Network Security News – Friday, October 28, 2005 Events
Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure (Myth/Fake)
Microsoft Windows 2000 was reported to contain a flaw that may allow a malicious user to read another user's credentials. The issue is triggered when the RUN AS service is stopped, and a malicious user can read the authentication data entered into the RUN AS dialog via a crafted named pipe. However, it requires administrative privileges to create a named pipe making this a non-issue.. Read more at osvdb.org/20222
FreeBSD syncookies Internal Key Generation Weakness
FreeBSD contains a flaw that may allow a malicious user to spoof TCP connections. The issue is triggered when 32-bit internal keys are used to generate syncookies. It is possible that the flaw may allow a malicious user to bypass IP-based access control lists and/or reset TCP connections, resulting in a loss of integrity.. Read more at osvdb.org/19785
Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure (Myth/Fake)
Microsoft Windows 2000 has been reported to contain a flaw that may lead to information disclosure by using the RUN AS service. Memory used by the runas.exe program is not cleared after use, and might be assigned to another program. An attacker with local privileges can reportedly gain access to this memory, potentially gaining sensitive information. However, the vendor notes that to gain access to this program and memory, one would need administrator privileges making this a non-issue.. Read more at osvdb.org/20220
SaveWebPortal menu_dx.php Traversal Arbitrary File Access/Execution
SaveWebPortal contains a flaw that allows a remote attacker to access arbitrary files outside of the web path and/or execute arbitrary files. The issue is due to the 'menu_dx.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'SITE_Path' variable.. Read more at osvdb.org/18928
SaveWebPortal menu_sx.php CONTENTS_Dir Variable Remote File Inclusion
SaveWebPortal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'menu_sx.php' not properly sanitizing user input supplied to the 'CONTENTS_Dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18931
SaveWebPortal menu_sx.php Multiple Variable XSS
SaveWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the 'menu_sx.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18935
SaveWebPortal menu_sx.php Traversal Arbitrary File Access/Execution
SaveWebPortal contains a flaw that allows a remote attacker to access arbitrary files outside of the web path and/or execute arbitrary files. The issue is due to the 'menu_sx.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'CONTENTS_Dir' variable.. Read more at osvdb.org/18929
SaveWebPortal Multiple HTTP Header Arbitrary Script Injection
SaveWebPortal contains a flaw that may allow a remote attacker to inject arbitrary code. This flaw exists because the application does not validate user-supplied input to the 'HTTP_REFERER' and 'HTTP_USER_AGENT' headers, which may allow a remote attacker to inject arbitrary Javascript code that would be executed when an administrative user views the visitor log resulting in a loss of integrity.. Read more at osvdb.org/18936
SaveWebPortal menu_dx.php SITE_Path Variable Remote File Inclusion
SaveWebPortal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'menu_dx.php' not properly sanitizing user input supplied to the 'SITE_Path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18930
SaveWebPortal menu_dx.php Multiple Variable XSS
SaveWebPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'L_InsertCorrectly', 'L_MENUDX_Login', 'L_MENUDX_Username', 'L_MENUDX_Password', 'L_Ok', 'IMAGES_Url', 'L_MENUDX_Registration', 'BANNER_Url', 'L_MENUSX_Newsletter' and 'L_MENUDX_InsertEMail' variables upon submission to the 'menu_dx.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18934
Vuln: Hasbani Web Server Malformed HTTP GET Request Remote Denial of Service Vulnerability
Hasbani Web Server Malformed HTTP GET Request Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/15225
Vuln: Apache Mod_Auth_Shadow Authentication Bypass Vulnerability
Apache Mod_Auth_Shadow Authentication Bypass Vulnerability. Read more at securityfocus.com/bid/15224
Vuln: Todd Miller Sudo Local Privilege Escalation Vulnerability
Todd Miller Sudo Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/15191
Vuln: FlatNuke Index.PHP Cross-Site Scripting Vulnerability
FlatNuke Index.PHP Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/15176
Secunia Research: ATutor Multiple Vulnerabilities
Secunia Research: ATutor Multiple Vulnerabilities. Read more at securityfocus.com/archive/1/414864
[CIRT.DK] – Novell ZENworks Patch Management Server 6.0.0.52 – SQL injection
[CIRT.DK] – Novell ZENworks Patch Management Server 6.0.0.52 – SQL injection. Read more at securityfocus.com/archive/1/414880
[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution
[SECURITY] [DSA 876-1] New lynx-ssl packages fix arbitrary code execution. Read more at securityfocus.com/archive/1/414853
[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness
[SECURITY] [DSA 875-1] New OpenSSL packages fix cryptographic weakness. Read more at securityfocus.com/archive/1/414844
Leave a Reply