Network Security News – Saturday, March 05, 2005 Events
phpBB Attachment Mod mod_mime Arbitrary File Upload
phpBB Attachment Mod contains a flaw that may allow a malicious user to execute arbitrary code under the web server account. The issue is triggered when an attacker is able to upload a file with a double extension (e.g., file.php.rar). It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/12333
phpBB Attachment Mod Directory Traversal Arbitrary File Access
phpBB Attachment Mod contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to Attachment Mod not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "attachment_list[]" and "filename_list[]" variables.. Read more at osvdb.org/12332
phpMyAdmin sqlvalidator.lib.php Path Disclosure
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. ޔhe issue is triggered when a remote attacker directly requests the sqlvalidator.lib.php script, which will disclose the software installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14374
Microsoft Windows Drive Restriction Group Policy Bypass
Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using the browse feature in Microsoft Office applications or using a flash drive, which will disclose restricted drive contents resulting in a loss of confidentiality.. Read more at osvdb.org/14182
Woltlab Burning Board session.php Multiple Parameter SQL Injection
Woltlab contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the wbb_userid and lastvisit variables in the session.php module are not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/14356
phpMyAdmin ufpdf.php Path Disclosure
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. ޔhe issue is triggered when a remote attacker directly requests the ufpdf.php script, which will disclose the software installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14385
phpMyAdmin relation_cleanup.lib.php Path Disclosure
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. ޔhe issue is triggered when a remote attacker directly requests the relation_cleanup.lib.php script, which will disclose the software installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14378
phpMyAdmin charset_conversion.lib.php Path Disclosure
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. ޔhe issue is triggered when a remote attacker requests the charset_conversion.lib.php script with improper arguments, which will disclose the software installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14384
phpMyAdmin header_meta_style.inc.php Path Disclosure
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. ޔhe issue is triggered when a remote attacker directly requests the header_meta_style.inc.php script, which will disclose the software installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14379
phpMyAdmin mysqli.dbi.lib.php Path Disclosure
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. ޔhe issue is triggered when a remote attacker directly requests the mysqli.dbi.lib.php script, which will disclose the software installation path resulting in a loss of confidentiality.. Read more at osvdb.org/14386
PHPBB Authentication Bypass Vulnerability
phpBB is an open-source Web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …. Read more at securityfocus.com/bid/12678?ref=rss
Gaim Multiple Remote Denial of Service Vulnerabilities
Gaim is an instant messaging client that supports numerous protocols. It is available for the Unix and Linux platforms. Gaim is prone to multiple remote denial of servi…. Read more at securityfocus.com/bid/12589?ref=rss
Gaim Remote Denial of Service Vulnerability
Gaim is an instant messaging client that supports numerous protocols. It is available for the Unix and Linux platforms.Gaim is affected by a remote denial of service vu…. Read more at securityfocus.com/bid/12660?ref=rss
libTIFF Heap Corruption Integer Overflow Vulnerabilities
LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is freely available for Unix and Unix like operating s…. Read more at securityfocus.com/bid/12075?ref=rss
LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerability
LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is freely available for Unix and Unix like operating s…. Read more at securityfocus.com/bid/12173?ref=rss
LibTIFF Multiple Buffer Overflow Vulnerabilities
LibTIFF is a library designed to facilitate the reading and manipulation of Tag Image File Format (TIFF) files. It is freely available for Unix and Unix like operating s…. Read more at securityfocus.com/bid/11406?ref=rss
Bypass of 22 Antivirus software with GDI+ bug exploit Mutations – part 2
Sender: Andrey Bayora [andrey at hiddenbit dot org]. Read more at securityfocus.com/archive/1/392325?ref=rss
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED
Sender: Wesley aka PPC [ppc at respected dot as]. Read more at securityfocus.com/archive/1/392326?ref=rss
LOOKNMEET HTML INJECT EXPLOIT
Sender: Wesley aka PPC [ppc at respected dot as]. Read more at securityfocus.com/archive/1/392327?ref=rss
Leave a Reply