IBM WebSphere Application Server URL Unspecified Script Execution

Network Security News – Friday, May 12, 2006 Events

IBM WebSphere Application Server URL Unspecified Script Execution

WebSphere Application Server contains a flaw that allows a remote script execution attack. This flaw exists because the software does not validate all script tags passed as part of an URL. This could allow a user to create a specially crafted URL that would execute scripting code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25369

IBM WebSphere Application Server Welcome Page Security Bypass

WebSphere Application Server contains a flaw that may lead to unauthorized access. The issue is triggered when a context is secured using a '/*' directive. Direct access to a context's index page using its file name is covered by an authentication process, whereas a request to the directory itself is not covered. This will disclose the index page without authenticatoin, resulting in a loss of confidentiality.. Read more at osvdb.org/25368

Linux Kernel binfmt_elf.c Malformed elf Entry Address Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because the code in binfmt_elf.c fails to properly validate the entry address of ELF executables. With a crafted ELF binary, the kernel can be forced to enter an inifite loop, which will result in loss of availability for the platform.

Note that the issue is only present on non-AMD x86_64 systems.. Read more at osvdb.org/23607

SaphpLesson search.php Find Variable SQL Injection

SaphpLesson contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'Find' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25362

SaphpLesson show.php hrow Variable Path Disclosure

SaphpLesson contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker defines the 'hrow' variable in the show.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/25364

SaphpLesson showcat.php Lsnrow Variable Path Disclosure

SaphpLesson contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker defines the 'Lsnrow' variable in the showcat.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/25365

SaphpLesson misc.php Multiple Variable SQL Injection

SaphpLesson contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the misc.php script not properly sanitizing user-supplied input to the "LID" and "Rate" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25363

SaphpLesson index.php Multiple Variable Path Disclosure

SaphpLesson contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker defines the 'rows' or 'hrow' variables in the index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/25366

Microsoft Office mailto: Arbitrary File Access

Microsoft Office contains a flaw that may allow a remote attacker to access arbitrary files. The issue is due to Microsoft Outlook not properly sanitizing the value of the 'mailto' URI handler. This may allow an attacker to automatically attach an arbitrary file to an e-mail by tricking a user into following a specially crafted link with the "mailto:" URI handler from a malicious web site.. Read more at osvdb.org/25003

Linux Kernel __keyring_search_one() Function Local DoS

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered in the kernel's key retention facility. When an attempt is made to add a key to a keyring that is not actually a keyring structure, the '__keyring_search_one()' function fails to detect that issue and kernel 'oops' occurs, which will result in loss of availability for the platform.. Read more at osvdb.org/24507