PeerCast procConnectArgs() Function URL Handling Remote Overflow

Network Security News – Saturday, March 11, 2006 Events

PeerCast procConnectArgs() Function URL Handling Remote Overflow

A remote overflow exists in PeerCast. The procConnectArgs() function fails to perform correct boundary checks on parameters passed in a URL, resulting in a stack-based overflow. With a specially crafted URL, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23777

UnrealIRCd Server Link Crafted Q:lines DoS

UnrealIRCd contains a flaw that may allow a remote denial of service. The issue is triggered when a linked server sends a specially crafted TKL command for adding/removing Q:lines with special characters, and will result in loss of availability for the service.. Read more at osvdb.org/23778

phpBannerExchange resetpw.php email Field Traversal Arbitrary File Access

phpBannerExchange contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'resetpw.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'email' field. variable(s).. Read more at osvdb.org/23720

Nodez list.gtdat User Database Remote Disclosure

Nodez contains a flaw that may lead to an unauthorized information exposure. It is possible to retrieve the user names and hashed passwords by directly requesting the 'list.gtdat' file, which may lead to a loss of confidentiality.. Read more at osvdb.org/23775

Nodez index.php op Variable XSS

Nodez contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'op' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23776

Nodez index.php op Variable Traversal Local File Inclusion

Nodez contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the index.php script not properly sanitizing user input supplied to the 'op' variable. This may allow an attacker to include a file from the local system via traversal type calls (../../) that contains arbitrary commands which will be executed by the vulnerable script.

A remote attacker can inject custom PHP commands by including them in the Email field during new account registration.. Read more at osvdb.org/23774

Kerio MailServer IMAP Crafted LOGIN Command DoS

Kerio MailServer contains a flaw that may allow a remote denial of service. The issue is triggered when handling a malformed IMAP LOGIN command, and will result in loss of availability for the service.. Read more at osvdb.org/23772