Network Security News – Friday, March 10, 2006 Events
m-phorum index.php go Variable Remote File Inclusion
m-phorum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'go' variable. This may allow an attacker to include a file either locally or from a remote host that may contain arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23740
VERITAS Backup Exec Remote Agent for Windows CONNECT_CLIENT_AUTH Remote Overflow
A remote overflow exists in Backup Exec Remote Agent for Windows. The issue occurs when a client authentication request is received with type '3' and a long password argument. Reliable execution is obtained by abusing the stack overflow to smash a SEH pointer resulting in a loss of integrity.. Read more at osvdb.org/17624
Alt-N WebAdmin USER Buffer Overflow
A remote overflow exists in WebAdmin. The issue is due to insufficient bounds checking on the USER parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause code execution with SYSTEM level privileges resulting in a loss of integrity.. Read more at osvdb.org/2207
sBLOG comments_do.php Multiple Variable POST Method XSS
sBLOG contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title' and 'username' variables upon submission to the comments_do.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23760
sBLOG search.php keyword Variable POST Method XSS
sBLOG contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23759
PHP Upload Center Direct Request User Password Hash Disclosure
PHP Upload Center contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to hashed passwords from an HTTP request like http://[site]/[path]/users/[user], which may lead to a loss of confidentiality.. Read more at osvdb.org/23627
QwikiWiki index.php page Variable XSS
QwikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23700
Alien Arena 2006 Gold Edition Com_sprintf() Function Long Skin DoS
Alien Arena contains a flaw that may allow a remote denial of service. The issue is triggered when using a player with a long skin, weapon, or model name (about 110 characters suffices), and will result in loss of availability for any client who is already inside or joins the game server.. Read more at osvdb.org/23749
Alien Arena 2006 Gold Edition g_cmds.c Cmd_Say_f Remote Overflow
A remote overflow exists in Alien Arena 2006 Gold Edition. The product fails to perform correct boundary checks on the Cmd_Say_f buffer in g_cmds.c resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23748
Alien Arena 2006 Gold Edition acebot_cmds.c safe_cprintf() Function Format String
A remote format string vulnerability in Alien Arena 2006 Gold Edition is triggered when a crafted string is sent to the safe_cprintf() function in acebot_cmds.c. An attacker can cause arbitrary code execution, resulting in a loss of integrity.. Read more at osvdb.org/23747
Leave a Reply