Network Security News – Monday, April 25, 2005 Events
xv Multiple Nondescript Decoder Input Validation Issues
XV contains multiple unspecified flaws that may allow a malicious user to execute arbitrary code. The issue is triggered by failure of the application to properly sanitize input prior to using it to carry out critical functions resulting in a loss of integrity.. Read more at osvdb.org/15677
eGroupWare index.php cats_app Variable SQL Injection
eGroupWare contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'cats_app' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15753
eGroupWare tts/index.php filter Variable SQL Injection
eGroupWare contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'filter' variable in the tts/index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15752
eGroupWare sitemgr-site/index.php category_id Variable XSS
eGropuWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the category_id variable upon submission to the sitemgr-site/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15751
eGroupWare wiki/index.php Multiple Variable XSS
eGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' or 'lang' variables upon submission to the wiki/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15750
bBlog index.php postid Variable SQL Injection
bBlog contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'postid' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15756
bBlog Blog Entry Title XSS
bBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the blog entry title upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15754
bBlog Blog/Comment Body XSS
bBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the blog/comment body text upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15755
eGroupWare index.php Multiple Variable XSS
eGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ab_id', 'page', or 'type' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15649
Neslo Desktop Rover Malformed TCP Packet DoS
Neslo Desktop Rover contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially-crafted malformed packet to TCP port 61427 resulting in a loss of availability of the application.. Read more at osvdb.org/15718
OpenSSL ASN.1 Parsing Vulnerabilities
Multiple vulnerabilities were reported in the ASN.1 parsing code in OpenSSL. OpenSSL does not directly implement ASN.1 but does use ASN.1 objects in X.509 certificates a…
. Read more at securityfocus.com/bid/8732?ref=rss
Leave a Reply