VARIoT IoT vulnerabilities database

Affected products: vendor, model and version
CWE format is 'CWE-number'. Threat type can be: remote or local
Look up free text in title and description

VAR-200603-0495 CVE-2006-0965 NCP 'ncpmon.exe' Secure Client Multi-Vulnerability CVSS V2: 4.6
CVSS V3: -
Severity: MEDIUM
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200603-0496 CVE-2006-0966 NCP 'ncprwsnt.exe 'Network Communication Security Client Denial of Service Multiple Vulnerabilities CVSS V2: 2.1
CVSS V3: -
Severity: LOW
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a large number of arguments to ncprwsnt.exe, possibly due to a buffer overflow. NCP Secure Client is susceptible to multiple vulnerabilities. The following issues have been identified: - Firewall rules designed to allow only specific applications to access the network may be bypassed. - Some applications are prone to local command-line-argument buffer-overflow vulnerabilities. - The VPN client is susceptible to a remote denial-of-service vulnerability. - The VPN client is susceptible to a local privilege-escalation vulnerability. These issues allow local attackers to gain SYSTEM-level privileges, allowing them to completely compromise affected computers. Remote attackers may consume excessive CPU resources, denying service to legitimate users. NCP Secure Client version 8.11 Build 146 on the Microsoft Windows platform is vulnerable to these issues; other versions may also be affected. TITLE: NCP Secure Entry Client Two Vulnerabilities SECUNIA ADVISORY ID: SA19082 VERIFY ADVISORY: http://secunia.com/advisories/19082/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: NCP Secure Entry Client 8.x http://secunia.com/product/8515/ DESCRIPTION: Ramon 'ports' Kukla has reported two vulnerabilities in NCP Secure Entry Cilent, which can be exploited by malicious, local users to gain escalated privileges. 1) A design error in the handling of command line options passed to ncpmon.exe can be exploited to bypass the "Configuration Locks" settings and to make certain configuration changes by running ncpmon.exe with a command line argument of more than 261 characters. 2) Insecure permissions in the installation directory can be exploited by malicious users to create files within the directory. This reportedly can be further exploited by creating a "connect.bat" file that will be run with SYSTEM privileges when a VPN connection is established. The vulnerabilities have been reported in version 8.11 Build 146. Other versions may also be affected. SOLUTION: Restrict access to affect systems. PROVIDED AND/OR DISCOVERED BY: Ramon 'ports' Kukla ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/042640.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200603-0486 CVE-2006-0956 NuFW nuauth Remotely TLS Connection Processing Denial of Service Vulnerability CVSS V2: 1.7
CVSS V3: -
Severity: LOW
nuauth in NuFW before 1.0.21 does not properly handle blocking TLS sockets, which allows remote authenticated users to cause a denial of service (service hang) by flooding packets at the authentication server. NuFW is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle excessive authentication requests. This issue results in the 'nuauth' module failing to respond to new authentication requests, denying service to further users. NuFW versions prior to 1.0.21 are affected by this issue
VAR-200602-0433 CVE-2006-0908 PHP-Nuke "ad_click" of /%2a (/*)SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a (/*) sequences with the "ad_click" word in the query string, as demonstrated via the kala parameter. There is an SQL injection vulnerability in PHP-Nuke 7.8 Patched 3.2. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1264-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff March 7th, 2007 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : php4 Vulnerability : several Problem-Type : remote Debian-specific: no CVE ID : CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910 CVE-2007-0988 Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-0906 It was discovered that an integer overflow in the str_replace() function could lead to the execution of arbitrary code. CVE-2007-0907 It was discovered that a buffer underflow in the sapi_header_op() function could crash the PHP interpreter. CVE-2007-0908 Stefan Esser discovered that a programming error in the wddx extension allows information disclosure. CVE-2007-0909 It was discovered that a format string vulnerability in the odbc_result_all() functions allows the execution of arbitrary code. CVE-2007-0910 It was discovered that super-global variables could be overwritten with session data. CVE-2007-0988 Stefan Esser discovered that the zend_hash_init() function could be tricked into an endless loop, allowing denial of service through resource consumption until a timeout is triggered. For the stable distribution (sarge) these problems have been fixed in version 4:4.3.10-19. For the unstable distribution (sid) these problems have been fixed in version 6:4.4.4-9 of php4 and version 5.2.0-9 of php5. We recommend that you upgrade your php4 packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.1 alias sarge - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.dsc Size/MD5 checksum: 1686 65acb80d308f7625e8ec91bb6e29eb29 http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19.diff.gz Size/MD5 checksum: 283658 c7c1e0ce432510ed48cd9e135a21a59e http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10.orig.tar.gz Size/MD5 checksum: 4892209 73f5d1f42e34efa534a09c6091b5a21e Architecture independent components: http://security.debian.org/pool/updates/main/p/php4/php4-pear_4.3.10-19_all.deb Size/MD5 checksum: 250024 8005785eca558044984ca6a66019c02f http://security.debian.org/pool/updates/main/p/php4/php4_4.3.10-19_all.deb Size/MD5 checksum: 1142 bd2113b4fc760a9e2d81f67ccf24fcac Alpha architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_alpha.deb Size/MD5 checksum: 1701456 14d35e1ca06e0a4339b1b8c885a6bd8f http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_alpha.deb Size/MD5 checksum: 1699180 4e630e589b36cf5143c772802ef4bafc http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_alpha.deb Size/MD5 checksum: 3466040 56e187c9cabb148b5681074f2ebcf6d2 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_alpha.deb Size/MD5 checksum: 1743378 4251694e892c47e59dad839e9ab7a2bc http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_alpha.deb Size/MD5 checksum: 168220 6595a46953cfa5156cc9dfbebfb57238 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_alpha.deb Size/MD5 checksum: 18148 9944bd006a811a68280d58707dba0fca http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_alpha.deb Size/MD5 checksum: 325162 3bf569109326bf57a6db0908864d7d4f http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_alpha.deb