IRIX init Page Validation Issue Local DoS

Network Security News – Thursday, April 20, 2006 Events

IRIX init Page Validation Issue Local DoS

IRIX contains a flaw that may allow a local denial of service. The issue is triggered when page invalidation issues occur, and will result in loss of availability for the platform.. Read more at osvdb.org/7124

IRIX mapelf32exec Function Local DoS

IRIX contains a flaw that may allow a local denial of service. The issue is triggered when a mapelf32exec() call is made on a malicious binary, and will result in loss of availability for the platform.. Read more at osvdb.org/7123

Mac OS X FileVault User Directory Mount Issue

Mac OS X contains an unspecified flaw related to FileVault that allows user directories to be mounted in an unsafe fashion. No further details have been provided.. Read more at osvdb.org/23642

Mac OS X IPSec VPN Error Condition Unspecified DoS

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when unspecified IPSEC error conditions are handled incorrectly, and will result in loss of availability for the service.. Read more at osvdb.org/23643

Mac OS X LibSystem Memory Request Overflow

A local overflow exists in Mac OS X. LibSystem fails to validate requests for large amounts of memory resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23644

Mac OS X Mail File Extension Spoofing Download Validation Bypass

Mac OS X contains a flaw that may allow a malicious user to bypass file validation in Mail. The issue is triggered when unspecified techniques are used to mask a file's true type from Download Validation. It is possible that the flaw may allow a malicious file to bypass validation resulting in a loss of integrity.. Read more at osvdb.org/23645

Mac OS X passwd Database Option Arbitrary File Creation

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the passwd command is used with the option to specify a database to operate on. The passwd command does not verify that the user has permission to create the specified file before proceeding, and may lead to a loss of integrity.. Read more at osvdb.org/23646

Visale pblscg.cgi catsubno Variable XSS

Visale contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'catsubno' variable upon submission to the pblscg.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24717

Visale pblsmb.cgi listno Variable XSS

Visale contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'listno' variable upon submission to the pblsmb.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24718

Visale pbpgst.cgi keyval Variable XSS

Visale contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyval' variable upon submission to the pbpgst.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24716

Vuln: Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability

Multiple Vendor AMD CPU Local FPU Information Disclosure Vulnerability. Read more at securityfocus.com/bid/17600

Vuln: ActualScripts ActualAnalyzer Direct.PHP Remote File Include Vulnerability

ActualScripts ActualAnalyzer Direct.PHP Remote File Include Vulnerability. Read more at securityfocus.com/bid/17597

Vuln: Dubelu PHPGuestbook HTML Injection Vulnerability

Dubelu PHPGuestbook HTML Injection Vulnerability

. Read more at securityfocus.com/bid/17594

Vuln: Cisco IOS XR MPLS Denial of Service Vulnerability

Cisco IOS XR MPLS Denial of Service Vulnerability. Read more at securityfocus.com/bid/17607

RE: redirection vuln crawlers breed & security through obscurity

RE: redirection vuln crawlers breed & security through obscurity. Read more at securityfocus.com/archive/1/431406

WWWThread RC 3 MultBugs

WWWThread RC 3 MultBugs

. Read more at securityfocus.com/archive/1/431400

ASPSitem <= 1.83 Remote SQL Injection Vulnerability

ASPSitem <= 1.83 Remote SQL Injection Vulnerability. Read more at securityfocus.com/archive/1/431469

EasyGallery Cross-Site Scripting

EasyGallery Cross-Site Scripting. Read more at securityfocus.com/archive/1/431430