Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service

Network Security News – Saturday, April 16, 2005 Events

Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service Vulnerabilities

Multiple local privilege escalation and denial of service vulnerabilities affect Apple Mac OS X. These issues are due to insecure copying of user-supplied data into fini…

. Read more at securityfocus.com/bid/13203?ref=rss

Apple Safari Remote Local Zone Script Execution Vulnerability

Apple Safari is a tabbed browser application developed by Apple Computers. It is designed to be run on Apple Mac OS X platforms.A remote local zone script execution vu…

. Read more at securityfocus.com/bid/13202?ref=rss

PHP-Nuke Surveys Module HTTP Response Splitting Vulnerability

PHP-Nuke is a freeware content management system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.PHP-Nuke is p…

. Read more at securityfocus.com/bid/13201?ref=rss

DameWare NT Utilities Authentication Credentials Persistence Weakness

A problem with DameWare NT Utilities may allow the recovery of sensitive information.DameWare NT Utilities does not safely handle authentication credential information….

. Read more at securityfocus.com/bid/13200?ref=rss

DameWare Mini Remote Control Authentication Credentials Persistence Weakness

A problem with DameWare Mini Remote Control may allow the recovery of sensitive information.DameWare Mini Remote Control does not safely handle authentication credentia…

. Read more at securityfocus.com/bid/13199?ref=rss

IBM WebSphere Application Server Web Server Root JSP Source Code Disclosure Vulnerability

A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handl…

. Read more at securityfocus.com/bid/13160?ref=rss

Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below

Sender: dcrab [dcrab at hackerscenter dot com]

. Read more at securityfocus.com/archive/1/396000?ref=rss

Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below

Sender: JeiAr [security at gulftech dot org]

. Read more at securityfocus.com/archive/1/396017?ref=rss

Mafia Blog

Sender: Francisco Alisson [dominusvis at click21 dot com dot br]

. Read more at securityfocus.com/archive/1/395995?ref=rss

Vulnerabilities in sphpblog

Sender: echo staff [y3dips at echo dot or dot id]

. Read more at securityfocus.com/archive/1/395994?ref=rss

AzDGDatingPlatinum view.php id Variable XSS

AzDGDatingPlatinum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the view.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15526

AzDGDatingPlatinum index.php from Variable SQL Injection

AzDGDatingPlatinum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'from' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15525

AzDGDatingPlatinum view.php id Variable SQL Injection

AzDGDatingPlatinum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the view.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15524

OneWorldStore owProductDetail.asp Multiple Field XSS

OneWorldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Name', 'Email' or 'Comment' fields upon submission to the owProductDetail.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15523

OneWorldStore owListProduct.asp bSub Variable XSS

OneWOrldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bSub' variable upon submission to the owListProduct.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15522

OneWorldStore owContactUs.asp sEmail Variable XSS

OneWorldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sEmail' variable upon submission to the owContactus.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15521

OneWorldStore owProductDetail.asp idproduct Variable SQL Injection

OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'idproduct' variable in the owProductDetail.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15520

OneWorldStore owListProduct.asp Multiple Variable SQL Injection

OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'bSpecials' and 'idCategory' variables in the owListProduct.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15519

OneWorldStore owAddItem.asp idProduct Variable SQL Injection

OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'idProduct' variable in the owAddItem.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15518

Microsoft IE External Caching Security Failure Arbitrary File Access

Internet Explorer contains a flaw that may allow a malicious user to access arbitrary files. The issue is due to incomplete security checks on IE external caching, which allows remote attackers to access files on a user's system, resulting in a loss of confidentiality.. Read more at osvdb.org/15224