Size/MD5 checksum: 39036 0c174134c0af3da2a44471e0b6a0c0d9 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_alpha.deb Size/MD5 checksum: 34546 12b9ead7e3d2bc3d586db7c639b25a71 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_alpha.deb Size/MD5 checksum: 38140 f600d5a57454eac81a59614e396d0a7e http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_alpha.deb Size/MD5 checksum: 21370 4bc085128a86ebe0b5aff3f33c6b85a5 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_alpha.deb Size/MD5 checksum: 18206 00041519f22ba5528a61384a1cd8ff25 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_alpha.deb Size/MD5 checksum: 8340 5faa2f4f4dcc1e6d691fb4e514be1206 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_alpha.deb Size/MD5 checksum: 22454 8b815228a909700fecf5bc08301605b6 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_alpha.deb Size/MD5 checksum: 28368 230200935d5b2fe06fc6d01abcf36dc6 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_alpha.deb Size/MD5 checksum: 7964 a6b4bbd2b60752668b3556cdcbafbf78 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_alpha.deb Size/MD5 checksum: 13770 76441138f5d1bed6c02f43c5a2c55f0c http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_alpha.deb Size/MD5 checksum: 23304 d7802126ab8dde4842a72fca318e0424 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_alpha.deb Size/MD5 checksum: 17886 f341be585bc1342cc87cf814283dc826 AMD64 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_amd64.deb Size/MD5 checksum: 1660864 6e8eea11106fd4b06d5d52ab41671003 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_amd64.deb Size/MD5 checksum: 1658212 e874bb3b60124b4e32732e9b3988c47a http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_amd64.deb Size/MD5 checksum: 3278508 aac0f56842fe12b91dc7acab71f1be03 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_amd64.deb Size/MD5 checksum: 1648682 51d7e77dba0ed241fa4bd60f110bcc69 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_amd64.deb Size/MD5 checksum: 168202 11bf04caba233142536151ff0decf329 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_amd64.deb Size/MD5 checksum: 17830 6079814a18fab1b42068de9fd1d35a29 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_amd64.deb Size/MD5 checksum: 325184 9c48363c84aa56f9020d83cef98d8b75 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_amd64.deb Size/MD5 checksum: 40800 d7ac88bc6c813a747c8ae14681605b35 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_amd64.deb Size/MD5 checksum: 34280 3b1eb57caa289d1c776f66d6734dee39 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_amd64.deb Size/MD5 checksum: 37726 014109aa721508ef8b6825e5e9744fac http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_amd64.deb Size/MD5 checksum: 21416 6b2bf18f6d6db5ee5bf57199639e9870 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_amd64.deb Size/MD5 checksum: 18886 01b618565ddfce919b8fffba1b336fad http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_amd64.deb Size/MD5 checksum: 8248 8e56bda6cd19f62248eba36057f9c381 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_amd64.deb Size/MD5 checksum: 22892 6789a85586205f00dd35f396012d437f http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_amd64.deb Size/MD5 checksum: 28786 87c5652813f3fc2e636d0de7c6504585 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_amd64.deb Size/MD5 checksum: 7918 c672b5d5a0dcc8ec56ae29b866909ee7 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_amd64.deb Size/MD5 checksum: 13684 7996ac194aad7b71aca2ce125f3fe53a http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_amd64.deb Size/MD5 checksum: 22444 fba5d84d8727dc342a4613cb4f0e5fca http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_amd64.deb Size/MD5 checksum: 17576 182a9c583741056b4f903071066aa777 ARM architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_arm.deb Size/MD5 checksum: 1592392 e6c3e603f4b01b8b6472a01fa5c8b149 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_arm.deb Size/MD5 checksum: 1591960 42fc42a21fafe9980b1cbbd1450b6ebe http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_arm.deb Size/MD5 checksum: 3172326 44e7b476a2e1f1d6a8a3515aa407dddb http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_arm.deb Size/MD5 checksum: 1593200 0b02299dad2f9a76ee4e11f2d1aba8f1 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_arm.deb Size/MD5 checksum: 168244 f3c5d8aa86020ded4056f329cb005fe4 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_arm.deb Size/MD5 checksum: 17652 459d0f476feee2720542be633d56a92b http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_arm.deb Size/MD5 checksum: 325472 a741698e463184d3b278412189c9c1c2 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_arm.deb Size/MD5 checksum: 36114 5de247081d931105d8dfcad25dead156 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_arm.deb Size/MD5 checksum: 31782 8581635d5ffcb20066ad8a17742bf27e http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_arm.deb Size/MD5 checksum: 35462 da35a74bd0d0db3f7488860e19cfa79d http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_arm.deb Size/MD5 checksum: 19736 9be69fb529fcf733a91ac24b024a9958 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_arm.deb Size/MD5 checksum: 17086 5e372f2c55c6db64733458342fd27952 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_arm.deb Size/MD5 checksum: 7826 6b2e87408132edfc496475409128f949 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_arm.deb Size/MD5 checksum: 20600 cfad055dec9f682724478910247d974e http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_arm.deb Size/MD5 checksum: 27330 5c1904d04e7f81349b2d78e1cb7abe3b http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_arm.deb Size/MD5 checksum: 7644 d6ce09f4c247eb1a69965bc90836df81 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_arm.deb Size/MD5 checksum: 12790 31d406e601ca65bfc8a2779d0e7cebb4 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_arm.deb Size/MD5 checksum: 20892 822c073cb45186c6d872afdef513bc90 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_arm.deb Size/MD5 checksum: 15792 169a0517a14c792e870fcf1b94192276 HP Precision architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_hppa.deb Size/MD5 checksum: 1759810 d97fae3b1a080a942653878c82cd3ffa http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_hppa.deb Size/MD5 checksum: 1757570 5c77a078ff8b20ea0402b4a904e0232b http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_hppa.deb Size/MD5 checksum: 3427812 03e08da005f5f97a6ecd7ab60b5ce68c http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_hppa.deb Size/MD5 checksum: 1719506 0d0b5c78f2493fa4911db750d517998a http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_hppa.deb Size/MD5 checksum: 168222 7370b1318dc8c75d7008c255b2002f6a http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_hppa.deb