6b2e87408132edfc496475409128f949 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_arm.deb Size/MD5 checksum: 20600 cfad055dec9f682724478910247d974e http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_arm.deb Size/MD5 checksum: 27330 5c1904d04e7f81349b2d78e1cb7abe3b http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_arm.deb Size/MD5 checksum: 7644 d6ce09f4c247eb1a69965bc90836df81 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_arm.deb Size/MD5 checksum: 12790 31d406e601ca65bfc8a2779d0e7cebb4 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_arm.deb Size/MD5 checksum: 20892 822c073cb45186c6d872afdef513bc90 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_arm.deb Size/MD5 checksum: 15792 169a0517a14c792e870fcf1b94192276 HP Precision architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_hppa.deb Size/MD5 checksum: 1759810 d97fae3b1a080a942653878c82cd3ffa http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_hppa.deb Size/MD5 checksum: 1757570 5c77a078ff8b20ea0402b4a904e0232b http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_hppa.deb Size/MD5 checksum: 3427812 03e08da005f5f97a6ecd7ab60b5ce68c http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_hppa.deb Size/MD5 checksum: 1719506 0d0b5c78f2493fa4911db750d517998a http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_hppa.deb Size/MD5 checksum: 168222 7370b1318dc8c75d7008c255b2002f6a http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_hppa.deb Size/MD5 checksum: 20028 45464c08d59854305c4a5c9f490d9a63 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_hppa.deb Size/MD5 checksum: 325312 ecccda98a727a5eaf06a0f0b17185cce http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_hppa.deb Size/MD5 checksum: 42104 40d2342dcc42b48485573952cffc03f7 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_hppa.deb Size/MD5 checksum: 37340 88ff9b02b36a7a1c9c2fce8056ef6f15 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_hppa.deb Size/MD5 checksum: 42648 8f1169758d56f94f0c92142be87d6be0 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_hppa.deb Size/MD5 checksum: 23000 12fa26227ed747fa3af3ad9efeb8d504 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_hppa.deb Size/MD5 checksum: 19908 560ad81c6f6db1820c6c572f67cd8152 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_hppa.deb Size/MD5 checksum: 8698 0656ad921535945f456fb480cc80743f http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_hppa.deb Size/MD5 checksum: 23596 2fae2e9262934c47965416824c08943b http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_hppa.deb Size/MD5 checksum: 30172 d2aaabd18fe095a8e106e20505f03ef2 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_hppa.deb Size/MD5 checksum: 8340 5f2d0de885c904fec8a775afc40b6334 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_hppa.deb Size/MD5 checksum: 14562 e5dd41449a0e1b35188c7b1946610862 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_hppa.deb Size/MD5 checksum: 24124 786abb1633ebf48ab459f4e96656efba http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_hppa.deb Size/MD5 checksum: 18650 afab0398769e8c50b934ee221ea50a5a Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_i386.deb Size/MD5 checksum: 1614182 612dd25787db4bba5c0b54006c02d50b http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_i386.deb Size/MD5 checksum: 1612058 9a67d7f1a9aade4bb3eed6b392077bf9 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_i386.deb Size/MD5 checksum: 3209228 5ac98a8a5649ea2ae6588c4e460ec90c http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_i386.deb Size/MD5 checksum: 1609646 ec3d17f2b3024ef5ed6e8b21c4286b26 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_i386.deb Size/MD5 checksum: 168222 9ab456c6fe0ed13f2e591f88a26f81d6 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_i386.deb Size/MD5 checksum: 17892 92d2e8793dfca9be7576624beb4b0005 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_i386.deb Size/MD5 checksum: 325192 1a382f30b8ece263b027cfcc35ecfe9c http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_i386.deb Size/MD5 checksum: 37228 317fd23c3687d861b8b4789c1ea381d1 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_i386.deb Size/MD5 checksum: 32384 d0655edb839dae2fa8ce269c84e91500 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_i386.deb Size/MD5 checksum: 37402 95a94b237e75a4c1a64bcb592b351498 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_i386.deb Size/MD5 checksum: 19958 9cd9bd8707c8b781e9196311f031ec02 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_i386.deb Size/MD5 checksum: 17672 4b6d7c1eca69b9b218617ac243fa08ad http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_i386.deb Size/MD5 checksum: 8036 