Echo Security Advisory 2006.57

\ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV57$2006 ----------------------------------------------------------------------------------------------- ECHOADV57$2006Soholaunch Pro =4.9 r36 Multiple Remote File Inclusion Vulnerability...

Symantec SAVCE/Client Security Service Detection

The remote host is running Symantec Antivirus Agent, a real time embedded service used by Symantec SAVCE and Client Security. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22419; scriptversion"$Revision: 1.9 $"; scriptcvsdate"$Date: 2012/08/02 15:23:52 $";...

CVE-2006-4274

Rejected reason: Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJMDROPPER.BH. NOTE: on 20060822, it was determined that TROJMDROPPER.BH was exploiting CVE-2006-0009, so this is n...

RMI Registry Detection

The remote host is running an RMI registry, which acts as a bootstrap naming service for registering and retrieving remote objects with simple names in the Java Remote Method Invocation RMI system. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid22227;...

security flaw

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...

US-CERT Technical Cyber Security Alert TA06-167A -- Microsoft Excel Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-167A Microsoft Excel Vulnerability Original release date: June 16, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Excel 2003 Microsoft Excel XP 2002 Microsoft Excel for...

Cross site scripting

Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...

CVE-2006-2724

Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...

CVE-2006-2724

Cross-site scripting XSS vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227...

CVE-2006-1054

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-1861. Reason: This candidate is a reservation duplicate of CVE-2006-1861. Notes: All CVE users should reference CVE-2006-1861 instead of this candidate. All references and descriptions in this candidate have been removed to...

SAPwebas.txt

Release Date: 03/01/2006 Affected Applications: SAP WebAS Kernel up to version 7.00 Affected Platforms: Platform-Independant Local / Remote: Remote Severity: Medium to High Author: A. Grossmann arnold.grossmann at gmail.com Vendor Status: Confirmed Product Overview cited from SAP :...

US-CERT Technical Cyber Security Alert TA06-139A -- Microsoft Word Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-139A Microsoft Word Vulnerability Original release date: May 19, 2006 Last revised: -- Source: US-CERT Systems Affected Microsoft Word 2003 Microsoft Word XP 2002 Microsoft Word is includ...

CVE-2006-1519

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2224. Reason: This candidate is a duplicate of CVE-2006-2224. Notes: All CVE users should reference CVE-2006-2224 instead of this candidate. All references and descriptions in this candidate have been removed to prevent...

Avast Linux Home Edition (vulnerability on a temporary folder creation)

Title : Avast Linux Home Edition, vulnerability on a temporary folder creation Protuct : Avast! Linux Home Edition Product : http://www.avast.com/eng/download-avast-for-linux-edition.html Version : 1.0.5, 1.0.5-1 avast4workstation-1.0.5-1.i586.rpm avast4workstation-1.0.5.tar.gz Vuln Found :...

CVE-2006-0975

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0459. Reason: This candidate is a reservation duplicate of CVE-2006-0459. Notes: All CVE users should reference CVE-2006-0459 instead of this candidate. All references and descriptions in this candidate have been removed to...

ICMP Domain Name Request

The remote host answered to an ICMP 'Domain Name Request' as defined in RFC 1788. Such a request is designed to obtain the DNS name of a host based on its IP. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: RFC 1788 http://www.dolda2000.com/fredrik/icmp-dn/...

Note-A-Day-2.1.txt

New eVuln Advisory: Note-A-Day Weblog Sensitive Information Disclosure http://evuln.com/vulns/44/summary.html --------------------Summary---------------- Software: Note-A-Day Sowtware's Web Site: http://noteaday.com/ Versions: 2.1 Critical Level: Moderate Type: Sensitive Information Disclosure...

CVE-2006-0404

CVE-2006-0404 affects Note-A-Day Weblog 2.2. The issue is improper access control: sensitive data stored under the web document root can be accessed via a direct request to archive/.phpass-admin, exposing encrypted passwords. This is the stated vulnerability and its impact; no explicit remediatio...

[eVuln] Note-A-Day Weblog Sensitive Information Disclosure

New eVuln Advisory: Note-A-Day Weblog Sensitive Information Disclosure http://evuln.com/vulns/44/summary.html --------------------Summary---------------- Software: Note-A-Day Sowtware's Web Site: http://noteaday.com/ Versions: 2.1 Critical Level: Moderate Type: Sensitive Information Disclosure...

CVE-2005-4524

Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak...