Network Security News – Wednesday, May 10, 2006 Events
Golden FTP Server Pro Multiple Command Overflow DoS
Golden Server Pro contains a flaw that may allow a remote denial of service. The issue is triggered by sending an overly long NLST or APPE command which could overflow a buffer and crash the service, resulting in loss of availability.. Read more at osvdb.org/25217
Microsoft Windows Distributed Transaction Coordinator (DTC) BuildContextW Request DoS
Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when the Distributed Transaction Coordinator receives a single BuildContextW request where 'UuidString' or 'GuidIn' has a maximum character count of 0x7D0, and will result in loss of availability for the service.. Read more at osvdb.org/25336
MySQL Crafted COM_TABLE_DUMP Request Arbitrary Memory Disclosure
MySQL contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious client sends a specially crafted invalid login or COM_TABLE_DUMP packets, which will disclose arbitrary memory in error messages resulting in a loss of confidentiality.. Read more at osvdb.org/25228
NetBSD audio_write() Filter List Modification Local DoS
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user changes the sample rate of an audio device during playback, and will result in loss of availability for the platform.. Read more at osvdb.org/25086
XM Easy Personal FTP Server USER Command Remote Overflow
A remote overflow exists in XM Easy Personal FTP Server. The FTP server fails to properly sanitize an overly long 'USER' command resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/25277
XM Easy Personal FTP Server USER Command Server Log Format String
XM Easy Personal FTP Server contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the server log displays format string characters passed to the 'USER' command. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/25314
Kerio WinRoute Firewall Email Protocol Inspectors Unspecified DoS
Kerio Winroute Firewall contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted email is sent to the SMTP service or received via the POP3 service, and will result in loss of availability for the service.. Read more at osvdb.org/25273
Nessus NASL Processing split Function Remote Overflow DoS
Nessus NASL contains a flaw that may allow a remote denial of service. The issue is triggered when a rouge plugin is loaded by the Nessus server which contains a malicious 'split' function call, and will result in loss of availability for the platform.. Read more at osvdb.org/25084
PunBB misc.php redirect_url Variable XSS
PunBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'redirect_url' variable upon submission to the misc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25256
Cute Guestbook guestbook.php Multiple Variable XSS
Cute Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Name', 'Nick', and 'Comments' variables upon submission to the guestbook.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25281
Leave a Reply