IBM DB2 Content Manager LZH Processing INSO DoS

Network Security News – Friday, November 11, 2005 Events

IBM DB2 Content Manager LZH Processing INSO DoS

IBM DB2 Content Manager contains a flaw that may allow a remote/local denial of service. The issue is triggered when a LZH file is processed through INSO code, and will result in a loss of availability for the service.. Read more at osvdb.org/20708

ZoneAlarm ShowHTMLDialog() Outbound Filter Bypass

Various ZoneAlarm products contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a trusted web browser is used to execute the ShowHTMLDialog() function. Malware can then create a modal dialog box to display HTML, and redirect the victim to the attacker's web site.. Read more at osvdb.org/20677

IRIX bsd.a Kernel t_bind t_unbind Unspecified

IRIX contains a networking flaw related to its bsd.a kernel that may allow t_unbind to change the behavior of t_bind. No further details have been provided.. Read more at osvdb.org/11160

Skype Crafted UDP Packet Remote Overflow

A remote overflow exists in Skype. The application fails to validate the user-controlled length of a UDP packet resulting in a heap overflow. With a specially crafted UDP packet, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/20306

Contineo initUser Page Reload Hashed Password Disclosure

Contineo contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to the password hash when you do not enter an email address for the admin account during setup. When the page reloads, the password field contains the password hash, which may lead to a loss of confidentiality.. Read more at osvdb.org/20704

Campsite notifyendsubs Cleartext MySQL Password Disclosure

Campsite contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to mysql root password by sniffing outgoing emails sent by notifyendsubs, which may lead to a loss of confidentiality.. Read more at osvdb.org/20698

BSD NFS Zero Length Payload RPC Message DoS

The Network File System (NFS) on FreeBSD, NetBSD and OpenBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a RPC message containing a zero-length payload to a NFS server. This causes the NFS server to reference a previous payload and enter into an infinite loop, resulting in a loss of availability for the platform.. Read more at osvdb.org/5072