Cisco 7920 Wireless IP Phone Persistent Default SNMP Strings

Network Security News – Wednesday, June 14, 2006 Events

Cisco 7920 Wireless IP Phone Persistent Default SNMP Strings

The Cisco 7920 Wireless IP Phone with default SNMP community strings "public" and "private". The strings are publicly known and documented, and cannot be changed. This allows attackers to trivially access the phone.. Read more at osvdb.org/20966

Ringlink stats.cgi ringid Variable XSS

Ringlink contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ringid' variable upon submission to the stats.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26319

Ringlink next.cgi ringid Variable XSS

Ringlink contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ringid' variable upon submission to the next.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26318

Ringlink list.cgi ringid Variable XSS

Ringlink contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ringid' variable upon submission to the list.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26320

NPDS viewforum.php forum Variable XSS

NPDS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forum' variable upon submission to the viewforum.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26294

NPDS user.php email Variable XSS

NPDS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the user.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26296

NPDS meta.php nuke_url Variable XSS

NPDS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'nuke_url' variable upon submission to the meta.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26293

NPDS header.php Multiple Variable XSS

NPDS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Titlesitename' or 'sitename' variables upon submission to the header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26292

NPDS header.php Direct Request Path Disclosure

NPDS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the header.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26287

NPDS header.php Default_Theme Variable Traversal Arbitrary File Access

NPDS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the header.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'Default_Theme' variable.. Read more at osvdb.org/26290

Vuln: Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting Vulnerability

Cisco VPN3K/ASA WebVPN Clientless Mode Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/18419

Vuln: Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability

Microsoft Windows SMB Driver Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/18356

Vuln: Microsoft SMB Driver Local Denial Of Service Vulnerability

Microsoft SMB Driver Local Denial Of Service Vulnerability

. Read more at securityfocus.com/bid/18357

Vuln: Content-Builder Multiple Remote File Include Vulnerabilities

Content-Builder Multiple Remote File Include Vulnerabilities. Read more at securityfocus.com/bid/18404

[REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock.

[REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock.. Read more at securityfocus.com/archive/1/437016

Re: Simpnews <= All version – Remote File Include Vulnerabilities

Re: Simpnews <= All version – Remote File Include Vulnerabilities

. Read more at securityfocus.com/archive/1/437014

[REVERSEMODE ADVISORY] MS06-030 – Microsoft Mrxsmb.sys privilege escalation advisory

[REVERSEMODE ADVISORY] MS06-030 – Microsoft Mrxsmb.sys privilege escalation advisory. Read more at securityfocus.com/archive/1/437006

Re: Shoutpro 1.0 Version – Remote File Include Vulnerability

Re: Shoutpro 1.0 Version – Remote File Include Vulnerability. Read more at securityfocus.com/archive/1/436997