Network Security News – Tuesday, October 25, 2005 Events
Cerberus Helpdesk clients.php Multiple Variable XSS
Cerberus Helpdesk contains a flaw that allows a remote cross site scripting attack. The flaw exists because the application does not validate the 'sid' and 'id' variables upon submission to the 'clients.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20264
Chipmunk Forum quote.php forumID Variable XSS
Chipmunk Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'quote.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20165
Chipmunk Forum reply.php forumID Variable XSS
Chipmunk Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'reply.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20167
Chipmunk Topsites recommend.php ID Variable XSS
Chipmunk Topsites contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ID' variable upon submission to the 'recommend.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20168
Chipmunk Guestbook index.php start Variable Path Disclosure
Chipmunk Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially crafted URL to the 'start' variable in index.php, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/20170
Chipmunk Directory recommend.php entryID Variable XSS
Chipmunk Directory contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'entryID' variable upon submission to the 'recommend.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20169
Chipmunk Forum index.php forumID Variable XSS
Chipmunk Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20166
Chipmunk Forum newtopic.php forumID Variable XSS
Chipmunk Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forumID' variable upon submission to the 'newtopic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20164
Snort Back Orifice Pre-Processor UDP Packet Remote Overflow
A remote overflow exists in Snort. The Back Orifice Pre-Processor fails to validate UDP packets resulting in a stack overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/20034
Echelog Unspecified Function Stack Overflows
A stack overflow exists in Echelog. Echelog fails to check argument length supplied to undisclosed functions potentially resulting in stack overflows.. Read more at osvdb.org/20244
Vuln: Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability
Multiple Vendor Anti-Virus Magic Byte Detection Evasion Vulnerability. Read more at securityfocus.com/bid/15189
Vuln: Symantec Discovery Web Accounts Default Password Vulnerability
Symantec Discovery Web Accounts Default Password Vulnerability. Read more at securityfocus.com/bid/15188
Vuln: SCO UnixWare PPP Prompt Local Buffer Overflow Vulnerability
SCO UnixWare PPP Prompt Local Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15159
Vuln: SCO OpenServer Backupsh Local Buffer Overflow Vulnerability
SCO OpenServer Backupsh Local Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15160
[security bulletin] SSRT051055 rev.0 – HP Oracle for OpenView (OfO) Critical Patch Update October 2005
[security bulletin] SSRT051055 rev.0 – HP Oracle for OpenView (OfO) Critical Patch Update October 2005. Read more at securityfocus.com/archive/1/414392
Possible Bug in PHP-Fusion 6.0.204
Possible Bug in PHP-Fusion 6.0.204. Read more at securityfocus.com/archive/1/414395
SQL saphp Lesson
SQL saphp Lesson. Read more at securityfocus.com/archive/1/414398
Revised draft on ICMP attacks
Revised draft on ICMP attacks. Read more at securityfocus.com/archive/1/414394
Leave a Reply