Network Security News – Thursday, October 20, 2005 Events
Xerver Single Dot File Request Source Disclosure
Xerver contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a '.' is appended to the filename of the script in the URL, which will disclose the source code of the script resulting in a loss of confidentiality.. Read more at osvdb.org/20075
Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness
Microsoft Windows Firewall contains a flaw that may allow a malicious local user, with administrative privileges, to hide firewall ruleset information. The issue is triggered by a specially crafted Windows Firewall exception entry in the Windows Registry. It is possible that the flaw may not allow firewall exception entries to be displayed in the Windows firewall graphical user interface, resulting in a loss of integrity. The command line firewall administration tool "Netsh" is not affected by this issue. Read more at osvdb.org/19287
Mac OS X QuickTime Java Extensions Untrusted Applet Privilege Escalation
Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The Java extensions bundled with Quicktime 6.52 and earlier may allow untrusted applets to call arbitrary functions from within system libraries. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19708
Mac OS X QuickDraw Manager PICT File Processing Overflow
A local overflow exists in Mac OS X. The QuickDraw Manager fails to validate PICT image files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/19707
MySource Socket.php PEAR_PATH Remote File Inclusion
MySource contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'Socket.php' not properly sanitizing user input supplied to the 'PEAR_PATH' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20037
MySource Span.php PEAR_PATH Remote File Inclusion
MySource contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'Span.php' not properly sanitizing user input supplied to the 'PEAR_PATH' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20041
MySource Request.php PEAR_PATH Remote File Inclusion
MySource contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'Request.php' not properly sanitizing user input supplied to the 'PEAR_PATH' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20038
MySource new_upgrade_functions.php Multiple Variable Remote File Inclusion
MySource contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'new_upgrade_functions.php' not properly sanitizing user input supplied to the 'INCLUDE_PATH' and 'SQUIZLIB_PATH' variables. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20035
MySource mimeDecode.php PEAR_PATH Remote File Inclusion
MySource contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'mimeDecode.php' not properly sanitizing user input supplied to the 'PEAR_PATH' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20042
MySource mime.php PEAR_PATH Remote File Inclusion
MySource contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'mime.php' not properly sanitizing user input supplied to the 'PEAR_PATH' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20043
Vuln: Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/15142
Vuln: Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/15143
Vuln: Oracle October Security Update Multiple Vulnerabilities
Oracle October Security Update Multiple Vulnerabilities
. Read more at securityfocus.com/bid/15134
Vuln: Bugzilla Authentication Information Disclosure Vulnerability
Bugzilla Authentication Information Disclosure Vulnerability. Read more at securityfocus.com/bid/13605
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit
cacam_logsecurity_win32 exploit published on 20051018 by Metasploit. Read more at securityfocus.com/archive/1/413881
Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability
Cisco Security Advisory:Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability. Read more at securityfocus.com/archive/1/413880
SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061)
SUSE Security Announcement: openSSL protocol downgrade attack (SUSE-SA:2005:061)
. Read more at securityfocus.com/archive/1/413844
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability
Re: [KAPDA::#6] Punbb SQL Injection Vulnerability. Read more at securityfocus.com/archive/1/413847
Leave a Reply