Network Security News – Thursday, December 01, 2005 Events
HydroBB calendar.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the calendar.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21301
HydroBB pms.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the pms.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21300
HydroBB groups.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the groups.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21299
HydroBB usercp.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the usercp.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21298
HydroBB register.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21297
HydroBB viewforum.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the viewforum.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21296
HydroBB stats.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the stats.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21295
HydroBB members.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the members.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21294
HydroBB search.php s Variable XSS
HydroBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21293
BSD uusend Arbitrary Privileged Command Execution
BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges and/or cause an unauthorized information disclosure. The issue is triggered when uusend fails to perform access checking, such as check the USERFILE file or check file permissions, before transmitting UUCP owned files or other files; such as /usr/lib/uucp/L.sys or /etc/passwd. This flaw may lead to a loss of confidentiality and/or integrity.. Read more at osvdb.org/632
Vuln: Linux Kernel NAT Handling Memory Corruption Denial of Service Vulnerability
Linux Kernel NAT Handling Memory Corruption Denial of Service Vulnerability. Read more at securityfocus.com/bid/15531
Vuln: Linux Kernel IP_VS_CONN_FLUSH Local Denial of Service Vulnerability
Linux Kernel IP_VS_CONN_FLUSH Local Denial of Service Vulnerability. Read more at securityfocus.com/bid/15528
Vuln: Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
Linux Kernel World Writable SYSFS DRM Debug File Vulnerability. Read more at securityfocus.com/bid/15154
Vuln: Linux Kernel SYS_GET_THREAD_AREA Information Disclosure Vulnerability
Linux Kernel SYS_GET_THREAD_AREA Information Disclosure Vulnerability. Read more at securityfocus.com/bid/15527
MDKSA-2005:220 – Updated kernel packages fix numerous vulnerabilities
MDKSA-2005:220 – Updated kernel packages fix numerous vulnerabilities. Read more at securityfocus.com/archive/1/418213
MDKSA-2005:219 – Updated kernel packages fix numerous vulnerabilities
MDKSA-2005:219 – Updated kernel packages fix numerous vulnerabilities. Read more at securityfocus.com/archive/1/418205
MDKSA-2005:218 – Updated kernel packages fix numerous vulnerabilities
MDKSA-2005:218 – Updated kernel packages fix numerous vulnerabilities. Read more at securityfocus.com/archive/1/418206
Re: Opera 8.50 DoS with simple java applet
Re: Opera 8.50 DoS with simple java applet. Read more at securityfocus.com/archive/1/418207
Leave a Reply