Size/MD5 checksum: 20028 45464c08d59854305c4a5c9f490d9a63 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_hppa.deb Size/MD5 checksum: 325312 ecccda98a727a5eaf06a0f0b17185cce http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_hppa.deb Size/MD5 checksum: 42104 40d2342dcc42b48485573952cffc03f7 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_hppa.deb Size/MD5 checksum: 37340 88ff9b02b36a7a1c9c2fce8056ef6f15 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_hppa.deb Size/MD5 checksum: 42648 8f1169758d56f94f0c92142be87d6be0 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_hppa.deb Size/MD5 checksum: 23000 12fa26227ed747fa3af3ad9efeb8d504 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_hppa.deb Size/MD5 checksum: 19908 560ad81c6f6db1820c6c572f67cd8152 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_hppa.deb Size/MD5 checksum: 8698 0656ad921535945f456fb480cc80743f http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_hppa.deb Size/MD5 checksum: 23596 2fae2e9262934c47965416824c08943b http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_hppa.deb Size/MD5 checksum: 30172 d2aaabd18fe095a8e106e20505f03ef2 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_hppa.deb Size/MD5 checksum: 8340 5f2d0de885c904fec8a775afc40b6334 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_hppa.deb Size/MD5 checksum: 14562 e5dd41449a0e1b35188c7b1946610862 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_hppa.deb Size/MD5 checksum: 24124 786abb1633ebf48ab459f4e96656efba http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_hppa.deb Size/MD5 checksum: 18650 afab0398769e8c50b934ee221ea50a5a Intel IA-32 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_i386.deb Size/MD5 checksum: 1614182 612dd25787db4bba5c0b54006c02d50b http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_i386.deb Size/MD5 checksum: 1612058 9a67d7f1a9aade4bb3eed6b392077bf9 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_i386.deb Size/MD5 checksum: 3209228 5ac98a8a5649ea2ae6588c4e460ec90c http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_i386.deb Size/MD5 checksum: 1609646 ec3d17f2b3024ef5ed6e8b21c4286b26 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_i386.deb Size/MD5 checksum: 168222 9ab456c6fe0ed13f2e591f88a26f81d6 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_i386.deb Size/MD5 checksum: 17892 92d2e8793dfca9be7576624beb4b0005 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_i386.deb Size/MD5 checksum: 325192 1a382f30b8ece263b027cfcc35ecfe9c http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_i386.deb Size/MD5 checksum: 37228 317fd23c3687d861b8b4789c1ea381d1 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_i386.deb Size/MD5 checksum: 32384 d0655edb839dae2fa8ce269c84e91500 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_i386.deb Size/MD5 checksum: 37402 95a94b237e75a4c1a64bcb592b351498 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_i386.deb Size/MD5 checksum: 19958 9cd9bd8707c8b781e9196311f031ec02 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_i386.deb Size/MD5 checksum: 17672 4b6d7c1eca69b9b218617ac243fa08ad http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_i386.deb Size/MD5 checksum: 8036 d2efa8096dc22d3c83f8095bb1ab4041 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_i386.deb Size/MD5 checksum: 21218 042bca1661b147c7be77a69936793904 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_i386.deb Size/MD5 checksum: 27138 7bbf0a0bd2aee657573d7174f32f1ae7 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_i386.deb Size/MD5 checksum: 7704 449baf33502b9f48c083dc4b338979dd http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_i386.deb Size/MD5 checksum: 13152 e1843d982173596abed784d8e7afcafa http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_i386.deb Size/MD5 checksum: 21382 629931e8d3024d1905071ec9dca9142b http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_i386.deb Size/MD5 checksum: 16400 d58ba81b22439e5285d448c4316bf5f0 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_ia64.deb Size/MD5 checksum: 1952256 b11fa1724bd55829b353525d564e47cc http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_ia64.deb Size/MD5 checksum: 1949710 aa0d4ee3995c997f265c272bc0445e1d http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_ia64.deb Size/MD5 checksum: 3895870 c29d60863e2331e919339626831fb5a4 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_ia64.deb Size/MD5 checksum: 1950132 2a7611e476d2afd7f5564e7f4cafac3a http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_ia64.deb Size/MD5 checksum: 168224 f3c570f637fb69b0d55dbdaaaf882c53 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_ia64.deb Size/MD5 checksum: 22028 f51f4140ef5d8de1db90bfe06d92d8b8 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_ia64.deb Size/MD5 checksum: 325338 41a5b1ff824be8410e94d5d3f4eaab5c http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_ia64.deb Size/MD5 checksum: 50644 a1f0f2f91dfbf84d24446e455e4d0d7c http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_ia64.deb Size/MD5 checksum: 45256 45155a527b60ebcd117901fc86390d67 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_ia64.deb Size/MD5 checksum: 48280 cea938e0b3829eeb344939c6116a3274 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_ia64.deb Size/MD5 checksum: 27042 fc2b4d3e1ae91076548568d8c922037f http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_ia64.deb Size/MD5 checksum: 22658 f0f5301aa72e4e4ad61bdf90e6594de2 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_ia64.deb Size/MD5 checksum: 9334 a5c9f81e2bd6bc5ee4c86f5e4d1a0cd1 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_ia64.deb Size/MD5 checksum: 27602 89ecb1e38d742cff328580cdfe78b8f1 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_ia64.deb Size/MD5 checksum: 36192 49054c542a4534c12894bfefaf0db1eb http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_ia64.deb Size/MD5 checksum: 9012 d4db9ef8429729ab3051501004082c99 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_ia64.deb Size/MD5 checksum: 16338 d614825738a19af8ad2500b7c048b51b http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_ia64.deb Size/MD5 checksum: 28878 6d5df675a23f641f3e1dc5656db9e18a http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_ia64.deb Size/MD5 checksum: 21912 e76f15111a9b4ccdd94e1f7eac74b088 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_m68k.deb Size/MD5 checksum: 1580014 f45532aa9784f98ff1525bb005c76b30 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_m68k.deb Size/MD5 checksum: 1578768 71e652061d4867e6520d448b695f59f7 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_m68k.deb Size/MD5 checksum: 3080886 6131fe6ae47c2585775714cc64f2b34e http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_m68k.deb Size/MD5 