Network Security News – Thursday, March 09, 2006 Events
Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion
Owl Intranet Engine contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'lib/OWL_API.php' not properly sanitizing user input supplied to the 'xrms_file_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23734
RevilloC MailServer USER Command Remote Overflow
A remote overflow exists in MailServer. The software fails to check the boundaries of input submitted to the POP3 'USER' command, resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution, resulting in a loss of integrity.. Read more at osvdb.org/23735
Leave a Reply