Network Security News – Sunday, April 24, 2005 Events
netMailshar Webmail Service Traversal Arbitrary File Access
netMailshar Professional contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the application web server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI variable.. Read more at osvdb.org/15722
netMailshar Webmail Service Error Message Username Enumeration
netMailshar Professional Edition contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker attempts to log into the system and receives varying error messages with each username attempt, disclosing whether the username is valid or not, resulting in a loss of confidentiality.. Read more at osvdb.org/15723
cpio Race Condition Arbitrary File Permission Modification
cpio contains a flaw that may allow a malicious user to modify permissions of arbitrary files. The issue is triggered via a hard link attack on a file while it is being decompressed. It is possible that the flaw may allow arbitrary file permission modification resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/15725
BIG-IP Configuration Utility Cached Login Credential Authentication Bypass
BIG-IP contains a flaw that may allow a malicious user to bypass authenitication procedures. The issue is triggered when the configuration utility caches login credentials and does not check the entered password on subsequent sessions. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.. Read more at osvdb.org/15714
PortalApp content.asp contenttype Variable XSS
PortalApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'contenttype' variable upon submission to the content.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15743
Apache Log Entry Terminal Escape Sequence Injection
Apache HTTP Server contains a flaw that may allow a malicious user to inject terminal escape sequences into Apache's error log. The issue is triggered when Apache fails to strip the escape sequences. If an administrator views the log files using certain terminal applications it may execute the escape sequences with the privileges of the administrator.. Read more at osvdb.org/4382
RealPlayer RAM File Processing Overflow
A remote overflow exists in RealPlayer. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted RAM file containing an overly long hostname, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15710
Red Hat Linux Itanium unw_unwind_to_user Function Local DoS
Red Hat Linux for Itanium contains a flaw that may allow a local denial of service. The issue is triggered by a flaw in unw_unwind_to_user function, and will result in loss of availability for the platform.. Read more at osvdb.org/15728
xv TIFF Decoder Format String
XV contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by a format string error in the TIFF decoder. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15679
Serendipity exit.php Multiple Variable SQL Injection
Serendipity contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the $_GET['url_id'] or
$_GET['entry_id'] variables in the exit.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15542
ACS Blog Administrative Access Authentication Bypass Vulnerability
ACS Blog is Web blog software implemented in ASP.ACS Blog is vulnerable to an authentication bypass vulnerability. This issue is due to a design flaw whereby remote adm…
. Read more at securityfocus.com/bid/13346?ref=rss
PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability
PixySoft E-Cart is an e-comerce plug-in for WebAPP. It is written in Perl and is freely available for UNIX, Linux and Microsoft Windows platforms. PixySoft E-Cart is pr…
. Read more at securityfocus.com/bid/13321?ref=rss
PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability
phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …
. Read more at securityfocus.com/bid/13345?ref=rss
PHPBB Profile.PHP Cross-Site Scripting Vulnerability
phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …
. Read more at securityfocus.com/bid/13344?ref=rss
Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of Service Vulnerabilities
Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial of service attacks.ICMP is employed by network n…
. Read more at securityfocus.com/bid/13124?ref=rss
CartWIZ SearchResults.ASP Name Argument Cross-Site Scripting Vulnerability
CartWIZ is a Web-based shopping cart application implemented in ASP.CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the app…
. Read more at securityfocus.com/bid/13343?ref=rss
Multiple Sql injection and XSS in CartWIZ ASP Cart
Sender: dcrab [dcrab at hackerscenter dot com]
. Read more at securityfocus.com/archive/1/396749?ref=rss
-==phpBB 2.0.14 Multiple Vulnerabilities==
Sender: HaCkZaTaN [hck_zatan at hotmail dot com]
. Read more at securityfocus.com/archive/1/396744?ref=rss
Local file detection found through Adobe Reader ActiveX control
Sender: Hyperdose Security [robfly at hyperdose dot com]
. Read more at securityfocus.com/archive/1/396747?ref=rss
E-Cart v1.1 Remote Command Execution
Sender: Nicolas Montoza [xonico at gmail dot com]
. Read more at securityfocus.com/archive/1/396748?ref=rss
Leave a Reply