checksum: 1551076 4aef3676854e4ace8e79d0b740109acd http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_m68k.deb Size/MD5 checksum: 168268 46923171263033b7d10a73c165baa849 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_m68k.deb Size/MD5 checksum: 18322 38c451535b6cd68a0e685c4df93cb01e http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_m68k.deb Size/MD5 checksum: 325808 dd492a00a1d27fa02f2b60e6a481d753 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_m68k.deb Size/MD5 checksum: 36516 d96b45bb5edaf8edd2282180639ddde8 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_m68k.deb Size/MD5 checksum: 31006 5647045aff47fb945f5ad2f148e4aede http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_m68k.deb Size/MD5 checksum: 34926 a7fecf002a308ed790931ecc849f379c http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_m68k.deb Size/MD5 checksum: 19126 8cd11ec89d611be7674b5117bd48545a http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_m68k.deb Size/MD5 checksum: 17820 d4e6de681e37bae511f04d4a3aa5bb2f http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_m68k.deb Size/MD5 checksum: 7964 06ac2494cd27c91d06f40592bdde7871 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_m68k.deb Size/MD5 checksum: 20694 b290e22f889af582bedf953d3b5e63a2 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_m68k.deb Size/MD5 checksum: 25852 be18d00b30fbca8ee6f6d9f31c9912b4 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_m68k.deb Size/MD5 checksum: 7682 7fd30edd98afff26bb2d0fedc5556ac8 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_m68k.deb Size/MD5 checksum: 12708 f95ada3a476fda3ea9bb36a263dfc19e http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_m68k.deb Size/MD5 checksum: 20376 6a0f683bd56800a86976d17cf0f90438 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_m68k.deb Size/MD5 checksum: 15878 4d8a9a99d92b68a7c29f9e4eb48e6c28 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mips.deb Size/MD5 checksum: 1648626 c09ff318909ac3ec198cf8adb32c3e73 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mips.deb Size/MD5 checksum: 1646678 8adf0e0321dad42a4a33278b54c1d78a http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mips.deb Size/MD5 checksum: 3295802 61b55383a87aaecf5825679502a2cd94 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mips.deb Size/MD5 checksum: 1652658 c094e3ff43dca52eecd39d3d393003f9 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mips.deb Size/MD5 checksum: 168214 a85518eecd34caeb8b155741fbba6db2 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mips.deb Size/MD5 checksum: 16826 79bb3b43b38eba4b9cfaed68939fb1ad http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mips.deb Size/MD5 checksum: 325308 eab0cd699328a69b4f3ef88481985d6c http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mips.deb Size/MD5 checksum: 35228 de389e3122cd99882eeeaca2fc7b70a3 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mips.deb Size/MD5 checksum: 31938 87dea075793ed76b812a81963c913aef http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mips.deb Size/MD5 checksum: 34012 e535078c682091dac1a46f2fb4c0e7c4 http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mips.deb Size/MD5 checksum: 19922 5fe0bc6ac5386626273ae6ee2e66215b http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mips.deb Size/MD5 checksum: 16476 372a59ba3934e84bb106896a06a03a11 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mips.deb Size/MD5 checksum: 8120 2b6f78e9419969fdc3ce80bc14d85560 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mips.deb Size/MD5 checksum: 20504 0ce56458633d1e77f528d4f9b968ce13 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mips.deb Size/MD5 checksum: 26370 3b393309a1ddb3a67a6018496ca29e6b http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mips.deb Size/MD5 checksum: 7824 fa7930366a56bb94deaffe6440e94822 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mips.deb Size/MD5 checksum: 13154 243bf42c3fdd1db4f402de11750c9171 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mips.deb Size/MD5 checksum: 21654 cd359bf978b6ea51e6eb65a37b60278f http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mips.deb Size/MD5 checksum: 16188 d4ebc66b677efe3b82a163b62c29aa35 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_mipsel.deb Size/MD5 checksum: 1630640 210a7f2df10febfaa52f2447520df140 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_mipsel.deb Size/MD5 checksum: 1628878 17b584a9e468eb8ede205a2a6878f4b1 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_mipsel.deb Size/MD5 checksum: 3254494 b9a460244d857a77f0d2fc5c1b91894f http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_mipsel.deb Size/MD5 checksum: 1631616 370c7e8cb963ec8f95049dbf5675fe4a http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_mipsel.deb Size/MD5 checksum: 168228 ff3e221bfb5b79f12c10ebd815d88b29 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_mipsel.deb Size/MD5 checksum: 16794 7d960cc9d3e3d362d0f4dba0497eb5b7 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_mipsel.deb Size/MD5 checksum: 325308 f14f5986aa26436d2c6d81707b9987d8 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_mipsel.deb Size/MD5 checksum: 34774 f4f195f0914c0bc882b5143c479c5d24 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_mipsel.deb Size/MD5 checksum: 31666 9f6063fcb54d5379b997ccbc982f65f2 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_mipsel.deb Size/MD5 checksum: 33894 da46922024a02d1023b521cc076cb9cb http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_mipsel.deb Size/MD5 checksum: 19800 b86f23fe9c0c7ec4b56c2f767693835f http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_mipsel.deb Size/MD5 checksum: 16384 3e98c62e74e0523e224ad665e604eb78 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_mipsel.deb Size/MD5 checksum: 8092 2ab07f4176f45cbd6a74fbccdb72e9b9 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_mipsel.deb Size/MD5 checksum: 20448 61b72f3ff7cbdec0c7bcf644ae7a42e4 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_mipsel.deb Size/MD5 checksum: 26244 d38dfaa8d7a2565b38edf485c9692212 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_mipsel.deb Size/MD5 checksum: 7778 0aba913f072a2ab411f7f36408838041 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_mipsel.deb Size/MD5 checksum: 13054 2b4f2d929c4a9e8d7aafc439b6a6b4b4 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_mipsel.deb Size/MD5 checksum: 21598 6691aed3e3879ce3884c31bc0c60ae4f http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_mipsel.deb Size/MD5 checksum: 16166 696aa9954b611596fa02b92bb15914d3 PowerPC architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_powerpc.deb Size/MD5 checksum: 1661280 abad22f7719712b40a4af68503551e21 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_powerpc.deb Size/MD5 checksum: 1659466 