TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com/en/epaper/
DragonSoft Vulnerability and Threat Knowledge Base:
Contents:
* 5 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2008/04/01
Name: ZyXEL Prestige Router Default Password Vulnerability
Risk: High
CVSS Base Score: 7.5
Description:
ZyXEL Prestige routers P-660 and P-661 models with firmware 3.40(AGD.2)-3.40(AHQ.3) uses default password for the "user" account and "1234" as their default password for the "admin" account, which could allow a remote attacker to gain unauthorized access.
Category: Router_Switch
Affect OS: ZyXEL
Link: http://vdb.dragonsoft.com/detail.php?id=3210
Date Reported: 2008/04/07
Name: OpenSSH ForceCommand Command Execution Vulnerability
Risk: High
CVSS Base Score: 4.3
Description:
OpenSSH before v4.9 are exist command execution vulnerability. A remote authenticated attacker could modify the .ssh/rc session file and bypass the sshd_config ForceCommand directive, which would cause the attacker to execute arbitrary command on the system.
Category: SSH Servers
Affect OS: UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3213
Date Reported: 2008/04/03
Name: PHP php_sprintf_appendstring Function Integer Overflow Vulnerability
Risk: High
CVSS Base Score: 5
Description:
PHP 5 v5.2.5 and prior version are exist a integer overflow vulnerability in the php_sprintf_appendstring function. A remote attacker could sending a overly long string using the npad parameter to cause buffer overflow and execute arbitrary code on the system.
Category: Web Servers
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3211
Date Reported: 2008/04/01
Name: ZyXEL Prestige Router Administrative Page Security Bypass Vulnerability
Risk: Medium
CVSS Base Score: 6.5
Description:
ZyXEL Prestige routers P-660, P-661 models with firmware 3.40(AGD.2)-3.40(AHQ.3) are exist security bypass vulnerability, caused by improper restrictions on administrative pages. An authenticated attacker could send a direct URI request to gain privileges by accessing administrative URIs.
Category: Router_Switch
Affect OS: ZyXEL Prestige P-660, P-661
Link: http://vdb.dragonsoft.com/detail.php?id=3209
Date Reported: 2008/04/07
Name: phpMyAdmin Session Data Information Disclosure Vulnerability
Risk: Low
CVSS Base Score: 2.1
Description:
phpMyAdmin v2.11.5.0 and prior version are exist information disclosure vulnerability. caused by phpMyAdmin stores the MySQL username, and the Blowfish secret key as plain text in the /tmp Session file. A local attacker could exploit this vulnerability to obtain sensitive information..
Category: CGI Scripts
Affect OS: Windows, UNIX
Link: http://vdb.dragonsoft.com/detail.php?id=3212
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent of the DragonSoft Security Associates. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft vdb_adm@dragonsoft.com of DragonSoft Security Associates, Inc.
About DragonSoft Security Associates:
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education.
Founded in 2002, DragonSoft offers vulnerability management solutions, including vulnerability assessment, System Security Management and intrusion prevention.
DragonSoft Security Associates, Inc. http://www.dragonsoft.com/
Taipei: 4F-8, No 351, Sec.2, Chun-Sun Road, Chun-Ho City, Taiwan 235 R.O.C
Tel. +886-2-8221-5408 Fax. +886-2-8221-5476
Hsinchu: 6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300 R.O.C
Tel. +886-3-5630989 Fax. +886-3-5797758
留言列表
