Network Security News – Friday, May 13, 2005 Events
Ce/Ceterm Multiple Local Overflows
Multiple local overflows exist in Arpus/Ce. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing either an overly long 'XAPPLRESLANGPATH' or 'XAPPLRESDIR' environment variable, or command line argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16438
Gossamer Threads Links SQL user.cgi url Variable XSS
Gossamer Threads Links SQL contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the user.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16189
Bugzilla URI Web Log Password Disclosure
Bugzilla contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when the user is prompted to log in while attempting to view a chart. The user's password can be embedded as part of a report URL, and thus visible in the web server logs, which may lead to a loss of confidentiality.. Read more at osvdb.org/16427
Bugzilla Product Name Enumeration
Bugzilla contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user correctly guesses the name of a product that should be invisible to them. When this occurs, the user will be informed that they do not have access to the product, which will disclose that it exists, resulting in a loss of confidentiality.. Read more at osvdb.org/16425
Bugzilla Closed State Product Bug Entry Creation
Bugzilla contains a flaw that may lead to an unauthorized information modification. The issue is triggered when a user correctly guesses the name of a product that should be invisible to them. When this occurs, the user will be able to enter bugs into products that are closed for the bug entry resulting in a loss of integrity.. Read more at osvdb.org/16426
Apache Socket Race Condition DoS
Apache contains a flaw that may allow a remote denial of service. In a multiple listening socket environment, the issue is triggered when a malicious user makes a connection to a rarely used socket. This prevents new connections, resulting in loss of availability for the service.. Read more at osvdb.org/4383
HP OpenView Event Correlation Services Multiple Nondescript Issues
Openview contains multiple flaws related to the Event Correlation Service that may allow an attacker to perform a denial of service or execute arbitrary code. No further details have been provided.. Read more at osvdb.org/16303
Gaim Malformed MSN Message Remote DoS
Gaim contains a flaw that may allow a remote denial of service. The issue is triggered when a client sends an SLP message with an empty body, and will result in loss of availability for the application.. Read more at osvdb.org/16348
QuickTime Quartz Composer Information Disclosure
QuickTime in Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is due to Quartz Composer files (*.qtz) created with the Quartz Composer application being used as a screen saver or QuickTime movie. Compositions created with an advanced set of tools (called patches) can be embedded within the file to trigger the issue. By combining patches that provide advanced system information with patches that load information from the Internet, it is possible for a remote attacker to create a malicious *.qtz or *.mov file, which would disclose sensitive information to a malicious server once the victim views the file (e.g. in a web browser with the QuickTime plugin).. Read more at osvdb.org/16376
ASP Virtual News Manager admin_login.asp password Variable SQL Injection
ASP Virtual News Manager contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the password variable in the admin_login.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16397
Acrowave AAP-3100AR Wireless Router Authentication Bypass Vulnerability
Acrowave AAP-3100AR wireless routers are both 802.11b wireless access points and ADSL routers.Acrowave AAP-3100AR routers are susceptible to an authentication bypass vu…. Read more at securityfocus.com/bid/13613?ref=rss
Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability
Apache is a freely available, open source web server software package. It is distributed and maintained by the Apache Group.A buffer overflow vulnerability exists in th…. Read more at securityfocus.com/bid/13537?ref=rss
1Two News Multiple HTML Injection Vulnerabilities
1Two News is Web based system for monitoring and commenting on news items. It is implemented in PHP.1Two News is prone to multiple HTML injection vulnerabilities. The…. Read more at securityfocus.com/bid/13612?ref=rss
Ibas ExpertEraser Improper Disk Wipe Vulnerability
ExpertEraser is a disk eraser application. ExpertEraser is reported prone to a vulnerability that causes the application to improperly wipe a hard disk. Reportedly,…
. Read more at securityfocus.com/bid/13611?ref=rss
Bug Report Multiple HTML Injection Vulnerabilities
Eric Fichot Bug Report is a Web based bug reporting tool implemented in PHP.Eric Fichot Bug Report is prone to multiple HTML injection vulnerabilities. These issues ar…. Read more at securityfocus.com/bid/13610?ref=rss
DirectTopics Topic.PHP SQL Injection Vulnerability
DirectTopics is Web based forum software utilizing a MySQL backend and is implemented in PHP.DirectTopics is prone to an SQL injection vulnerability. This issue is due…. Read more at securityfocus.com/bid/13608?ref=rss
htdigest exploit code [bid 13537]
Sender: K sPecial [kspecial at linuxmail dot org]
. Read more at securityfocus.com/archive/1/398078?ref=rss
Directtopics Multiple Vulnerabilities (Security Advisory)
Sender: Morinex Eneco [m0r1n3x at gmail dot com]. Read more at securityfocus.com/archive/1/398059?ref=rss
Acrowave AAP-3100AR authetication bypass
Sender: Martin Tornwall [martin dot tornwall at telia dot com]. Read more at securityfocus.com/archive/1/398060?ref=rss
[USN-125-1] Gaim vulnerabilities
Sender: Martin Pitt [martin dot pitt at canonical dot com]
. Read more at securityfocus.com/archive/1/398079?ref=rss
Leave a Reply