4997003d5edddb161c931ed7f47cfe0a http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_powerpc.deb Size/MD5 checksum: 3281422 f4bdbbaac2e032788c26bb92dc0da376 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_powerpc.deb Size/MD5 checksum: 1646784 d84ff6b16873412f6af326995e09ab54 http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_powerpc.deb Size/MD5 checksum: 168220 3f03b4edeffcd89c5cc4127d3a4602ac http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_powerpc.deb Size/MD5 checksum: 19638 1c874990ecb283c1b23950b016485b50 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_powerpc.deb Size/MD5 checksum: 325264 15b8a3d2cde40c4aaf31d1925189ab3b http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_powerpc.deb Size/MD5 checksum: 38646 3945c96a6cd13120e293f60ae820d6d0 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_powerpc.deb Size/MD5 checksum: 34516 b44d4867447c01db49fe5a9c8e538015 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_powerpc.deb Size/MD5 checksum: 37770 8fffcc151a281269cccb29559f0b90fc http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_powerpc.deb Size/MD5 checksum: 21412 9a9663537ca1997bc62cfa4494eba8f3 http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_powerpc.deb Size/MD5 checksum: 19728 9bb25b04bec25cee082c8a8e81c4a19d http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_powerpc.deb Size/MD5 checksum: 9578 d1bd238a89be2838f5b37d5b2b2a9053 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_powerpc.deb Size/MD5 checksum: 22604 2935a012ecd74195f44e2213c9999c7a http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_powerpc.deb Size/MD5 checksum: 28686 46bb5b9d2b6e4258fe2b8dc130ae817c http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_powerpc.deb Size/MD5 checksum: 9286 2282aefc94808ac2ea1490ecb3ea357f http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_powerpc.deb Size/MD5 checksum: 14960 68716f24414748d9e621c7f4b0a8e2ea http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_powerpc.deb Size/MD5 checksum: 23038 193ae7cc97bc2ce1c7033cc14cd6c9c9 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_powerpc.deb Size/MD5 checksum: 18268 1b032bee509fb88ce36d481c4335418a IBM S/390 architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_s390.deb Size/MD5 checksum: 1709576 c521d1761395fa41e785906cd052a240 http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_s390.deb Size/MD5 checksum: 1708618 cbea3ff2f1f8b42c91f8d1ebe6f295a1 http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_s390.deb Size/MD5 checksum: 3360294 a642ef581d1decdd6b330f2ca62aa3a8 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_s390.deb Size/MD5 checksum: 1687438 0a16abfb5e945795b598e06fe78821bd http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_s390.deb Size/MD5 checksum: 168202 088f381bf8f67c76e6a636b1a7420709 http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_s390.deb Size/MD5 checksum: 17842 6f628c4ba64fe7c3e6d1958d8887a032 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_s390.deb Size/MD5 checksum: 325188 84155d21cc204dd029cb6fe724fd700e http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_s390.deb Size/MD5 checksum: 41124 f159880550b5c238b0f9cd357763e120 http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_s390.deb Size/MD5 checksum: 33564 560a9717ec712e71a9608ee808017f93 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_s390.deb Size/MD5 checksum: 37530 58332a689abe020d696accb2c4413bdc http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_s390.deb Size/MD5 checksum: 21410 8266344d677b30c00ee0575185808c7d http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_s390.deb Size/MD5 checksum: 17732 1d5a9cdcc554b886836392abacafb37a http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_s390.deb Size/MD5 checksum: 8394 bf5bfd48a6955ed04cf5eb43c0dbed80 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_s390.deb Size/MD5 checksum: 22938 558f6a81404ef0097f4d47ef41067acd http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_s390.deb Size/MD5 checksum: 28874 63b1580d76b438dfe3c6150fca0c983c http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_s390.deb Size/MD5 checksum: 8048 fb1993cc4170134b46d0a68496971992 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_s390.deb Size/MD5 checksum: 13894 eeee528a1872d8fd80f92c6459950216 http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_s390.deb Size/MD5 checksum: 22276 ef4cc0b299f757599e7edd178cfbfa95 http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_s390.deb Size/MD5 checksum: 17300 c2d98a377eff47a1fa6376d491378007 Sun Sparc architecture: http://security.debian.org/pool/updates/main/p/php4/libapache-mod-php4_4.3.10-19_sparc.deb Size/MD5 checksum: 1623810 c451cd4693f5a69534681b1eba46e29d http://security.debian.org/pool/updates/main/p/php4/libapache2-mod-php4_4.3.10-19_sparc.deb Size/MD5 checksum: 1620886 6f450acb1570c2917c92af4e2ee3462b http://security.debian.org/pool/updates/main/p/php4/php4-cgi_4.3.10-19_sparc.deb Size/MD5 checksum: 3197912 c01cbc381a760f7439f8c8b24a8ee717 http://security.debian.org/pool/updates/main/p/php4/php4-cli_4.3.10-19_sparc.deb Size/MD5 checksum: 1606454 0f3be5c22bb512308e0c668b06e7f25b http://security.debian.org/pool/updates/main/p/php4/php4-common_4.3.10-19_sparc.deb Size/MD5 checksum: 168222 d4a0310401f3092a2ea57880bed9911d http://security.debian.org/pool/updates/main/p/php4/php4-curl_4.3.10-19_sparc.deb Size/MD5 checksum: 18074 160821e02197baf3364906d17eabaa37 http://security.debian.org/pool/updates/main/p/php4/php4-dev_4.3.10-19_sparc.deb Size/MD5 checksum: 325276 b0c1759a579859033b410d34bf443162 http://security.debian.org/pool/updates/main/p/php4/php4-domxml_4.3.10-19_sparc.deb Size/MD5 checksum: 36488 cb0f7a642bcc12fdcde900b179ad197f http://security.debian.org/pool/updates/main/p/php4/php4-gd_4.3.10-19_sparc.deb Size/MD5 checksum: 31948 c31211a42a127e283cf05eea2acb3782 http://security.debian.org/pool/updates/main/p/php4/php4-imap_4.3.10-19_sparc.deb Size/MD5 checksum: 36246 ded59dffa2579d4f3f91be5bc465812e http://security.debian.org/pool/updates/main/p/php4/php4-ldap_4.3.10-19_sparc.deb Size/MD5 checksum: 19278 d852fc1b8146be87d789d46f3fd9531a http://security.debian.org/pool/updates/main/p/php4/php4-mcal_4.3.10-19_sparc.deb Size/MD5 checksum: 17488 c25a9f3959ad71717f22139ee5cc3964 http://security.debian.org/pool/updates/main/p/php4/php4-mhash_4.3.10-19_sparc.deb Size/MD5 checksum: 7870 54ef2d007c15936eff7a0968c1bb8411 http://security.debian.org/pool/updates/main/p/php4/php4-mysql_4.3.10-19_sparc.deb Size/MD5 checksum: 20672 3aa6f646c2d48e12f274844d882b4cb3 http://security.debian.org/pool/updates/main/p/php4/php4-odbc_4.3.10-19_sparc.deb Size/MD5 checksum: 26540 db50bace36223a5fb3165012da864279 http://security.debian.org/pool/updates/main/p/php4/php4-recode_4.3.10-19_sparc.deb Size/MD5 checksum: 7594 a16c41b7273adaf2b72e2cd66a29d856 http://security.debian.org/pool/updates/main/p/php4/php4-snmp_4.3.10-19_sparc.deb Size/MD5 checksum: 12846 5f44cba16d1c910b0336c221ab3db31b http://security.debian.org/pool/updates/main/p/php4/php4-sybase_4.3.10-19_sparc.deb Size/MD5 checksum: 20850 f84c554b5e0c31a276444953acdf0d5d http://security.debian.org/pool/updates/main/p/php4/php4-xslt_4.3.10-19_sparc.deb Size/MD5 checksum: 15866 56d9a2ad4d2d94150b7be7deefc6fbd0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF7zanXm3vHE4uyloRAr0xAKCLwQ7ji6kxWczRj+WZRIEknn3R4QCgxaVz ShT4FvG6b6xvbngTqwEvkkU= =FElM -----END PGP SIGNATURE-----
