Network Security News – Monday, October 17, 2005 Events
Solaris Process File System (procfs) File Name Disclosure
Solaris contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an unspecified error in "procfs" (Process File System), which may allow a local unprivileged user to have visibility of process working directories for all other system and user processes information resulting in a loss of confidentiality.. Read more at osvdb.org/19976
WebGUI Asset.pm Asset Addition Arbitrary Code Execution
WebGUI contains a flaw that may allow a remote malicious user to execute arbitrary commands. This flaw exists because the application does not properly filter specially crafted parameters upon submission to the 'lib/WebGUI/Asset.pm' script, in the www_add function, when adding a new Asset. It is possible that the flaw may allow the execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/19933
Leave a Reply