AbiWord RTF Importer ie_imp_RTF.cpp Multiple Overflows

Network Security News – Thursday, November 10, 2005 Events

AbiWord RTF Importer ie_imp_RTF.cpp Multiple Overflows

Multiple remote overflows exist in AbiWord. The 'ParseLevelText()', 'getCharsInsideBrace()', 'HandleLists()', and 'HandleAbiLists()' functions in 'ie_imp_RTF.cpp' fail to perform proper bounds checking resulting in multiple stack-based buffer overflows. With a specially crafted RTF file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/20015

PHPlist Unspecified User Information Disclosure

PHPlist contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered due to an unspecified flaw, which may allow a remote attacker to disclose user information resulting in a loss of confidentiality. No further details have been provided.. Read more at osvdb.org/20695

PHPlist Unspecified Remote File Inclusion

PHPlist contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to an unspecified script not properly sanitizing user-supplied input. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. No further details have been provided.. Read more at osvdb.org/2822

Phorum search.php forum_ids Variable SQL Injection

Phorum contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'search.php' script not properly sanitizing user-supplied input to the 'forum_ids' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20524

SUSE Linux pwdutils chfn Local Privilege Escalation

SUSE Linux contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the setuid 'chfn' binary in the 'pwdutils' suite does not properly check arguments when changing the 'GECOS' field, which may allow a malicious user to gain access to root privileges resulting in a loss of integrity.. Read more at osvdb.org/20525

Tonio Gallery showGallery.php galid Variable SQL Injection

Tonio Gallery contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'showGallery.php' script not properly sanitizing user-supplied input to the 'galid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20523

Clam AntiVirus OLE2 Unpacker ole2_walk_property_tree Function DoS

Clam AntiVirus contains a flaw that may allow a remote denial of service. The problem ist that the 'ole2_walk_property_tree()' function in the OLE2 unpacker does not properly handle malformed OLE2 files. With a malformed .doc file containing an invalid property tree, a remote attacker can cause the application to enter an infinite loop resulting in a loss of availability.. Read more at osvdb.org/20536

HP-UX envd Unspecified Local Privilege Escalation

HP-UX System Physical Environment Daemon (or "envd") contains an unspecified flaw that may allow a malicious user to gain access to unauthorized privileges.. Read more at osvdb.org/20678

CuteNews show_archives.php template Variable Traversal Arbitrary File Access

CuteNews contains a flaw that allows a remote attacker to retrieve arbitrary files by supplying directory traversal strings outside of the web path. The issue is due to the 'show_archives.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'template' variable(s).. Read more at osvdb.org/20472

CuteNews show_news.php template Variable Traversal Arbitrary File Access

CuteNews contains a flaw that allows a remote attacker to retrieve arbitrary files by supplying directory traversal strings outside of the web path. The issue is due to the 'show_news.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'template' variable(s).. Read more at osvdb.org/20473

Vuln: W3C Libwww Multiple Vulnerabilities

W3C Libwww Multiple Vulnerabilities. Read more at securityfocus.com/bid/15035

Vuln: Fetchmail POP3 Client Buffer Overflow Vulnerability

Fetchmail POP3 Client Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/14349

Vuln: Fetchmail’s FetchmailConf Utility Local Information Disclosure Vulnerability

Fetchmail’s FetchmailConf Utility Local Information Disclosure Vulnerability. Read more at securityfocus.com/bid/15179

Vuln: Emacs Local Variable Arbitrary Command Execution Vulnerability

Emacs Local Variable Arbitrary Command Execution Vulnerability. Read more at securityfocus.com/bid/15375

[USN-151-4] rpm vulnerability

[USN-151-4] rpm vulnerability. Read more at securityfocus.com/archive/1/416147

Antville 1.1 Cross Site Scripting

Antville 1.1 Cross Site Scripting. Read more at securityfocus.com/archive/1/416153

Multiple security issues in TikiWiki 1.9.x

Multiple security issues in TikiWiki 1.9.x. Read more at securityfocus.com/archive/1/416152

CYBSEC – Security Advisory: Multiple XSS in SAP WAS

CYBSEC – Security Advisory: Multiple XSS in SAP WAS. Read more at securityfocus.com/archive/1/416151