AlstraSoft Template Seller Pro payment_paypal.php config[basepath] Variable Remo

Network Security News – Thursday, November 17, 2005 Events

AlstraSoft Template Seller Pro payment_paypal.php config[basepath] Variable Remote File Inclusion

Template Seller Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to payment_paypal.php not properly sanitizing user input supplied to the config[basepath] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/20895

AlstraSoft Template Seller Pro Admin Authentication Multiple Field SQL Injection

Template Seller Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admin/index.php script not properly sanitizing user-supplied input to the "user_name" variable, among others. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20896

PHP Unspecified curl / gd Restriction Bypass

PHP contains a flaw in the "ext/curl" and "ext/gd" modules that may allow a malicious user to view sensitive files without authorization. It is possible that the flaw may allow the attacker to bypass the "safe_mode" or "open_basedir" restrictions. This may allow the disclosure of sensitive information, resulting in a loss of confidentiality.. Read more at osvdb.org/20898

Multiple BSD pppd Race Condition Arbitrary File Permission Modification

Multiple BSD OSs contain a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to pppd changing the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device, resulting in a loss of integrity.. Read more at osvdb.org/20753

NetBSD TCP Socket shutdown Resource DoS

NetBSD contains a flaw that may allow a remote denial of service. The issue is triggered when the sbappend() function fails to consult the SS_CANTRCVMORE flag on the TCP socket properly, resulting in excessive kernel memory consumption and a loss of availability for the platform.. Read more at osvdb.org/20775

NetBSD ftpd STAT Command Firewall State Table Corruption DoS

NetBSD contains a flaw that may allow a malicious attacker to corrupt state tables in intermediate firewall devices via the STAT command in ftpd. The issue is triggered when a filename that contains "\n[0-9]" is specified. It is possible that the flaw may result in a loss of integrity and/or availability.. Read more at osvdb.org/20754

NetBSD procfs Negative uio_offset Unspecified Issue

NetBSD contains a flaw related to the process file system (procfs) that may allow a malicious user to cause a negative uio_offset. No further details have been provided.. Read more at osvdb.org/20730

NetBSD Message Buffer Negative Offset Arbitrary Kernel Memory Access

NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when negative offsets are permitted while reading the message buffer, which will disclose arbitrary kernel memory segments resulting in a loss of confidentiality.. Read more at osvdb.org/20729

NetBSD IPsec-AH AES-XCBC-MAC Fixed Key Calculation Weakness

NetBSD contains a flaw that may allow a malicious attacker to bypass IP Security (IPsec). The issue is triggered when a machine using IPsec with AH and the AES-XCBC-MAC algorithm incorrectly uses a fixed key instead of the provided one. It is possible that the flaw may allow the acceptance of forged packets, resulting in a loss of integrity.. Read more at osvdb.org/20727

Multiple Vendor ISAKMP Protocol Unspecified Issues (PROTOS)

Various products contain a flaw related to the ISAKMP protocol. No further details have been provided.. Read more at osvdb.org/20870

Vuln: Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability

Zyxel P2000W v.1 VOIP WIFI Phone Information Disclosure Vulnerability. Read more at securityfocus.com/bid/15478

Vuln: Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities

Hitachi WirelessIP5000 Multiple Unauthorized Access Vulnerabilities. Read more at securityfocus.com/bid/15477

Vuln: PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities

PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities. Read more at securityfocus.com/bid/14695

Vuln: UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities

UTStarcom F1000 VOIP WIFI Phone Multiple Remote Access Vulnerabilities. Read more at securityfocus.com/bid/15476

MDKSA-2005:212 – Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities

MDKSA-2005:212 – Updated egroupware packages to address phpldapadmin, phpsysinfo vulnerabilities. Read more at securityfocus.com/archive/1/416903

[security bulletin] SSRT5979 – HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) Remote Denial of Service (DoS)

[security bulletin] SSRT5979 – HP Jetdirect 635n IPv6/IPsec Print Server (J7961A) Remote Denial of Service (DoS). Read more at securityfocus.com/archive/1/416896

Re: List of Security-oriented Fairs/Events/Conferences?

Re: List of Security-oriented Fairs/Events/Conferences?. Read more at securityfocus.com/archive/1/416893

[security bulletin] SSRT5979 – HP-UX Running IPSec Remote Denial of Service (DoS)

[security bulletin] SSRT5979 – HP-UX Running IPSec Remote Denial of Service (DoS). Read more at securityfocus.com/archive/1/416911