phpBB Avatar Gallery Unspecified Injection

Network Security News – Tuesday, November 01, 2005 Events

phpBB Avatar Gallery Unspecified Injection

phpBB contains a flaw related to the avatar gallery that may allow an unspecified injection. No further details have been provided.. Read more at osvdb.org/20397

phpBB search.php list_cat Variable XSS

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list_cat' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20389

phpBB login.php forward_page Variable XSS

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forward_page' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20388

phpBB usercp_register.php error_msg Variable XSS

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'error_msg' variables upon submission to the 'usercp_register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20387

phpBB usercp_register.php signature_bbcode_uid Variable Arbitrary PHP Code Execution

phpbb contains a flaw that allows remote code execution. This flaw exists because the application does not validate the 'signature_bbcode_uid' variable upon submission to the 'usercp_register.php' script. This could allow a user to execute remote code, leading to a loss of integrity.. Read more at osvdb.org/20391

phpBB usercp_register.php signature_bbcode_uid Variable SQL Injection

phpBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'usercp_register.php' script not properly sanitizing user-supplied input to the 'signature_bbcode_uid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20390

FreeBSD Kernel /dev/null File Descriptor Close Issue

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the FreeBSD kernel allows a malicious user to direcly supply input to file descriptors during the execution of a setuid or setgid program. This flaw may lead to a loss of integrity.. Read more at osvdb.org/16033

FreeBSD access() Function Race Condition

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user executes a setuid program that utilizes the standard C library access() function. As access() will only verify that a user can access a given pathname, its use creates a race condition. This flaw may lead to a loss of integrity.. Read more at osvdb.org/17201

chmlib _chm_decompress_block() Function CHM File Processing Overflow

A remote overflow exists in chmlib. The library function "_chm_decompress_block()" fails to perform proper bounds checking, resulting in a stack-based buffer overflow. With a specially crafted CHM file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/20335

BSD TCP/IP Stacks IP Fragmentation Remote DoS

Certain BSD derived TCP/IP stacks contain a flaw that may allow a remote denial of service. The issue is triggered when a malicious user creates and sends a pair of malformed IP packets that are reassembled into an invalid UDP datagram. The invalid UDP datagram will cause the kernel to panic and crash, resulting in a loss of availability for the platform.. Read more at osvdb.org/908

Vuln: Apple Mac OS X Security Update Multiple Local Vulnerabilities

Apple Mac OS X Security Update 2005-10-31 Multiple Local Vulnerabilities. Read more at securityfocus.com/bid/15252

Vuln: Kaspersky Anti-Virus Library CAB Record Remote Heap Overflow Vulnerability

Kaspersky Anti-Virus Library CAB Record Remote Heap Overflow Vulnerability. Read more at securityfocus.com/bid/14998

Vuln: Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities

Comersus BackOffice Multiple Input Validation And Information Disclosure Vulnerabilities. Read more at securityfocus.com/bid/15251

Vuln: PHP PHPInfo Cross-Site Scripting Vulnerability

PHP PHPInfo Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/7805

APPLE-SA-2005-10-31 Mac OS X v10.4.3

APPLE-SA-2005-10-31 Mac OS X v10.4.3. Read more at securityfocus.com/archive/1/415313

New List

New List. Read more at securityfocus.com/archive/1/415234

Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability

Advisory 20/2005: PHP File-Upload $GLOBALS Overwrite Vulnerability. Read more at securityfocus.com/archive/1/415290

Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str()

Advisory 19/2005: PHP register_globals Activation Vulnerability in parse_str(). Read more at securityfocus.com/archive/1/415291