Network Security News – Sunday, February 05, 2006 Events
Outblaze throw.main file Variable XSS
Outblaze contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' variable upon submission to the 'throw.main' program. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22909
Kinesphere eXchange POP3 RCPT TO Command Remote Overflow
A local overflow exists in eXchange POP3. The software fails to properly validate input to the 'RCPT TO:' command, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code, resulting in a loss of integrity.. Read more at osvdb.org/22907
Adobe Multiple Product Permission Weakness Privilege Escalation
Adobe Photoshop, Adobe Illustrator, Adobe Creative Suite Standard and Adobe Creative Suite Premium contain a flaw that may allow a malicious user to access files with unauthorised privileges. The issue is present because the files are installed with insecure file permissions. This may result in a loss of confidentiality and/or integrity.. Read more at osvdb.org/22908
cPanel webmailaging.cgi numdays Variable XSS
cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'numdays' variable upon submission to the 'webmailaging.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22906
BrowserCRM Search Module results.php query Variable XSS
BrowserCRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query' variable upon submission to the 'results.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22841
SleeperChat index.php pseudo Variable XSS
SleeperChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pseudo' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22784
Cerberus Helpdesk clients.php contact_search Variable XSS
Cerberus Helpdesk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'contact_search' variable upon submission to the 'clients.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22843
Blue Coat ProxySG SGOS VPM Policy Explicit Enforcement Order Weakness
ProxySG SGOS contains a flaw that may allow a malicious user to circumvent proxy rules. The issue is triggered when a new evaluation order for the proxy's policies is defined, since SGOS always evaluates the Visual Policy Manager policy first, then the Local file policy, and then the Central file policy. It is possible that the flaw may allow an attacker to bypass the intended security policies, resulting in a loss of integrity.. Read more at osvdb.org/22854
SoftMaker Shop resultat.asp strSok Variable XSS
SoftMaker Shop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strSok' variable upon submission to the 'resultat.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22911
Leave a Reply