Network Security News – Wednesday, January 18, 2006 Events
CubeCart index.php Multiple Variable XSS
CubeCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'productId', 'docId', 'viewProd', or 'catId' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22471
America OnLine (AOL) YPG Picture Finder Tool ActiveX Control (YGPPicFinder.DLL) Overflow
A remote overflow exists in America Online. America Online contains a boundary error in the YPG Picture Finder Tool ActiveX Control, YGPPicFinder.DLL, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/22486
SimpleBlog comments.asp Comment Field XSS
SimpleBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comments.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22448
SMBCMS Site Search text Variable XSS
SMBCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'text' variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22494
WordPress wp-stats.php author Variable SQL Injection
WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-stats.php script not properly sanitizing user-supplied input to the 'author' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22450
geoBlog viewcat.php cat Variable SQL Injection
geoBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewcat.php script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22463
SimpleBlog index.php month Variable SQL Injection
SimpleBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'month' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22447
Mantis Project Documents Port Unspecified XSS
Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the project document port functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22488
Tux Paint tuxpaint-import.sh Symlink Arbitrary File Overwrite
Tux Paint contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the tuxpaint-import.sh script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/22453
Mantis manage_user Unspecified XSS
Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the manage_users functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22487
Vuln: EMC Legato Networker Multiple Remote Vulnerabilities
EMC Legato Networker Multiple Remote Vulnerabilities. Read more at securityfocus.com/bid/16275
Vuln: Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability
Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability. Read more at securityfocus.com/bid/16291
Vuln: Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability
Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability. Read more at securityfocus.com/bid/16284
Vuln: Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability
Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/16290
[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation
[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation. Read more at securityfocus.com/archive/1/422161
Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow – Exploit
Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow – Exploit. Read more at securityfocus.com/archive/1/422157
Re: Fullpath disclosure in roundcube webmail
Re: Fullpath disclosure in roundcube webmail. Read more at securityfocus.com/archive/1/422168
[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities
[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities. Read more at securityfocus.com/archive/1/422152
Leave a Reply