Network Security News – Friday, February 03, 2006 Events
phpBB Rlink Module rlink.php url Variable XSS
phpBB Rlink Module contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variables upon submission to the 'rlink.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22818
SPIP index.php3 lang Variable XSS
SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lang' variable upon submission to the 'index.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22849
SZUserMgnt SZUserMgnt.class.php username Variable SQL Injection
SZUserMgnt contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SZUserMgnt.class.php script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22809
Zen Cart modules/move_product_confirm.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/move_product_confirm.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22875
Zen Cart modules/delete_product_confirm.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/delete_product_confirm.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22874
Zen Cart modules/copy_to_confirm.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/copy_to_confirm.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22873
Zen Cart modules/category_product_listing.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the modules/category_product_listing.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22872
Zen Cart attributes_preview.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the attributes_preview.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22871
Zen Cart application_bottom.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the application_bottom.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22870
Zen Cart graphs/banner_monthly.php Direct Request Path Disclosure
Zen Cart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the graphs/banner_monthly.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/22869
Vuln: Computer Associates Multiple Message Queuing Denial Of Service Vulnerabilities
Computer Associates Multiple Message Queuing Denial Of Service Vulnerabilities. Read more at securityfocus.com/bid/16475
Vuln: Retired – Blackboard Learning System Access Validation Vulnerability
Retired – Blackboard Learning System Access Validation Vulnerability. Read more at securityfocus.com/bid/16438
Vuln: Mozilla Firefox Large History File Buffer Overflow Vulnerability
Mozilla Firefox Large History File Buffer Overflow Vulnerability
. Read more at securityfocus.com/bid/15773
Vuln: Multiple Vendor KernFS LSEEK Local Kernel Memory Disclosure Vulnerability
Multiple Vendor KernFS LSEEK Local Kernel Memory Disclosure Vulnerability. Read more at securityfocus.com/bid/16173
Re: Re: Verified evasion in Snort
Re: Re: Verified evasion in Snort. Read more at securityfocus.com/archive/1/423836
[ MDKSA-2006:032 ] – Updated xpdf packages fixes heap-based buffer overflow vulnerability
[ MDKSA-2006:032 ] – Updated xpdf packages fixes heap-based buffer overflow vulnerability
. Read more at securityfocus.com/archive/1/423837
[ MDKSA-2006:031 ] – Updated kdegraphics packages fixes heap-based buffer overflow vulnerability
[ MDKSA-2006:031 ] – Updated kdegraphics packages fixes heap-based buffer overflow vulnerability. Read more at securityfocus.com/archive/1/423835
[ MDKSA-2006:030 ] – Updated poppler packages fixes heap-based buffer overflow vulnerability
[ MDKSA-2006:030 ] – Updated poppler packages fixes heap-based buffer overflow vulnerability. Read more at securityfocus.com/archive/1/423828
Leave a Reply