Flyspray index.php Multiple Variable XSS

Network Security News – Friday, November 04, 2005 Events

Flyspray index.php Multiple Variable XSS

Flyspray contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'PHPSESSID', 'tasks', 'string', 'type', 'serv', 'due', 'dev', and 'sort2' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20326

Cisco IPS Management Center (MC) Configuration Download Signature Failure

Cisco Management Center for IPS Sensors (IPS MC) contains a flaw that may allow a remote attacker to bypass intrusion detection. The issue is due to an error in the management center during the generation of the Cisco IOS IPS configuration file that is missing appropriate TCP/UDP port field values, which causes some signatures to be disabled.. Read more at osvdb.org/20444

Mac OS X Finder File Permission Display Weakness

File and group permissions in Mac OS X are may be misleading. The problem is that the Finder application does not properly display the actual file and group permissions in the 'Get Info' window, which may allow a malicious user to hide the actual permissions.. Read more at osvdb.org/20427

Sony CD First4Internet XCP DRM aries.sys Local File/Process Manipulation

The First4Internet XCP DRM software used to playback Sony copy-protected music CDs contains a flaw that may allow a malicious user to arbitrary manipulate local files and processes. The problem is that the 'aries.sys' driver hides any files, registry keys and/or processes with a name that starts with '$sys$', which may allow a malicious user to hide certain activities on a system that uses XCP resulting in a loss of integrity.. Read more at osvdb.org/20435

Microsoft IIS aexp4.htr Password Policy Bypass

Microsoft IIS installs the /iisadmpwd/aexp4.htr file by default, which can be used by an attacker to brute force a valid username/password. A valid user may also use it to change a password on a locked account or bypass the administrator security policy "user cannot change password".. Read more at osvdb.org/13430

Microsoft IIS aexp3.htr Password Policy Bypass

Microsoft IIS installs the /iisadmpwd/aexp3.htr file by default, which can be used by an attacker to brute force a valid username/password. A valid user may also use it to change a password on a locked account or bypass the administrator security policy "user cannot change password".. Read more at osvdb.org/13429

Microsoft IIS aexp2b.htr Password Policy Bypass

Microsoft IIS installs the /iisadmpwd/aexp2b.htr file by default, which can be used by an attacker to brute force a valid username/password. A valid user may also use it to change a password on a locked account or bypass the administrator security policy "user cannot change password".. Read more at osvdb.org/13428

Microsoft IIS aexp2.htr Password Policy Bypass

Microsoft IIS installs the /iisadmpwd/aexp2.htr file by default, which can be used by an attacker to brute force a valid username/password. A valid user may also use it to change a password on a locked account or bypass the administrator security policy "user cannot change password".. Read more at osvdb.org/13427

Sambar Server results.stm indexname XSS

Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "indexname" variable upon submission to the search/results.stm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16749

Sambar Server Referer XSS

Sambar Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Referer field of an HTTP request. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16751

Vuln: Movable Type Blog Entry Posting HTML Injection Vulnerability

Movable Type Blog Entry Posting HTML Injection Vulnerability. Read more at securityfocus.com/bid/15305

Vuln: Apple QuickTime Null Pointer Dereference Denial of Service Vulnerability

Apple QuickTime Null Pointer Dereference Denial of Service Vulnerability. Read more at securityfocus.com/bid/15307

Vuln: Apple QuickTime Compressed PICT Data Remote Buffer Overflow Vulnerability

Apple QuickTime Compressed PICT Data Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15309

Vuln: Apple QuickTime Movie Attributes Remote Integer Overflow Vulnerability

Apple QuickTime Movie Attributes Remote Integer Overflow Vulnerability. Read more at securityfocus.com/bid/15308

On Interpretation Conflict Vulnerabilities

On Interpretation Conflict Vulnerabilities. Read more at securityfocus.com/archive/1/415649

Re: [Full-disclosure] On Interpretation Conflict Vulnerabilities

Re: [Full-disclosure] On Interpretation Conflict Vulnerabilities. Read more at securityfocus.com/archive/1/415644

Re: [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting(XSS)XVulnerability in phpinfo()

Re: [Full-disclosure] Advisory 18/2005: PHP Cross Site Scripting(XSS)XVulnerability in phpinfo(). Read more at securityfocus.com/archive/1/415648

CuteNews 1.4.1 remote code execution

CuteNews 1.4.1 remote code execution. Read more at securityfocus.com/archive/1/415632