Linksys WRT54G ezconfig.asp Encryption Weakness Authentication Issue

Network Security News – Sunday, October 02, 2005 Events

Linksys WRT54G ezconfig.asp Encryption Weakness Authentication Issue

Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote attacker to manipulate arbitrary router settings. The problem is that the 'auth()' method in 'ezconfig.asp' does not contain an authentication initialization function, which may allow a remote attacker to obtain encrypted configuration information and manipulate arbitrary router settings resulting in a loss of integrity.. Read more at osvdb.org/19390

Linksys WRT54G apply.cgi POST Request Overflow

A remote overflow exists in Linksys Wireless-G Router WRT54G. The 'apply.cgi' script fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted HTTP POST request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19389

Linksys WRT54G POST Request Malformed Content Length DoS

Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote denial of service. The issue is triggered when issuing a HTTP POST request with a negative Content-Length value, which causes the httpd to stop responding resulting in a loss of availability.. Read more at osvdb.org/19386

Linksys WRT54G restore.cgi Arbitrary Configuration Upload

Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote attacker to manipulate arbitrary configuration settings. The issue is triggered due to the handling of the HTTP POST method of the 'restore.cgi' script, which may allow a remote attacker to upload arbitrary configuration settings resulting in a loss of integrity.. Read more at osvdb.org/19388

Linksys WRT54G upgrade.cgi Arbitrary Configuration Upload

Linksys Wireless-G Router WRT54G contains a flaw that may allow a remote attacker to manipulate arbitrary configuration settings. The issue is triggered due to the handling of the HTTP POST method of the 'upgrade.cgi' script, which may allow a remote attacker to upload arbitrary configuration settings resulting in a loss of integrity.. Read more at osvdb.org/19387

VisualBoy Advanced Local Overflow

A remote overflow exists in VisualBoy Advanced. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19484

Blender Command Line Filename Overflow

A local overflow exists in Blender. The 'blenderplayer' command line fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted filename, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19726

AVIRA Antivirus ACE Archive Long Filename Overflow

A remote overflow exists in AVIRA Desktop for Windows. The 'AVPACK32.DLL' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19384

AhnLab V3 Antivirus v3flt2k.sys DeviceIoControl() Local Privilege Escalation

Various AhnLab V3 products contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the 'v3flt2k.sys' real-time scan driver does not validate the source of received 'DeviceIoControl()' commands, which may allow a malicious user to run 'explorer.exe' with SYSTEM privileges and/or disable the scan engine with specially crafted 'DeviceIoControl' requests resulting in a loss of integrity.. Read more at osvdb.org/19414

AhnLab V3 Antivirus ACE Archive Decompression Long Filename Overflow

A remote overflow exists in various AhnLab V3 products. The ACE archive decompression library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19415

Vuln: Procom Technology NetFORCE 800 Information Disclosure Vulnerability

Procom Technology NetFORCE 800 Information Disclosure Vulnerability. Read more at securityfocus.com/bid/14997

Vuln: Bugzilla User-Matching Information Disclosure Vulnerability

Bugzilla User-Matching Information Disclosure Vulnerability. Read more at securityfocus.com/bid/14996

Vuln: Bugzilla config.cgi Information Disclosure Vulnerability

Bugzilla config.cgi Information Disclosure Vulnerability

. Read more at securityfocus.com/bid/14995

Vuln: GNU CFEngine Insecure Temporary File Creation Vulnerability

GNU CFEngine Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/14994

[SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting

[SECURITY] [DSA 836-1] New cfengine2 packages fix arbitrary file overwriting. Read more at securityfocus.com/archive/1/412196

MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass

MyBloggie 2.1.3beta null char + SQL Injection -> Login Bypass. Read more at securityfocus.com/archive/1/412197

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

[SECURITY] [DSA 835-1] New cfengine packages fix arbitrary file overwriting

. Read more at securityfocus.com/archive/1/412198

[SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution

[SECURITY] [DSA 834-1] New prozilla packages fix arbitrary code execution. Read more at securityfocus.com/archive/1/412199