TO SUBSCRIBE, UNSUBSCRIBE, OR CHANGE YOUR SUBSCRIPTION, go to:
http://www.dragonsoft.com/epaper/
DragonSoft (Chinese/English) Vulnerability and Threat Knowledge Base:
. Chinese Version: http://vdb.dragonsoft.com.tw/
. English Version: http://vdb.dragonsoft.com/
Contents:
* 9 Reported Vulnerabilities
* Sort by Risk
-------------------------------------------------
Date Reported: 2004/08/23
Name: MySQL mysql_real_connect Buffer Overflow Vulnerability 2
Risk: High
Category: MySQL
Affect OS: Windows, UNIX
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1989
Description (English): http://vdb.dragonsoft.com/detail.php?id=1989
Date Reported: 2004/09/03
Name: CesarFTP Buffer Overflow Vulnerability
Risk: Medium
Category: FTP Servers
Affect OS: Windows NT4, 2000, XP, 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1999
Description (English): http://vdb.dragonsoft.com/detail.php?id=1999
Date Reported: 2004/09/03
Name: IPSwitch WS_FTP Server CD Command DoS Vulnerability
Risk: Medium
Category: FTP Servers
Affect OS: Windows NT4, 2000, XP, 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1995
Description (English): http://vdb.dragonsoft.com/detail.php?id=1995
Date Reported: 2004/09/03
Name: D-Link DCS-900 Camera Remote Configuration Vulnerability
Risk: Medium
Category: Others
Affect OS: D-Link DCS-900 Internet Camera 2.10, 2.20, 2.28
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1997
Description (English): http://vdb.dragonsoft.com/detail.php?id=1997
Date Reported: 2004/08/31
Name: Cisco IOS Telnet Service Remote DoS Vulnerability
Risk: Medium
Category: Router_Switch
Affect OS: Cisco IOS
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1994
Description (English): http://vdb.dragonsoft.com/detail.php?id=1994
Date Reported: 2004/08/23
Name: MySQL Mysqlhotcopy Script Temporary File Vulnerability
Risk: Medium
Category: MySQL
Affect OS: Linux
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1990
Description (English): http://vdb.dragonsoft.com/detail.php?id=1990
Date Reported: 2004/08/21
Name: IMail Server Weak Password Encryption
Risk: Medium
Category: Mail Servers
Affect OS: NT
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1988
Description (English): http://vdb.dragonsoft.com/detail.php?id=1988
Date Reported: 2004/09/03
Name: WFTPD Server MLST Command Remote DoS Vulnerability
Risk: Medium
Category: FTP Servers
Affect OS: Windows NT4, 2000, XP, 2003
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1996
Description (English): http://vdb.dragonsoft.com/detail.php?id=1996
Date Reported: 2004/08/27
Name: ZyXEL Prestige Router Authentication Password DoS Vulnerability
Risk: Low
Category: Router_Switch
Affect OS: ZyXEL Prestige 650HW-31, 650R-11
Description (Chinese): http://vdb.dragonsoft.com.tw/detail.php?id=1993
Description (English): http://vdb.dragonsoft.com/detail.php?id=1993
-------------------------------------------------
Risk:
High: Allow immediate remote, or local access or immediate execution of code or commands,
with unauthorized privileges, and bypassing security on firewalls.
Medium: Potential of granting access or allowing code execution by means of complex or
lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle
attacks, SQL injection, denial of service, information disclosure.
Low: deny service or provide non-system information that could be used to formulate
structured attacks on a target, but not directly gain unauthorized access.
-------------------------------------------------
Copyright (c) 2002 DragonSoft Security Associate, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this document.
It is not to be edited or altered in any way without the express written consent
of the DragonSoft Security Associate. If you wish to reprint the whole or any
part of this document in any other medium excluding electronic media, please email
alert@dragonsoft.com for permission.
Disclaimer: The information in the database may change without notice.
Use of this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information, implied or otherwise,
with regard to this information or its use. Any use of this information is at
the user's risk. In no event shall the author/distributor be held liable for any
damages whatsoever arising out of or in connection with the use or spread of this information.
Please send suggestions, updates, and comments to: DragonSoft
vdb@dragonsoft.com of DragonSoft Security Associate, Inc.
DragonSoft Security Associate, Inc. http://www.dragonsoft.com/
Tel. +886-3-5630989
Fax. +886-3-5797758
6F, No. 30, Lane 607, Sec. 1, Guangfu Rd., Hsinchu, Taiwan 300
|