d2efa8096dc22d3c83f8095bb1ab4041 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_i386.deb Size/MD5 checksum: 21218 042bca1661b147c7be77a69936793904 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_i386.deb Size/MD5 checksum: 27138 7bbf0a0bd2aee657573d7174f32f1ae7 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_i386.deb Size/MD5 checksum: 7704 449baf33502b9f48c083dc4b338979dd http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_i386.deb Size/MD5 checksum: 13152 e1843d982173596abed784d8e7afcafa http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_i386.deb Size/MD5 checksum: 21382 629931e8d3024d1905071ec9dca9142b http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_i386.deb Size/MD5 checksum: 16400 d58ba81b22439e5285d448c4316bf5f0 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_ia64.deb Size/MD5 checksum: 1952256 b11fa1724bd55829b353525d564e47cc http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_ia64.deb Size/MD5 checksum: 1949710 aa0d4ee3995c997f265c272bc0445e1d http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_ia64.deb Size/MD5 checksum: 3895870 c29d60863e2331e919339626831fb5a4 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_ia64.deb Size/MD5 checksum: 1950132 2a7611e476d2afd7f5564e7f4cafac3a http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_ia64.deb Size/MD5 checksum: 168224 f3c570f637fb69b0d55dbdaaaf882c53 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_ia64.deb Size/MD5 checksum: 22028 f51f4140ef5d8de1db90bfe06d92d8b8 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_ia64.deb Size/MD5 checksum: 325338 41a5b1ff824be8410e94d5d3f4eaab5c http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_ia64.deb Size/MD5 checksum: 50644 a1f0f2f91dfbf84d24446e455e4d0d7c http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_ia64.deb Size/MD5 checksum: 45256 45155a527b60ebcd117901fc86390d67 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_ia64.deb Size/MD5 checksum: 48280 cea938e0b3829eeb344939c6116a3274 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_ia64.deb Size/MD5 checksum: 27042 fc2b4d3e1ae91076548568d8c922037f http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_ia64.deb Size/MD5 checksum: 22658 f0f5301aa72e4e4ad61bdf90e6594de2 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_ia64.deb Size/MD5 checksum: 9334 a5c9f81e2bd6bc5ee4c86f5e4d1a0cd1 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_ia64.deb Size/MD5 checksum: 27602 89ecb1e38d742cff328580cdfe78b8f1 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_ia64.deb Size/MD5 checksum: 36192 49054c542a4534c12894bfefaf0db1eb http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_ia64.deb Size/MD5 checksum: 9012 d4db9ef8429729ab3051501004082c99 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_ia64.deb Size/MD5 checksum: 16338 d614825738a19af8ad2500b7c048b51b http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_ia64.deb Size/MD5 checksum: 28878 6d5df675a23f641f3e1dc5656db9e18a http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_ia64.deb Size/MD5 checksum: 21912 e76f15111a9b4ccdd94e1f7eac74b088 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_m68k.deb Size/MD5 checksum: 1580014 f45532aa9784f98ff1525bb005c76b30 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_m68k.deb Size/MD5 checksum: 1578768 71e652061d4867e6520d448b695f59f7 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_m68k.deb Size/MD5 checksum: 3080886 6131fe6ae47c2585775714cc64f2b34e http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_m68k.deb Size/MD5 checksum: 1551076 4aef3676854e4ace8e79d0b740109acd http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_m68k.deb Size/MD5 checksum: 168268 46923171263033b7d10a73c165baa849 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_m68k.deb Size/MD5 checksum: 18322 38c451535b6cd68a0e685c4df93cb01e http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_m68k.deb Size/MD5 checksum: 325808 dd492a00a1d27fa02f2b60e6a481d753 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_m68k.deb Size/MD5 checksum: 36516 d96b45bb5edaf8edd2282180639ddde8 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_m68k.deb Size/MD5 checksum: 31006 5647045aff47fb945f5ad2f148e4aede http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_m68k.deb Size/MD5 checksum: 34926 a7fecf002a308ed790931ecc849f379c http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_m68k.deb Size/MD5 checksum: 19126 8cd11ec89d611be7674b5117bd48545a http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_m68k.deb Size/MD5 checksum: 17820 d4e6de681e37bae511f04d4a3aa5bb2f http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_m68k.deb Size/MD5 checksum: 7964 