VAR-200603-0528 CVE-2006-1002 Netgear WGT624 Wireless Access Point Default Backdoor Account Vulnerability CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. Netgear WGT624 reportedly contains a default administrative account. This issue can allow a remote attacker to gain administrative access to the device
VAR-200603-0529 CVE-2006-1003 Netgear WGT624 Wireless Firewall Router Information Disclosure Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. A vulnerability has been reported in NetGear WGT624 Wireless Firewall Routers. When configured to back up configuration settings, the device will store various information in cleartext. Accessing this file could allow an attacker to obtain sensitive information that could aid in compromising the device's web administration interface. Note that the backup option is not enabled by default, but is a common feature used by administrators
VAR-200602-0432 CVE-2006-0907 PHP-Nuke SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows remote attackers to execute arbitrary SQL commands via encoded /%2a (/*) sequences in the query string, which bypasses regular expressions that are intended to protect against SQL injection, as demonstrated via the kala parameter. A SQL injection vulnerability exists in PHP-Nuke versions prior to 7.8 Patched 3.2
VAR-200711-0064 CVE-2007-6165 Apple Safari WebKit component vulnerable to buffer overflow CVSS V2: 9.3
CVSS V3: -
Severity: HIGH
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395. Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Mac OS X In this file system, a file consists of information called resource fork and data fork. RFC 1740 So, to handle this file structure by email MIME format (AppleSingle format, AppleDoube format ) Is defined. Apple Mail Is AppleDouble Parses resource forks when processing format attachments. This issue affects the Mail application when handling email attachments. This will compromise the application and possibly the underlying operating system. This issue affects Mac OS X 10.5. Although the issues seem similar in nature, this may not be the very same underlying vulnerability. We will update this BID as more information emerges. UPDATE (November 21, 2007): Reports indicate that this issue occurs because of an error in the application's quarantine feature. We have not confirmed this information. UPDATE (December 17, 2007): This vulnerability stems from an unspecified implementation issue in the Launch Services application. http://www.securityfocus.com/bid/16907. Apple Mail is the mail client bundled with the Apple operating system. If the user is logged on with administrative privileges, the attacker could take complete control of an affected system. Solution Since there is no known patch for this issue at this time, US-CERT is recommending a workaround. Workaround Disable "Open 'safe' files after downloading" Disable the option to "Open 'safe' files after downloading," as specified in the document "Securing Your Web Browser." Appendix A. Impacts of other vulnerabilities include bypassing security restrictions and denial of service. I. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A. II. Impact The impacts of these vulnerabilities vary. III. Solution Install an update Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update. Appendix A. Please send email to <cert@cert.org> with "TA06-062A Feedback VU#351217" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 3, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----
VAR-200603-0482 CVE-2006-0946 Thomson SpeedTouch Cross-Site Scripting Vulnerability CVSS V2: 4.3
CVSS V3: -
Severity: MEDIUM
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device
VAR-200603-0483 CVE-2006-0947 Thomson SpeedTouch 500 Series Cross-Site Scripting Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. The SpeedTouch 500 series are prone to a cross-site scripting vulnerability. This issue is due to a failure in the devices to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the compromise of the device
VAR-200602-0436 CVE-2006-0911 Ipswitch WhatsUp Professional 2006 Remote Denial Of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote attackers to cause a denial of service (CPU consumption) via crafted requests to Login.asp, possibly involving the (1) "In]" and (2) "b;tnLogIn" parameters, or (3) malformed btnLogIn parameters, possibly involving missing "[" (open bracket) or "[" (closing bracket) characters, as demonstrated by "&btnLogIn=[Log&In]=&" or "&b;tnLogIn=[Log&In]=&" in the URL. NOTE: due to the lack of diagnosis by the original researcher, the precise nature of the vulnerability is unclear. Ipswitch WhatsUp Professional 2006 is susceptible to a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle certain HTTP GET requests. This issue allows remote attackers to consume excessive CPU resources on targeted computers, denying service to legitimate users. Whatsup Professional software is a tool developed by Ipswitch to monitor the network status of TCP/IP, NetBEUI and IPX. Remote attackers may use this vulnerability to perform denial of service attacks on server programs. If the user visits a specially crafted URL request, it may cause NmService to use 100\\% of CPU resources, resulting in a denial of service
VAR-200602-0399 CVE-2006-0834 Uniden UIP1868P VoIP Phone and Router Web Configuration Tool Default Password Sensitive Information Disclosure Vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. NOTE: it is possible that this password was configured by a reseller, not the original vendor; if so, then this is not a vulnerability in the product. Uip1868p is prone to a information disclosure vulnerability
