Network Security News – Tuesday, February 14, 2006 Events
MyBulletinBoard (MyBB) moderation.php posts Variable SQL Injection
MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'moderation.php' script not properly sanitizing user-supplied input to the 'posts' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22957
vwdev index.php UID Variable SQL Injection
vwdev contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'UID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22991
Clever Copy mailarticle.php ID Variable SQL Injection
Clever Copy contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'mailarticle.php' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22984
Verity KeyView Viewer SDK kvarcve.dll Compressed File Preview Traversal Arbitrary File Deletion
Verity KeyView Viewer SDK contains a flaw that allows a remote attacker to delete arbitrary files. The issue is due to 'kvarcve.dll' not properly checking the filenames of compressed files in ZIP, UUE, and TAR archives for traversal style attacks (../../) when generating their previews.. Read more at osvdb.org/23066
Verity KeyView Viewer SDK htmsr.dll Link Processing Overflow
An overflow exists in the HTML speed reader component of the KeyView Viewer SDK. The software fails to properly validate file names passed to the 'htmsr.dll' library when a link is clicked, resulting in a buffer overflow. With a specially crafted long file name starting with a 'http', 'ftp' or '//' prefix, an attacker can execute arbitrary code, resulting in a loss of integrity.
Note that the vulnerable component is used by IBM Lotus Notes for viewing HTML files.. Read more at osvdb.org/23068
PAM-MySQL SQL Logging Facility Segfault DoS
PAM-MySAQL contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified flaw resulting in a segmentation fault in the SQL logging facility occurs, and will result in loss of availability for the service.. Read more at osvdb.org/22994
Lotus Domino iNotes Attached File XSS
Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate HTML attachments of emails upon displaying them to the user. In addition, Lotus Notes fails to properly sanitise the attachment's file name before displaying it to the user. Both these issues could allow an attacker to create a specially crafted HTML file or a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23077
Lotus Domino iNotes Email Subject XSS
Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the subject of an email upon displaying it to the user. This could allow an attacker to create a specially crafted file name that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23078
Lotus Domino iNotes javascript: Filter Bypass
Lotus Notes contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does properly validate JavaScript content that contains a ' ' character, bypassing the existing security filters. This could allow an attacker to create a specially crafted link that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23079
Leave a Reply