06ac2494cd27c91d06f40592bdde7871 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_m68k.deb Size/MD5 checksum: 20694 b290e22f889af582bedf953d3b5e63a2 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_m68k.deb Size/MD5 checksum: 25852 be18d00b30fbca8ee6f6d9f31c9912b4 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_m68k.deb Size/MD5 checksum: 7682 7fd30edd98afff26bb2d0fedc5556ac8 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_m68k.deb Size/MD5 checksum: 12708 f95ada3a476fda3ea9bb36a263dfc19e http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_m68k.deb Size/MD5 checksum: 20376 6a0f683bd56800a86976d17cf0f90438 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_m68k.deb Size/MD5 checksum: 15878 4d8a9a99d92b68a7c29f9e4eb48e6c28 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mips.deb Size/MD5 checksum: 1648626 c09ff318909ac3ec198cf8adb32c3e73 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mips.deb Size/MD5 checksum: 1646678 8adf0e0321dad42a4a33278b54c1d78a http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mips.deb Size/MD5 checksum: 3295802 61b55383a87aaecf5825679502a2cd94 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mips.deb Size/MD5 checksum: 1652658 c094e3ff43dca52eecd39d3d393003f9 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mips.deb Size/MD5 checksum: 168214 a85518eecd34caeb8b155741fbba6db2 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mips.deb Size/MD5 checksum: 16826 79bb3b43b38eba4b9cfaed68939fb1ad http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mips.deb Size/MD5 checksum: 325308 eab0cd699328a69b4f3ef88481985d6c http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mips.deb Size/MD5 checksum: 35228 de389e3122cd99882eeeaca2fc7b70a3 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mips.deb Size/MD5 checksum: 31938 87dea075793ed76b812a81963c913aef http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mips.deb Size/MD5 checksum: 34012 e535078c682091dac1a46f2fb4c0e7c4 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mips.deb Size/MD5 checksum: 19922 5fe0bc6ac5386626273ae6ee2e66215b http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mips.deb Size/MD5 checksum: 16476 372a59ba3934e84bb106896a06a03a11 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mips.deb Size/MD5 checksum: 8120 2b6f78e9419969fdc3ce80bc14d85560 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mips.deb Size/MD5 checksum: 20504 0ce56458633d1e77f528d4f9b968ce13 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mips.deb Size/MD5 checksum: 26370 3b393309a1ddb3a67a6018496ca29e6b http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mips.deb Size/MD5 checksum: 7824 fa7930366a56bb94deaffe6440e94822 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mips.deb Size/MD5 checksum: 13154 243bf42c3fdd1db4f402de11750c9171 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mips.deb Size/MD5 checksum: 21654 cd359bf978b6ea51e6eb65a37b60278f http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mips.deb Size/MD5 checksum: 16188 d4ebc66b677efe3b82a163b62c29aa35 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mipsel.deb Size/MD5 checksum: 1630640 210a7f2df10febfaa52f2447520df140 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mipsel.deb Size/MD5 checksum: 1628878 17b584a9e468eb8ede205a2a6878f4b1 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mipsel.deb Size/MD5 checksum: 3254494 b9a460244d857a77f0d2fc5c1b91894f http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mipsel.deb Size/MD5 checksum: 1631616 370c7e8cb963ec8f95049dbf5675fe4a http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mipsel.deb Size/MD5 checksum: 168228 ff3e221bfb5b79f12c10ebd815d88b29 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mipsel.deb Size/MD5 checksum: 16794 7d960cc9d3e3d362d0f4dba0497eb5b7 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mipsel.deb Size/MD5 checksum: 325308 f14f5986aa26436d2c6d81707b9987d8 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mipsel.deb Size/MD5 checksum: 34774 f4f195f0914c0bc882b5143c479c5d24 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mipsel.deb Size/MD5 checksum: 31666 9f6063fcb54d5379b997ccbc982f65f2 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mipsel.deb Size/MD5 checksum: 33894 da46922024a02d1023b521cc076cb9cb http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mipsel.deb Size/MD5 checksum: 19800 b86f23fe9c0c7ec4b56c2f767693835f http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mipsel.deb Size/MD5 checksum: 16384 3e98c62e74e0523e224ad665e604eb78 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mipsel.deb Size/MD5 checksum: 8092 2ab07f4176f45cbd6a74fbccdb72e9b9 