Trillian Malformed PNG Image Processing DoS

Network Security News – Thursday, October 06, 2005 Events

Trillian Malformed PNG Image Processing DoS

Trillian contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious PNG image is sent via the MSN protocol, and will result in loss of availability for the service.. Read more at osvdb.org/14401

Trillian Pro Yahoo Mail Account Cleartext Password Local Disclosure

Trillian contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to Yahoo Mail passwords when the Check Mail function occurs, which may lead to a loss of confidentiality.. Read more at osvdb.org/18440

Trillian Multiple Plug-in HTTP Response Header Overflow

A remote overflow exists in Trillian. Trillian fails to properly validate HTTP 1.1 response headers resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of malicious code resulting in a loss of integrity.. Read more at osvdb.org/15004

Solaris Xprt Unspecified Local Privilege Escalation

Sun Microsystems, Inc. Solaris contains a flaw that allows a local attacker gain escalated privileges. The issue is due to the unspecified problems with the Xprt program.. Read more at osvdb.org/19700

Zorum globalstat.php Direct Request Path Disclosure

Zorum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'globalstat.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18838

Zorum user.php Direct Request Path Disclosure

Zorum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'user.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18834

Zorum notification.php Direct Request Path Disclosure

Zorum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'notification.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18833

Zorum prod.php Pipe Character Arbitrary Command Execution

Zorum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'prod.php' script not properly sanitizing user-supplied input. With a specially crafted request containing a pipe ('|') character, a remote attacker can execute arbitrary commands resulting in a loss of integrity.. Read more at osvdb.org/18832

Zorum trace.php Direct Request Path Disclosure

Zorum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'trace.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18839

Zorum blacklist.php Direct Request Path Disclosure

Zorum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'blacklist.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18836

Vuln: IBM Tivoli Monitoring Web Health Console Multiple Denial of Service Vulnerabilities

IBM Tivoli Monitoring Web Health Console Multiple Denial of Service Vulnerabilities. Read more at securityfocus.com/bid/15011

Vuln: TellMe Multiple Cross-Site Scripting Vulnerabilities

TellMe Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15012

Vuln: MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability

MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability

. Read more at securityfocus.com/bid/14239

Vuln: MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability

MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability. Read more at securityfocus.com/bid/14236

PAKCON II: Call for Paper (CfP), Final Call!

PAKCON II: Call for Paper (CfP), Final Call!. Read more at securityfocus.com/archive/1/412582

Secunia Research: ALZip Multiple Archive Handling Buffer Overflow

Secunia Research: ALZip Multiple Archive Handling Buffer Overflow. Read more at securityfocus.com/archive/1/412580

Some new whitepapers …

Some new whitepapers …

. Read more at securityfocus.com/archive/1/412579

[ GLSA 200510-04 ] Texinfo: Insecure temporary file creation

[ GLSA 200510-04 ] Texinfo: Insecure temporary file creation. Read more at securityfocus.com/archive/1/412554