VAR-200603-0283 CVE-2006-0398 Apple Safari automatically executes arbitrary shell commands or code CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. Apple Safari fails to properly determine file safety, allowing a remote unauthenticated attacker to execute arbitrary commands or code. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. There is an issue in Safari's handling of automatic opening of downloaded files. Due to this default configuration and inconsistencies in Safari and OS X's security files, Safari may execute arbitrary shell commands if a specially crafted page is viewed. TITLE: Mac OS X "__MACOSX" ZIP Archive Shell Script Execution SECUNIA ADVISORY ID: SA18963 VERIFY ADVISORY: http://secunia.com/advisories/18963/ CRITICAL: Extremely critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: Michael Lehn has discovered a vulnerability in Mac OS X, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of file association meta data (stored in the "__MACOSX" folder) in ZIP archives. This can be exploited to trick users into executing a malicious shell script renamed to a safe file extension stored in a ZIP archive. This can also be exploited automatically via the Safari browser when visiting a malicious web site. Secunia has constructed a test, which can be used to check if your system is affected by this issue: http://secunia.com/mac_os_x_command_execution_vulnerability_test/ The vulnerability has been confirmed on a fully patched system with Safari 2.0.3 (417.8) and Mac OS X 10.4.5. SOLUTION: The vulnerability can be mitigated by disabling the "Open safe files after downloading" option in Safari. Do not open files in ZIP archives originating from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Michael Lehn ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200603-0270 CVE-2006-0399 Apple Safari WebKit component vulnerable to buffer overflow CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different. Apple Safari WebKit component is vulnerable to buffer overflow. This may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Apple Mail contains a vulnerability that may allow an attacker to execute arbitrary commands on OS X Leopdard (10.5) systems. Commands would be executed in the context of the user opening the archive file. Attackers can reportedly use Safari and Apple Mail as exploitation vectors for this vulnerability. Mac OS X 10.4.5 is reported to be vulnerable. Earlier versions may also be affected. Apple Safari is a web browser bundled with the Apple operating system. There is an issue in Safari's handling of automatic opening of downloaded files. Safari's default configuration allows files to be automatically opened after downloading a safe file. ---------------------------------------------------------------------- 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv ---------------------------------------------------------------------- TITLE: Apple Mail Command Execution Vulnerability SECUNIA ADVISORY ID: SA27785 VERIFY ADVISORY: http://secunia.com/advisories/27785/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/ DESCRIPTION: A vulnerability has been reported in Apple Mail, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the handling of unsafe file types in email attachments. This can be exploited via a specially crafted email containing an attachment of an ostensibly safe file type (e.g. ".jpg") to execute arbitrary shell commands when the attachment is double-clicked. SOLUTION: Do not open attachments from untrusted sources. ORIGINAL ADVISORY: http://www.heise-security.co.uk/news/99257 OTHER REFERENCES: SA19064: http://secunia.com/advisories/19064/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-062A Apple Mac Products are Affected by Multiple Vulnerabilities Original release date: March 3, 2006 Last revised: -- Source: US-CERT Systems Affected * Apple Mac OS X version 10.3.9 (Panther) and version 10.4.5 (Tiger) * Apple Mac OS X Server version 10.3.9 and version 10.4.5 * Apple Safari web browser Previous versions of Mac OS X may also be affected.Please see Apple Security Update 2006-001 for further information. Impacts of other vulnerabilities include bypassing security restrictions and denial of service. I. (CVE-2006-0387) Please note that Apple Security Update 2006-001 addresses additional vulnerabilities not described above. As further information becomes available, we will publish individual Vulnerability Notes. In addition, more information about VU#999708 is available in US-CERT Technical Cyber Security Alert TA06-053A. II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. III. Solution Install an update Install the update as described in Apple Security Update 2006-001. In addition, this update is available via Apple Update. Appendix A. References * US-CERT Vulnerability Note VU#999708 - <http://www.kb.cert.org/vuls/id/999708> * US-CERT Vulnerability Note VU#351217 - <http://www.kb.cert.org/vuls/id/351217> * US-CERT Vulnerability Note VU#176732 - <http://www.kb.cert.org/vuls/id/176732> * US-CERT Technical Cyber Security Alert TA06-053A - <http://www.us-cert.gov/cas/techalerts/TA06-053A.html> * Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Safari> * Apple Security Update 2006-001 - <http://docs.info.apple.com/article.html?artnum=303382> * Mac OS X: Updating your software - <http://docs.info.apple.com/article.html?artnum=106704> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-062A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-062A Feedback VU#351217" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History March 3, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBRAiYnH0pj593lg50AQIdzggAxPbhEKlYyJUdTNqDBGSI+GAQ2oRY9WFx i+2yy5B34IvwyWt04Wb9PxgbCeWHbw9zc8X5xRPZEA/nVQWX/nnz20Tnap8ZRZUC bqlzo9pz2P+TOm3SBKUlZ+Rl0xTUTBJus78oiczzLu/Fy1oB8obC3qfwNDdrykXc i2MupUdRbZ5azrzDmzJGZktpVwJjM9UbXypbwsa1vg5+pAcRf4N0939kcjBML6LH B1jKz3PF0DLX/THj0sAq5PwiE82jCtop1hpD8zVWJOLGX1lbxhcHVLbiFiKaaF7u lKvIAf6ec9h+MQDwAnuA2uaYaQSwofCiWdOPAlueMzq23Ultlinz4g== =5Ooe -----END PGP SIGNATURE-----
VAR-200602-0353 CVE-2006-0805 PHPNuke Security bypass vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. The CAPTCHA implementation of PHPNuke may be bypassed by remote attackers due to a design error. This may be used to carry out other attacks such as brute-force attempts against the login page. TITLE: PHP-Nuke CAPTCHA Bypass Weakness SECUNIA ADVISORY ID: SA18936 VERIFY ADVISORY: http://secunia.com/advisories/18936/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/ DESCRIPTION: Janek Vind "waraxe" has reported a weakness in PHP-Nuke, which can be exploited by malicious people to bypass certain security restrictions. A design error in the CAPTCHA security feature, which relies only on the "sitekey", the User-Agent HTTP header, a random number, and the current date to generate the response code can be exploited to bypass the security feature by replaying any random number and response code pair for the current day. The weakness has been reported in versions 6.0 through 7.9. SOLUTION: Do not rely on the CAPTCHA feature to prevent automated logons to PHP-Nuke. PROVIDED AND/OR DISCOVERED BY: Janek Vind "waraxe" ORIGINAL ADVISORY: http://www.waraxe.us/advisory-45.