Network Security News – Thursday, March 10, 2005 Events
PY Software Active Webcam Webserver Multiple Vulnerabilities
Active Webcam is an application used for capturing and sharing video streams from various video devices. The application is also shipped with a webserver.Active Webcam…. Read more at securityfocus.com/bid/12778?ref=rss
PHPOutsourcing Zorum Multiple Remote Vulnerabilities
Zorum is a freely available, open source Web-based forum application implemented in PHP. It is available for UNIX, Linux, and any other platform that supports PHP script …. Read more at securityfocus.com/bid/12777?ref=rss
McNews Header.PHP Arbitrary File Include Vulnerability
mcNews is a news management script implemented in PHP.mcNews is reportedly affected by a remote file include vulnerability. This issue is due to a failure in the appli…. Read more at securityfocus.com/bid/12776?ref=rss
iDEFENSE Security Advisory 03.10.05: Ipswitch Collaboration Suite IMAP EXAMINE Buffer Overflow Vulnerability
Sender: iDEFENSE Labs [labs-no-reply at idefense dot com]. Read more at securityfocus.com/archive/1/392871?ref=rss
XCode 1.5 and distcc 2.x Exploit
Sender: Ray Slakinski [ray at sdf1 dot net]. Read more at securityfocus.com/archive/1/392842?ref=rss
Multiple AV Vendor Incorrect CRC32 Bypass Vulnerability.
Sender: Bipin Gautam [visitbipin at hotmail dot com]. Read more at securityfocus.com/archive/1/392840?ref=rss
[Updated][FLSA-2005:2344] Updated php packages fix security issues
Sender: Marc Deslauriers [marcdeslauriers at videotron dot ca]. Read more at securityfocus.com/archive/1/392839?ref=rss
Paypal Shopping Cart Digital Goods Download Plugin e-goods File Access
Paypal Shopping Cart contains a flaw that may allow a malicious user to unauthorized viewing and downloading of the e-goods (files for sale). The issue is triggered when a remote attacker obtains the URL of the plugin which does not properly authenticate the request.. Read more at osvdb.org/14457
Perl File::Path::rmtree Function Race Condition Privilege Escalation
The Perl File::Path:rmtree function contains a flaw that may allow a malicious local user to change permissions of arbitrary files on system. The issue is due to the way the File::Path::rmtree function handles directory permissions when cleaning up directories. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/14619
Xerox WorkCentre MicroServer Web Server Nondescript Restriction Bypass
Xerox WorkCentre contains a flaw related to the microServer web sever that may allow an attacker to make unauthorized changes to the system. No further details have been provided.. Read more at osvdb.org/14579
GFI LanGuard NSS SMTP Password Disclosure
LANguard Network Security Scanner contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a program is used to view the memory space of the process lnss.exe, which will disclose the SMTP passwords used in the alert system for local users resulting in a loss of confidentiality.. Read more at osvdb.org/14404
Matu FTP Client 220 Banner Processing Overflow
A remote overflow exists in the Matu FTP client. The Matu FTP client fails to properly check the bounds of certain responses returned by the server, resulting in a buffer overflow. With a specially crafted 220 reply code, a malicious server can cause a buffer overflow resulting in a loss of integrity.. Read more at osvdb.org/14429
Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
A local overflow exists in Microsoft Windows. The 'msinfo32.exe' application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the 'msinfo_file' variable containing 259 characters or more, a malicious user may cause the application to crash resulting in a loss of availability.. Read more at osvdb.org/9386
Microsoft Windows Small Buffer Length SMB Packet Overflow
A remote overflow exists in Microsoft Windows. The issue is due to improper bounds checking of SMB packet parameters resulting in a buffer overflow. With a specially crafted SMB packet that specifies too small of a buffer length, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/11801
phpBB sessions.php autologinid Remote Privilege Escalation
phpBB contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an error in the comparison of "sessiondata['autologinid']" and "auto_login_key". Further, phpBB does not reset the $userdata['user_level'] variable after a failed autologin. It is possible for a remote attacker to set a specially crafted cookie to change the user_id to that of an administrator resulting in a loss of integrity.. Read more at osvdb.org/14242
PunBB profile.php Arbitrary User Password Manipulation
PunBB contains a flaw that may allow a remote attacker to arbitrarily manipulate user passwords. The issue is triggered due to improper validation of user-supplied input upon submission to the 'profile.php' script. It is possible that the flaw may allow a remote attacker to arbitrary manipulate user passwords resulting in a loss of availability.. Read more at osvdb.org/14129
Multiple Vendors RPCBIND Spoofed Source IP Address DoS
Multiple vendor implementations of RPCBIND contains a flaw that may allow a remote denial of service. It is possible for a remote attacker to arbitrary register or unregister RPC services or manipulate these services using a spoofed source IP address, resulting in a loss of availability.. Read more at osvdb.org/5852
Multiple Vendor Antivirus Products Malformed ZIP Attachment Scan Evasion Vulnerability
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow potentially malformed ZIP archives to bypass detection. This issue …. Read more at securityfocus.com/bid/12771?ref=rss
Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument Buffer Overflow Vulnerability
Ipswitch Collaboration Suite (ICS) is an application suite that includes IMail Server and IMail Anti-Virus. The software provides e-mail and real-time collaboration as we…. Read more at securityfocus.com/bid/12780?ref=rss
All Enthusiast PhotoPost PHP Pro Multiple Remote Vulnerabilities
PhotoPost PHP Pro is a web-based image gallery application written in PHP. It can be implemented on any platform that supports PHP script execution.Multiple remote vuln…. Read more at securityfocus.com/bid/12779?ref=rss
Leave a Reply