Network Security News – Wednesday, October 05, 2005 Events
OpenBSD Accept/Deny Rule Parsing Weakness
When OpenBSD is deployed on big endian byte ordered platforms (sparc64), it contains a flaw that may allow a malicious user to bypass httpd access module allow/deny rules. The issue is triggered when IP addresses are used without a netmask causing the rules to fail to match. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality.. Read more at osvdb.org/19837
Astaro Security Linux Proxy Invalid Request Information Disclosure
Astaro Security Linux Proxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending an invalid connection request to the proxy port, which will disclose login-credentials used internaly by the Content Filter Framework (Proxy-authorization: Basic LTpwcHBwCg==), resulting in a loss of confidentiality.. Read more at osvdb.org/19793
Astaro Security Linux Proxy index.fpl wfe_download Variable Traversal Arbitrary File Access
Astaro Security Linux Proxy contains a flaw that allows a remote attacker to access files on filesystem outside of the web path. The issue is due to the "index.fpl" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "wfe_download" variable.. Read more at osvdb.org/19792
IceWarp Web Mail logout.html Traversal Arbitrary File/Directory Deletion
IceWarp Web Mail contains a flaw that allows a remote attacker to delete arbitrary files and directories. The issue is due to the 'logout.html' page not properly sanitizing user input supplied via the 'id' variable.. Read more at osvdb.org/19830
IceWarp Web Mail help.html Traversal Arbitrary File Access
IceWarp Web Mail contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'help.html' page not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'helpid' variable.. Read more at osvdb.org/19831
IceWarp Web Mail calendar_w.html createdataCX Variable XSS
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_w.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19828
IceWarp Web Mail calendar_m.html createdataCX Variable XSS
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_m.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19827
IceWarp Web Mail calendar_d.html createdataCX Variable XSS
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_d.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19826
IceWarp Web Mail bwlist_inc.html Direct Request Path Disclosure
IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'bwlist_inc.html' page, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/19829
IceWarp Web Mail blank.html id Variable XSS
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'blank.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19825
Vuln: University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability
University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15009
Vuln: Symantec Antivirus Web Service Administrative Interface Buffer Overflow Vulnerability
Symantec Antivirus Web Service Administrative Interface Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15001
Vuln: Mozilla Suite And Firefox Multiple Script Manager Security Bypass Vulnerabilities
Mozilla Suite And Firefox Multiple Script Manager Security Bypass Vulnerabilities
. Read more at securityfocus.com/bid/13641
Vuln: Mozilla Suite And Firefox DOM Property Overrides Code Execution Vulnerability
Mozilla Suite And Firefox DOM Property Overrides Code Execution Vulnerability. Read more at securityfocus.com/bid/13645
A common researcher diagnosis error: misreading error messages
A common researcher diagnosis error: misreading error messages. Read more at securityfocus.com/archive/1/412450
[security bulletin] SSRT051041 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)
[security bulletin] SSRT051041 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS). Read more at securityfocus.com/archive/1/412415
[security bulletin] SSRT051040 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code
[security bulletin] SSRT051040 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code
. Read more at securityfocus.com/archive/1/412451
[security bulletin] SSRT5940 rev.2 – HP-UX Mozilla remote, unauthorized user may execute privileged code
[security bulletin] SSRT5940 rev.2 – HP-UX Mozilla remote, unauthorized user may execute privileged code. Read more at securityfocus.com/archive/1/412452
Leave a Reply