Network Security News – Saturday, March 19, 2005 Events
ApplyYourself i-Class ApplicantDecesion.asp Result Disclosure
ApplyYourself i-Class contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user creates a specially crafted URL and submits it to ApplicantDecision.asp with a 7-digit ID code as the id parameter. The applicants ID code can be found in the HTML code of their admission application stored as a hidden variable. This will disclose the admission results of the applicant before it should be publicly available resulting in a loss of confidentiality.. Read more at osvdb.org/14655
KDE Desktop Communication Protocol dcopserver Local DoS
KDE contains a flaw that may allow a local denial of service. The issue is due to an error in the authentication process in the DCOP (Desktop Communication Protocol) daemon (dcopserver), and will result in loss of availability for the service.. Read more at osvdb.org/14813
Linux Kernel Malformed PPP Packet Remote DoS
Kernel contains a flaw in drivers/net/ppp_async.c that may allow a remote denial of service. The issue is triggered when a remote user sends a specially crafted PPP packet, and will result in loss of availability for the platform. No further details have been provided.. Read more at osvdb.org/14810
OpenSLP Multiple Nondescript Overflows
OpenSLP contains multiple buffer overflows and out-of-bounds memory access flaws that may allow an attacker to remotely execute arbitrary code. No further details have been provided.. Read more at osvdb.org/14766
Auction Weaver auctionweaver.pl Multiple Parameter Arbitrary File/Directory Manipulation
Auction Weaver contains a flaw that allows a remote attacker to access arbitrary files and directories outside of the web path. The issue is due to the 'auctionweaver.pl' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'catdir' and 'fromfile' variables.. Read more at osvdb.org/4051
LimeWire magnet Request Handling Traversal Arbitrary File Access
LimeWire contains a flaw that allows a remote attacker to access arbitrary files. The application does not validate user-supplied input of 'magnet' requests, specifically traversal style attacks (../../) resulting in a loss of confidentiality.. Read more at osvdb.org/14857
LimeWire HTTP Request Handling Arbitrary File Access
LimeWire contains a flaw that may allow a remote attacker to access arbitrary files. The issue is triggered due to improper handling of HTTP requests. By issuing a specially crafted HTTP GET request a remote attacker could access arbitrary files resulting in a loss of confidentiality.. Read more at osvdb.org/14671
CyberGuard Type #2 Fragment Filter Bypass
CyberGuard contains a flaw that may allow a remote attacker to bypass filter settings. The problem is that the application does not properly filter type #2 fragments. It is possible that the flaw may allow a remote attacker to bypass filter settings resulting in a loss of integrity.. Read more at osvdb.org/14703
CyberGuard Installation Multiple File Weak Permission
CyberGuard contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that multiple files are installed with insecure permissions by default, which may allow a malicious user to gain access to unauthorized privileges and/or execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/14704
Icecast XSL Parser Multiple Vulnerabilities
Icecast is a freely available, open source streaming audio server. Icecast is available for the Unix, Linux, and Microsoft Windows platforms.Icecast is reported prone t…. Read more at securityfocus.com/bid/12849?ref=rss
RunCMS Database Configuration Information Disclosure Vulnerability
RunCMS is a Web based messaging system implemented in PHP.RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in t…. Read more at securityfocus.com/bid/12848?ref=rss
PHPOpenChat Multiple HTML Injection Vulnerabilities
PHPOpenChat is a PHP based chat server.PHPOpenChat is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the applicat…. Read more at securityfocus.com/bid/12841?ref=rss
Belkin 54G Wireless Router Multiple Vulnerabilities
The Belkin 54G (F5D7130) is a 4-Port Wireless access point/router for a home or small office.The Belkin 54G (F5D7130) appliance is reported prone to multiple remote vul…. Read more at securityfocus.com/bid/12846?ref=rss
Sun Java Web Start System Property Tags Remote Unauthorized Access Vulnerability
Java Web Start is a utility included in the Java Runtime Environment. It is implemented to facilitate remote deployment of Java applications, and is implemented by Web b…. Read more at securityfocus.com/bid/12847?ref=rss
PHP-Post Multiple Remote Input Validation Vulnerabilities
PHP-Post is a typical Web-based forum application implemented in PHP. It is freely available for all platforms that support PHP script interpreters.Multiple remote inp…. Read more at securityfocus.com/bid/12845?ref=rss
IceCast up to v2.20 multiple vulnerabilities
Sender: Patrick [patrickthomassen at gmail dot com]. Read more at securityfocus.com/archive/1/393705?ref=rss
RE: [phpbb <= 2.0.13 full path disclosure & directory listing]
Sender: Paul S dot Owen [paul0x01 at starstreak dot net]. Read more at securityfocus.com/archive/1/393704?ref=rss
Re: SAV9 Functionality Hole – misses virus files
Sender: [secure at symantec dot com]. Read more at securityfocus.com/archive/1/393702?ref=rss
possible SQL injection in Subdreamer
Sender: GHC team [foster at ghc dot ru]. Read more at securityfocus.com/archive/1/393651?ref=rss
Leave a Reply