Claroline postnuke.inc.php includePath Variable Remote File Inclusion

Network Security News – Saturday, May 13, 2006 Events

Claroline postnuke.inc.php includePath Variable Remote File Inclusion

Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/postnuke.inc.php not properly sanitizing user input supplied to the 'includePath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25327

IBM WebSphere Application Server HTTP Request Handlers Unspecified Exposure

IBM WebSphere Application Server contains a flaw related to its HTTP Request handlers that may allow an unspecified 'security/integrity exposure'. No further details have been provided.. Read more at osvdb.org/25373

IBM WebSphere Application Server addNode.log Cleartext Credential Disclosure

IBM WebSphere Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is present because the 'addNode.log' may contain credentials in cleartext, resulting in a loss of confidentiality. No further information has been provided.. Read more at osvdb.org/25372

IBM WebSphere Application Server Administrative Console Unspecified Issue

IBM WebSphere Application Server contains a flaw related to the Administrative Console. No further details have been provided.. Read more at osvdb.org/25370

IBM WebSphere Application Server on Solaris Corrupt Token Authentication Bypass

IBM WebSphere Application Server on Solaris contains a flaw related to the handling of tokens that may allow an attacker to gain unauthorised access using a corrupt token, resulting in a loss of integrity. No further details have been provided.. Read more at osvdb.org/25375

IBM WebSphere Application Server SOAP Port Unspecified Issue

IBM WebSphere Application Server contains a flaw related to the service's SOAP port. No further details have been provided.. Read more at osvdb.org/25371

Linux Kernel die_if_kernel() Function Unspecified Return Issue

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because the 'die_if_kernel()' function is labeled with the 'noreturn' attribute. On Intel ia64 systems, this can lead to a kernel panic when user faults are caused, which will result in loss of availability for the platform.. Read more at osvdb.org/23660