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mipsel.deb Size/MD5 checksum: 20448 61b72f3ff7cbdec0c7bcf644ae7a42e4 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mipsel.deb Size/MD5 checksum: 26244 d38dfaa8d7a2565b38edf485c9692212 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mipsel.deb Size/MD5 checksum: 7778 0aba913f072a2ab411f7f36408838041 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mipsel.deb Size/MD5 checksum: 13054 2b4f2d929c4a9e8d7aafc439b6a6b4b4 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mipsel.deb Size/MD5 checksum: 21598 6691aed3e3879ce3884c31bc0c60ae4f http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mipsel.deb Size/MD5 checksum: 16166 696aa9954b611596fa02b92bb15914d3 PowerPC architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_powerpc.deb Size/MD5 checksum: 1661280 abad22f7719712b40a4af68503551e21 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_powerpc.deb Size/MD5 checksum: 1659466 4997003d5edddb161c931ed7f47cfe0a http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_powerpc.deb Size/MD5 checksum: 3281422 f4bdbbaac2e032788c26bb92dc0da376 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_powerpc.deb Size/MD5 checksum: 1646784 d84ff6b16873412f6af326995e09ab54 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_powerpc.deb Size/MD5 checksum: 168220 3f03b4edeffcd89c5cc4127d3a4602ac http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_powerpc.deb Size/MD5 checksum: 19638 1c874990ecb283c1b23950b016485b50 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_powerpc.deb Size/MD5 checksum: 325264 15b8a3d2cde40c4aaf31d1925189ab3b http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_powerpc.deb Size/MD5 checksum: 38646 3945c96a6cd13120e293f60ae820d6d0 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_powerpc.deb Size/MD5 checksum: 34516 b44d4867447c01db49fe5a9c8e538015 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_powerpc.deb Size/MD5 checksum: 37770 8fffcc151a281269cccb29559f0b90fc http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_powerpc.deb Size/MD5 checksum: 21412 9a9663537ca1997bc62cfa4494eba8f3 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_powerpc.deb Size/MD5 checksum: 19728 9bb25b04bec25cee082c8a8e81c4a19d http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_powerpc.deb Size/MD5 checksum: 9578 d1bd238a89be2838f5b37d5b2b2a9053 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_powerpc.deb Size/MD5 checksum: 22604 2935a012ecd74195f44e2213c9999c7a http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_powerpc.deb Size/MD5 checksum: 28686 46bb5b9d2b6e4258fe2b8dc130ae817c http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_powerpc.deb Size/MD5 checksum: 9286 2282aefc94808ac2ea1490ecb3ea357f http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_powerpc.deb Size/MD5 checksum: 14960 68716f24414748d9e621c7f4b0a8e2ea http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_powerpc.deb Size/MD5 checksum: 23038 193ae7cc97bc2ce1c7033cc14cd6c9c9 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_powerpc.deb Size/MD5 checksum: 18268 1b032bee509fb88ce36d481c4335418a IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_s390.deb Size/MD5 checksum: 1709576 c521d1761395fa41e785906cd052a240 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_s390.deb Size/MD5 checksum: 1708618 cbea3ff2f1f8b42c91f8d1ebe6f295a1 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_s390.deb Size/MD5 checksum: 3360294 a642ef581d1decdd6b330f2ca62aa3a8 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_s390.deb Size/MD5 checksum: 1687438 0a16abfb5e945795b598e06fe78821bd http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_s390.deb Size/MD5 checksum: 168202 088f381bf8f67c76e6a636b1a7420709 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_s390.deb Size/MD5 checksum: 17842 6f628c4ba64fe7c3e6d1958d8887a032 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_s390.deb Size/MD5 checksum: 325188 84155d21cc204dd029cb6fe724fd700e http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_s390.deb Size/MD5 checksum: 41124 f159880550b5c238b0f9cd357763e120 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_s390.deb Size/MD5 checksum: 33564 560a9717ec712e71a9608ee808017f93 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_s390.deb Size/MD5 checksum: 37530 58332a689abe020d696accb2c4413bdc http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_s390.deb Size/MD5 checksum: 21410 8266344d677b30c00ee0575185808c7d http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_s390.deb Size/MD5 checksum: 17732 1d5a9cdcc554b886836392abacafb37a http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_s390.deb