Network Security News – Thursday, April 14, 2005 Events
Microsoft Windows Font Processing Local Privilege Escalation
A local overflow exists in Windows. The kernel fails to validate certain kinds of fonts resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to execute with kernel privileges resulting in a loss of integrity.. Read more at osvdb.org/15459
Pinnacle Cart index.php pg Variable XSS
Pinnacle Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'pg' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15485
portupgrade pkg_fetch Symlink Privilege Escalation
portupgrade contains a flaw that may allow a malicious local user to overwrite, create and manipulate arbitrary files on the system with the permissions of the user running portupgrade. The issue is due to the 'pkg_fetch' download packages creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/15477
Red Hat Linux 4GB Split Patch access check Regression Error Local DoS
RedHat Linux contains a flaw that may allow a local denial of service. The issue is due to a missing access check, due to a regression error in the RedHat Linux 4 kernel 4GB/4GB split patch, and will result in loss of availability for the platform.. Read more at osvdb.org/15417
Linux Kernel jfs File System Driver Race Condition DoS
The Linux kernel contains a flaw related to the jfs file system driver that may allow race condition resulting in a kernel crash & denial of service. No further details have been provided aside from this can only happen under "unusual" conditions.. Read more at osvdb.org/15490
Sun Java JDK/SDK Jar Arbitrary File Overwrite
The Jar utility provided with Java's JDK/SDK allows the extraction of files with names that traverse the directory structure of host system. This could be used to create a malicious Jar that will overwrite arbitrary files on the host system when it is extracted.. Read more at osvdb.org/15435
Lotus Domino htcgibin.exe MS-DOS Device Name Request Path Disclosure
Lotus Domino contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a specially-crafted MS-DOS Device name request, which will disclose physical path information resulting in a loss of confidentiality.. Read more at osvdb.org/15455
Morpheus ChatServers.ini Chat Credential Local Disclosure
Morpheus contains a flaw that may lead to an unauthorized information disclosure. Өe issue is due to user credentials being stored in clear text within the ChatServers.ini file, which will disclose usernames and passwords to local users resulting in a loss of confidentiality.. Read more at osvdb.org/15393
Wordit Logbook logbook.pl file Parameter Arbitrary Command Execution
Wordit contains a flaw that may allow an attacker to execute arbitrary commands. The issue is due to the "file" variable in the "logbook.pl" script not being properly sanitized and may allow an attacker to inject or manipulate commands.. Read more at osvdb.org/15392
Microsoft MSN Messenger Malformed GIF Code Execution
A remote code execution flaw exists in MSN Messenger. The program fails to validate GIF image height and width information. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15468
S9Y Serentdipity Exit.PHP SQL injection Vulnerability
Serendipity is a web log application that is written in PHP.Serendipity is affected by an SQL injection vulnerability. This issue is due to a failure in the applicatio…
. Read more at securityfocus.com/bid/13161?ref=rss
CPIO CHMod File Permission Modification Race Condition Weakness
cpio is an open-source file compression/decompression utility for Unix and Linux variants.cpio is prone to a security weakness. The issue is only present when an archiv…
. Read more at securityfocus.com/bid/13159?ref=rss
OpenOffice Malformed Document Remote Heap Overflow Vulnerability
OpenOffice is an open source office software package distributed and maintained by the OpenOffice project. It is available for Unix, Linux, and Microsoft Windows operatin…
. Read more at securityfocus.com/bid/13092?ref=rss
PHPBB Photo Album Module Album_Comment.PHP Cross-Site Scripting Vulnerability
Photo Album is a module for the popular phpBB bulletin board system.Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in …
. Read more at securityfocus.com/bid/13158?ref=rss
PHPBB Photo Album Module Album_Cat.PHP Cross-Site Scripting Vulnerability
Photo Album is a module for the popular phpBB bulletin board system.Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in …
. Read more at securityfocus.com/bid/13157?ref=rss
IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability
IBM iSeries AS400 computers are reported prone to a remote information disclosure vulnerability. The issue exists in the POP3 service that is installed and runs by defaul…
. Read more at securityfocus.com/bid/13156?ref=rss
Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.
Sender: dcrab [dcrab at hackerscenter dot com]
. Read more at securityfocus.com/archive/1/395720?ref=rss
LG U8120 Mobile Phone Denial of Service
Sender: Luca Ercoli [io at lucaercoli dot it]
. Read more at securityfocus.com/archive/1/395714?ref=rss
NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities
Sender: Bahaa Naamneh [b_naamneh at hotmail dot com]
. Read more at securityfocus.com/archive/1/395705?ref=rss
IBM WebSphere Widespread configuration JSP disclosure
Sender: SPI Labs [spilabs at spidynamics dot com]
. Read more at securityfocus.com/archive/1/395701?ref=rss
Leave a Reply