WinACE ARJ Header Block Overflow

Network Security News – Friday, February 24, 2006 Events

WinACE ARJ Header Block Overflow

A remote overflow exists in WinAce. The product fails to check the size of the ARJ header block before reading it into a fixed-size heap buffer, resulting in a heap-based overflow. With a specially crafted ARJ archive, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23383

Bugzilla editparams.cgi whinedays Variable SQL Injection

Bugzilla contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'editparams.cgi' script not properly sanitizing user-supplied input to the 'whinedays' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23378

Xerox Multiple Product Unspecified Security Feature Bypass

Xerox WorkCentre and WorkCentre Pro contain a flaw related to the authentication procedure that may allow an attacker to gain unauthorized network access. No further details have been provided.. Read more at osvdb.org/23359

Guestbox /gb/gblog Poster IP Address Disclosure

Guestbox contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when "/gb/gblog" is appended to a guestbook entry, which will disclose the IP addresses that have added entries to the guestbook, resulting in a loss of confidentiality.. Read more at osvdb.org/23376

Guestbox action.php Admin Authentication Bypass

Guestbox contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a failure to properly authenticate HTTP requests for administrative functions in the action.php script. This flaw may lead to a loss of integrity.. Read more at osvdb.org/23374

Guestbox gbshow.php homepage Field XSS

Guestbox contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'homepage' variable upon submission to the gbshow.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23375

E-Blah Platinum Code/Routines.pl HTTP_REFERER Admin Log XSS

E-Blah contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'HTTP_REFERER' HTTP request header upon submission to the 'Code/Routines.pl' script. This could allow a user to create a specially crafted request that would embed arbitrary code in admin log file entries. This code would then be executed in the browser of an admin user viewing these admin log files, leading to a loss of integrity.. Read more at osvdb.org/23299

Barracuda Directory Add URL Function XSS

Barracuda Directory contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate parameters upon submission to the 'Add URL' functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23372

Geeklog lib-common.php Local File Inclusion

Geeklog contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to lib-common.php not properly sanitizing user input supplied to the 'language' variable. This may allow an attacker to read arbitrary local files or include local files which contain arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23349

GNU tar PAX Extended Headers Handling Overflow

A remote overflow exists in GNU Tar. GNU Tar fails to properly handle PAX extended headers resulting in a buffer overflow. With a specially crafted .tar archive, an attacker can cause arbitrary command execution resulting in a loss of integrity.. Read more at osvdb.org/23371

Vuln: Nullsoft Winamp M3U File Processing Buffer Overflow Vulnerability

Nullsoft Winamp M3U File Processing Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/16785

Vuln: CPG Dragonfly CMS Multiple Cross-Site Scripting Vulnerabilities

CPG Dragonfly CMS Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/16784

Vuln: PEAR::Auth Multiple Unspecified SQL Injection Vulnerabilities

PEAR::Auth Multiple Unspecified SQL Injection Vulnerabilities

. Read more at securityfocus.com/bid/16758

Vuln: Noah’s Classifieds Index.PHP Remote File Include Vulnerability

Noah’s Classifieds Index.PHP Remote File Include Vulnerability. Read more at securityfocus.com/bid/16780

Administrivia: New Bugtraq moderator

Administrivia: New Bugtraq moderator. Read more at securityfocus.com/archive/1/425940

RE: Amazon phishing scam on Yahoo servers

RE: Amazon phishing scam on Yahoo servers

. Read more at securityfocus.com/archive/1/425938

NSA Group Security Advisory NSAG-¦198-23.02.2006 Vulnerability The Bat v. 3.60.07

NSA Group Security Advisory NSAG-¦198-23.02.2006 Vulnerability The Bat v. 3.60.07. Read more at securityfocus.com/archive/1/425936

NSA Group Security Advisory NSAG-¦197-23.02.2006 Vulnerability CubeCart 3.0.0 ? 3.0.6

NSA Group Security Advisory NSAG-¦197-23.02.2006 Vulnerability CubeCart 3.0.0 ? 3.0.6. Read more at securityfocus.com/archive/1/425931