Size/MD5 checksum: 8394 bf5bfd48a6955ed04cf5eb43c0dbed80 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_s390.deb Size/MD5 checksum: 22938 558f6a81404ef0097f4d47ef41067acd http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_s390.deb Size/MD5 checksum: 28874 63b1580d76b438dfe3c6150fca0c983c http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_s390.deb Size/MD5 checksum: 8048 fb1993cc4170134b46d0a68496971992 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_s390.deb Size/MD5 checksum: 13894 eeee528a1872d8fd80f92c6459950216 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_s390.deb Size/MD5 checksum: 22276 ef4cc0b299f757599e7edd178cfbfa95 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_s390.deb Size/MD5 checksum: 17300 c2d98a377eff47a1fa6376d491378007 Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_sparc.deb Size/MD5 checksum: 1623810 c451cd4693f5a69534681b1eba46e29d http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_sparc.deb Size/MD5 checksum: 1620886 6f450acb1570c2917c92af4e2ee3462b http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_sparc.deb Size/MD5 checksum: 3197912 c01cbc381a760f7439f8c8b24a8ee717 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_sparc.deb Size/MD5 checksum: 1606454 0f3be5c22bb512308e0c668b06e7f25b http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_sparc.deb Size/MD5 checksum: 168222 d4a0310401f3092a2ea57880bed9911d http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_sparc.deb Size/MD5 checksum: 18074 160821e02197baf3364906d17eabaa37 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_sparc.deb Size/MD5 checksum: 325276 b0c1759a579859033b410d34bf443162 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_sparc.deb Size/MD5 checksum: 36488 cb0f7a642bcc12fdcde900b179ad197f http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_sparc.deb Size/MD5 checksum: 31948 c31211a42a127e283cf05eea2acb3782 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_sparc.deb Size/MD5 checksum: 36246 ded59dffa2579d4f3f91be5bc465812e http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_sparc.deb Size/MD5 checksum: 19278 d852fc1b8146be87d789d46f3fd9531a http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_sparc.deb Size/MD5 checksum: 17488 c25a9f3959ad71717f22139ee5cc3964 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_sparc.deb Size/MD5 checksum: 7870 54ef2d007c15936eff7a0968c1bb8411 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_sparc.deb Size/MD5 checksum: 20672 3aa6f646c2d48e12f274844d882b4cb3 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_sparc.deb Size/MD5 checksum: 26540 db50bace36223a5fb3165012da864279 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_sparc.deb Size/MD5 checksum: 7594 a16c41b7273adaf2b72e2cd66a29d856 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_sparc.deb Size/MD5 checksum: 12846 5f44cba16d1c910b0336c221ab3db31b http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_sparc.deb Size/MD5 checksum: 20850 f84c554b5e0c31a276444953acdf0d5d http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_sparc.deb Size/MD5 checksum: 15866 56d9a2ad4d2d94150b7be7deefc6fbd0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF7zanXm3vHE4uyloRAr0xAKCLwQ7ji6kxWczRj+WZRIEknn3R4QCgxaVz ShT4FvG6b6xvbngTqwEvkkU= =FElM -----END PGP SIGNATURE-----

NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. Netgear WGT624 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device

The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. A vulnerability has been reported in NetGear WGT624 Wireless Firewall Routers. When configured to back up configuration settings, the device will store various information in cleartext. Accessing this file could allow an attacker to obtain sensitive information that could aid in compromising the device's web administration interface. Note that the backup option is not enabled by default, but is a common feature used by administrators

SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. A SQL injection vulnerability exists in PHP-Nuke versions prior to 7.8 Patched 3.2

Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device

NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. Remote attackers may use this vulnerability to perform denial of service attacks on server programs. If the user visits a specially crafted URL request, it may cause NmService to use 100\\% of CPU resources, resulting in a denial of service

Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this password was configured by a reseller, not the original vendor; if so, then this is not a vulnerability in the product. Uip1868p is prone to a information disclosure vulnerability