FTP Now sites.xml Local Password Disclosure

Network Security News – Tuesday, April 12, 2005 Events

FTP Now sites.xml Local Password Disclosure

FTP Now contains a flaw that may lead to an unauthorized information disclosure. The issue is due to plaintext storage of sensitive information in the "Program Files\FTP Now\sites.xml" configuration file, which will disclose the account name and password to local users resulting in a loss of confidentiality.. Read more at osvdb.org/15296

TowerBlog _dat/login Admin Credential Disclosure

TowerBlog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when malicious user requests the '_dat/login' file, which will disclose encrypted usernames and passwords resulting in a loss of confidentiality.. Read more at osvdb.org/15425

SuSE Linux SCSI Device Firmware Modification

The SuSE distributed Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when SCSI commands sent to CD devices that have been opened read-only are not properly validated, allowing for SCSI commands to be sent that overwrite the firmware of SCSI devices.. Read more at osvdb.org/15414

rsnapshot copy_symlink() Arbitrary File Ownership Modification

Rsnapshot contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to an error in the "copy_symlink()" function where file permissions for symlinks are incorrectly set on the original file. This flaw may allow an attacker to take ownership of arbitrary files by placing a malicious symlink in a directory being backed up, resulting in a loss of integrity.. Read more at osvdb.org/15420

Maxthon Browser Plug-in readFile / writeFile Traversal Arbitrary File Manipulation

Maxthon Browser contains a flaw that allows a remote attacker to read and
write from/to files outside of the plug-in's directory. The issue is due to the readFile() and writeFile() API functions not properly sanitizing user input, specifically traversal style attacks (../../), resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/15423

Maxthon Browser max.src Plug-in Security ID Generation File Manipulation

Maxthon Browser contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the max.src file, which contains the "security id" for a plugin, is included in a script on a web page. API funtions can be called using the "security id" retrieved, allowing an attacker to call functions that will read and write to local files, which results in a loss of confidentiality and integrity.. Read more at osvdb.org/15424

AqBanking Nondescript Security Issue

AqBanking contains a nondescript security flaw. No further details have been provided.. Read more at osvdb.org/15437

RadBids Gold index.php read Variable Traversal Arbitrary File Access

RadBids Gold contains a flaw that allows a remote attacker to access arbitray files outside of the web path. The issue is due to the index.phps cript not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'read' variable.. Read more at osvdb.org/15428

RadBids Gold faq.php farea Variable XSS

RadBids Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'farea' variable upon submission to the faq.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15430

ModernBill orderwiz.php Multiple Variable XSS

ModernBill contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'c_code' or 'aid' variables upon submission to the orderwiz.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15426

Multiple Debugger Vendor Malicious Code Execution Vulnerability

Multiple debugger vendors are reported prone to a malicious code execution vulnerability. This vulnerability is due to a failure of the affected applications to properly …

. Read more at securityfocus.com/bid/13104?ref=rss

Microsoft Windows Large Image Processing Remote Denial Of Service Vulnerability

Microsoft Windows is reported prone to a denial of service vulnerability. The issue is alleged to manifest when a standard JPEG or GIF image that is loaded from a HTML IM…

. Read more at securityfocus.com/bid/10913?ref=rss

Computer Associates BrightStor ARCserve Backup UniversalAgent Remote Buffer Overflow Vulnerability

Computer Associates BrightStor ARCserve/Enterprise Backup products provide backup and restore protection for Windows, NetWare, Linux and UNIX servers as well as Windows, …

. Read more at securityfocus.com/bid/13102?ref=rss