Network Security News – Friday, April 28, 2006 Events
Linux Kernel mprotect() Function Memory Permission Bypass
The Linux Kernel contains a flaw that may allow a malicious user to gain elevated access privileges to shared memory. The issue is triggered because a 'mprotect()' call can be used to set write access to a shared memory segment that was attached read-only, even when IPC would not give permission to do so. It is possible that the flaw may allow an attacker to gain write access to shared memory, resulting in a loss of integrity.. Read more at osvdb.org/24714
IntelliLink Pro edit.cgi Multiple Variable XSS
Intellilink Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id', 'forgotid' and 'forgotpass' variables upon submission to the 'edit.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24733
IntelliLink Pro addlink_lwp.cgi url Variable XSS
Intellilink Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the 'addlink_lwp.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24732
CommuniMail templates.cgi form_id Variable XSS
CommuniMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'form_id' variable upon submission to the 'templates.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24736
CommuniMail mailadmin.cgi list_id Variable XSS
CommuniMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list_id' variable upon submission to the 'mailadmin.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24735
Thumbnail AutoIndex Unspecified include() Issue
Thumbnail AutoIndex contains a flaw that may allow an attacker to execute arbitrary PHP code on the server. The application makes use of the 'include' function to include the 'README.html' and 'HEADER.html'. This may become an issue for a provider that offers the application as a service but disallows users to create their own PHP scripts. The flaw will allow such a user to include PHP code in one of the files mentioned above, potentially causing a loss of integrity.. Read more at osvdb.org/24873
phpWebFTP index.php port Variable XSS
phpWebFTP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'port' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24975
Beagle External Helper Commandline Argument Injection
Beagle contains a flaw that may allow a malicious user to pass argbitrary arguments to helper applications. The issue is triggered when Beagle, during its indexing process, launches helper applications. It is possible that the flaw may allow arbitrary code exection, resulting in a loss of integrity.. Read more at osvdb.org/24938
AngelineCMS loadkernel.php installPath Variable Remote File Inclusion
AngelineCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to loadkernel.php not properly sanitizing user input supplied to the 'installPath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/24610
3Com Baseline Switch 2848-SFP Crafted DHCP Packet Remote DoS
3Com Baseline Switch 2848-SFP contains a flaw that may allow a remote denial of service. The issue is triggered when the switch receives a DHCP packet that exceeds 342 bytes in length, and will result in loss of availability for the platform.. Read more at osvdb.org/24942
Vuln: Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities
Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities. Read more at securityfocus.com/bid/16476
Vuln: Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities
Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities. Read more at securityfocus.com/bid/17516
Vuln: Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability
Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability
. Read more at securityfocus.com/bid/17720
Leave a Reply