IRIX netprint PATH Subversion Privilege Escalation

Network Security News – Friday, March 03, 2006 Events

IRIX netprint PATH Subversion Privilege Escalation

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the netprint program calls the disable command via a system() call without supplying an absolute path. The PATH environment variable for finding and executing the disable program can be trivially modified by a malicious user. This flaw may lead to a loss of integrity.. Read more at osvdb.org/993

StoreBot 2002 Standard Edition manage.asp ShipMethod Variable XSS

StoreBot contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ShipMethod' variable upon submission to the manage.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23574

StoreBot 2005 Professional Edition MgrLogin.asp Pwd Variable SQL Injection

StoreBot contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the MgrLogin.asp script not properly sanitizing user-supplied input to the 'Pwd' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23575

Parodia agencyprofile.asp AG_ID Variable XSS

Parodia contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'AG_ID' variable upon submission to the agencyprofile.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23548

iGENUS Webmail config_inc.php SG_HOME Variable Local File Inclusion

iGENUS Webmail contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the config_inc.php script not properly sanitizing user input supplied to the 'SG_HOME' variable. This may allow an attacker to include or read arbitrary local files.. Read more at osvdb.org/23530

Lighttpd Crafted Filename Request Script Source Disclosure

Lighttpd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a URL request for a known .php file with "dot" and "space" characters appended to the file extension, which will disclose the requested file's source code resulting in a loss of confidentiality.. Read more at osvdb.org/23542

M4 Project enigma-suite Windows Client Default Account

By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.. Read more at osvdb.org/23572

TOPo inc_header.php gTopNombre Variable XSS

TOPo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'gTopNombre' variable upon submission to the inc_header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23541

PHP imap_open() Function Restriction Bypass

PHP contains a flaw that may allow a malicious local user to view arbitrary files and create or modify existing files with the same level of privelege as the web server. The issue is triggered when a script misuses the imap_open() function. It is possible that the flaw may allow reading arbitrary files or creating, renaming, or deleting existing files resulting in a loss of confidentiality or integrity.. Read more at osvdb.org/23535

PHP mb_send_mail() Function Parameter Restriction Bypass

PHP contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when sendmail paramaters are passed as arguments to the PHP mb_send_mail function. This flaw may lead to a loss of confidentiality or integrity.. Read more at osvdb.org/23534

Vuln: Apple Mac OS X Directory Services Passwd Privilege Escalation Vulnerabilities

Apple Mac OS X Directory Services Passwd Privilege Escalation Vulnerabilities. Read more at securityfocus.com/bid/16910

Vuln: ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability

ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/14759

Vuln: Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities

Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities

. Read more at securityfocus.com/bid/16907

Vuln: Bugzilla Whinedays SQL Injection Vulnerability

Bugzilla Whinedays SQL Injection Vulnerability. Read more at securityfocus.com/bid/16738

iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability

iDefense Security Advisory 03.02.06: Apple MacOS X BOMArchiveHelper Directory Traversal Vulnerability. Read more at securityfocus.com/archive/1/426586

[ MDKSA-2006:052 ] – Updated mozilla-thunderbird packages fix vulnerability

[ MDKSA-2006:052 ] – Updated mozilla-thunderbird packages fix vulnerability

. Read more at securityfocus.com/archive/1/426585

[eVuln] E-Blah Platinum ‘Referer’ XSS Vulnerability

[eVuln] E-Blah Platinum ‘Referer’ XSS Vulnerability. Read more at securityfocus.com/archive/1/426582

ProtoVer Sample IMAP testsuite release

ProtoVer Sample IMAP testsuite release. Read more at securityfocus.com/archive/1/426580