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200602-0404 CVE-2006-0839 Snort Frag3 Processor Packet Fragment Avoidance Detection Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. Snort is reportedly prone to a vulnerability that may allow malicious packets to bypass detection. Reports indicate that the Frag3 preprocessor fails to properly analyze certain packets. A successful attack can allow attackers to bypass intrusion detection and to carry out attacks against computers protected by Snort. This vulnerability affects Snort 2.4.3. Other versions may be vulnerable as well. TITLE: Snort frag3 Preprocessor Packet Reassembly Vulnerability SECUNIA ADVISORY ID: SA18959 VERIFY ADVISORY: http://secunia.com/advisories/18959/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Snort 2.4.x http://secunia.com/product/5691/ DESCRIPTION: siouxsie has reported a vulnerability in Snort, which potentially can be exploited by malicious people to bypass certain security restrictions. The vulnerability has been reported in version 2.4.3. SOLUTION: Filter potentially malicious fragmented IP packets with a firewall. PROVIDED AND/OR DISCOVERED BY: siouxsie ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200602-0337 CVE-2006-0789 Kyocera Vulnerability to access management menu in printer CVSS V2: 10.0
CVSS V3: -
Severity: HIGH
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. Kyocera The printer contains a vulnerability that allows access to the administration menu.A third party may access the administration menu. Fs-3830N is prone to a remote security vulnerability. TITLE: Kyocera FS-3830N Configuration Modification Security Issue SECUNIA ADVISORY ID: SA18896 VERIFY ADVISORY: http://secunia.com/advisories/18896/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information WHERE: >From local network OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/ DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information. The security issue is caused due to the printer allowing access to certain configuration settings without requiring prior authentication via a request sent to port 9100/tcp. This may be exploited to disclose and modify the configured settings. SOLUTION: Restrict access to the printer. PROVIDED AND/OR DISCOVERED BY: evader ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200602-0272 CVE-2006-0788 Kyocera 3830 Printer Unauthorized Access Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. Kyocera 3830 printer is prone to an unauthorized access vulnerability. This issue is due to a failure in the application to perform proper authentication before granting access to printer functions. An attacker can exploit this issue to set arbitrary printer configuration settings. The impact of successful exploitation will vary depending on the settings reconfigured. TITLE: Kyocera FS-3830N Configuration Modification Security Issue SECUNIA ADVISORY ID: SA18896 VERIFY ADVISORY: http://secunia.com/advisories/18896/ CRITICAL: Less critical IMPACT: Manipulation of data, Exposure of system information WHERE: >From local network OPERATING SYSTEM: Kyocera FS-3830N http://secunia.com/product/8101/ DESCRIPTION: evader has reported a security issue in Kyocera FS-3830N Printer, which can be exploited by malicious people to gain knowledge of or potentially to modify certain system information. This may be exploited to disclose and modify the configured settings. Note: It has also been reported that other network-enabled Kyocera printers have a default username "admin" and blank password for the telnet configuration port. PROVIDED AND/OR DISCOVERED BY: evader ORIGINAL ADVISORY: http://evader.wordpress.com/2006/02/16/kyocera-printers/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200602-0268 CVE-2006-0784 D-Link DWL-G700AP httpd Remote Denial of Service Vulnerability CVSS V2: 5.0
CVSS V3: -
Severity: MEDIUM
D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. D-Link DWL-G700AP is a wireless access router.  D-Link DWL-G700AP's HTTP management interface implementation has a vulnerability. A remote attacker could use this vulnerability to cause the HTTP server to become unresponsive.  If you want to configure DWL-G700AP, you must go through the http service, and this service is managed by httpd named CAMEO. A denial of service vulnerability exists in this webserver. An attacker just sending a "GET \ n \ n" string can cause the service to crash. D-Link DWL-G700AP HTTPD is prone to a remote denial-of-service vulnerability. This issue is due to a failure in the 'httpd' service to properly handle malformed data. An attacker can exploit this issue to crash the affected webserver, effectively denying service to legitimate users. The affected device must be manually reset to restart the affected service. This issue is reported to affect firmware versions 2.00 and 2.01; other firmware versions may also be vulnerable. TITLE: DWL-G700AP Web Interface Denial of Service SECUNIA ADVISORY ID: SA18932 VERIFY ADVISORY: http://secunia.com/advisories/18932/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: D-Link DWL-G700AP http://secunia.com/product/8121/ DESCRIPTION: l0om has reported a vulnerability in D-Link DWL-G700AP, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the web-based management interface and can be exploited to crash the service via a malformed HTTP request with no resource specified. SOLUTION: Restrict access to the web interface. PROVIDED AND/OR DISCOVERED BY: l0om ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------
VAR-200602-0274 CVE-2006-0679 PHP-Nuke Your_Account Module remote SQL Injection vulnerability CVSS V2: 7.5
CVSS V3: -
Severity: HIGH
SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). PHPNuke is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. There is an input validation vulnerability in the implementation of Your_Account module of PHP-Nuke. The Your_Account module of PHP-Nuke does not fully filter and check the username parameter. A remote attacker may insert malicious SQL commands into this parameter, thereby obtaining unauthorized operations on the background database. TITLE: PHP-Nuke "Your_Account" Module SQL Injection Vulnerability SECUNIA ADVISORY ID: SA18931 VERIFY ADVISORY: http://secunia.com/advisories/18931/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: PHP-Nuke 7.x http://secunia.com/product/2385/ PHP-Nuke 6.x http://secunia.com/product/329/ DESCRIPTION: sp3x has discovered a vulnerability in PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability has been confirmed in version 7.8. Other versions may also be affected. SOLUTION: The vulnerability has reportedly been fixed in version 7.9 with patch 3.1. PROVIDED AND/OR DISCOVERED BY: sp3x ORIGINAL ADVISORY: http://securityreason.com/securityalert/440 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------