Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

Microsoft Windows HKLM Registry Key Locking DoS

Network Security News – Friday, March 04, 2005 Events

Microsoft Windows HKLM Registry Key Locking DoS

Microsoft Windows contains a flaw that may allow a local and/or remote denial of service. The issue is triggered when making an overly large amount of connections to the 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion' registry key, and will result in loss of availability for the system.. Read more at osvdb.org/13330

Macallan Mail Solution Malformed URL MCPop3 Service Crash

Macallan Mail Solution contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted HTTP GET request which begins with a question mark character, and will result in loss of availability for the MCPop3 service.. Read more at osvdb.org/12675

Macallan Mail Solution Web Interface Malformed URL Authentication Bypass

Macallan Mail Solution contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when using a specially crafted HTTP request containing URL-encoded slash characters ('%2f') or a non-existent directory. It is possible that the flaw may allow a remote attacker to bypass authentication settings resulting in a loss of integrity.. Read more at osvdb.org/12674

MercuryBoard Avatar Parameter XSS

MercuryBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Avatar variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14307

MercuryBoard index.php f Parameter SQL Injection

MercuryBoard contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the f variable in the index.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/14308

phpMyAdmin database_interface.lib.php Local File Inclusion

phpMyAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to database_interface.lib.php not properly sanitizing user input supplied to the cfg[Server][extension] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14095

Forumwa search.php keyword variable XSS

Forumwa contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "keyword" variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14314

Forumwa Message Post Multiple Field XSS

Forumwa contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "subject" and "body" fields upon submission of a message. This could allow a user to create a specially crafted message that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/14315

Mozilla Browsers XPCOM Scrollbar Arbitrary Code Execution

Firefox contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when downloading a malformed HTML document that includes Firefox XPCOM code to perform actions that are triggered by scrollbar actions. It is possible that the flaw may allow writing to an arbitrary local file.. Read more at osvdb.org/14197

phpMyAdmin phpmyadmin.css.php Remote File Inclusion

phpMyAdmin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to phpmyadmin.css.php not properly sanitizing user input supplied to the GLOBALS[cfg][ThemePath] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14094

Mozilla Suite/Firefox HTTP Authentication Dialogs Tab Focus Vulnerability

Mozilla Suite and Mozilla Firefox are reported prone to a vulnerability that may result in the loss of authentication credentials. The vulnerability is reported to exist …. Read more at securityfocus.com/bid/12728?ref=rss

cURL / libcURL Kerberos Authentication Buffer Overflow Vulnerability

cURL is a utility for retrieving remote content from servers over a number of protocols. libcURL provides this functionality to applications, as a shared library.It ha…. Read more at securityfocus.com/bid/12616?ref=rss

cURL / libcURL NTLM Authentication Buffer Overflow Vulnerability

cURL is a utility for retrieving remote content from servers over a number of protocols. libcURL provides this functionality to applications, as a shared library.It ha…. Read more at securityfocus.com/bid/12615?ref=rss

Ca3DE Multiple Remote Vulnerabilities

Carsten's 3D Engine (Ca3DE)is a 3D game engine.Ca3DE is reported prone to multiple remote vulnerabilities. An attacker can exploit these issues to carry out format str…. Read more at securityfocus.com/bid/12727?ref=rss

Stadtaus.Com Download Center Lite Arbitrary Remote PHP File Include Vulnerability

Download Center Lite is freely available PHP script for Windows and various Unix and Linux systems.Download Center Lite is reportedly affected by an arbitrary remote PH…. Read more at securityfocus.com/bid/12726?ref=rss

XV File Name Handling Remote Format String Vulnerability

xv is an image manipulation utility for the X Window System. xv is reported prone to a remote format string vulnerability. This issue presents itself because the applic…. Read more at securityfocus.com/bid/12725?ref=rss

PHP Form Mail Script (2.3) – Arbitrary File Inclusion (VXSfx)

Sender: Filip Groszynski [groszynskif at gmail dot com]. Read more at securityfocus.com/archive/1/392271?ref=rss

Download Center Lite (DCL) – Arbitrary File Inclusion (VXSfx)

Sender: Filip Groszynski [groszynskif at gmail dot com]. Read more at securityfocus.com/archive/1/392256?ref=rss

Re: TYPO3 SQL Injection vunerabilitie

Sender: Michael Shigorin [mike at osdn dot org dot ua]. Read more at securityfocus.com/archive/1/392270?ref=rss

Re: GIMP gifload.exe GIF file (image width)*(image height)==0 DOS vulnerability

Sender: Frank Denis (Jedi/Sector One) [j at c9x dot org]. Read more at securityfocus.com/archive/1/392257?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *