Network Security News – Tuesday, May 17, 2005 Events
Bug Report bug_report.php Multiple Field XSS
Bug Report contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied "name", "sujet", "commentaires", "os", "navig" and "url" variables upon submission to the bug_report.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when the malicious user data is viewed via "bug_list.php" or "admin/index.php", leading to a loss of integrity.. Read more at osvdb.org/16601
GuildFTPd Traversal Arbitrary File Enumeration
GuildFTPd contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the application not properly sanitizing user input, specifically traversal style attacks (../../), which causes the application to return an error message whether the file exists on the system or not resulting in a loss of confidentiality.. Read more at osvdb.org/370
Kerio MailServer on Linux .eml Attachment DoS
Kerio MailServer contains a flaw that may allow a remote denial of service. The issue is triggered by improper parsing of emails with .eml attachments. A remote attacker could send an email embedded with multiple .eml files which would cause Kerio MailServer running on Linux to crash, resulting in loss of availability for the service.. Read more at osvdb.org/16487
Oracle Database/Application Server HTTP Server Unspecified Remote DoS
Oracle Database Server and Application Server contain a flaw related to the HTTP server that may allow an attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15564
Oracle Database Server XDK Component SYS_DBURIGEN Issue
Oracle Database Server contains a flaw related to the XDK component SYS_DBURIGEN function that may allow an attacker to trivially cause a denial of of service, or with more effort, compromise the integrity or confidentiality of the server. No further details have been provided.. Read more at osvdb.org/15561
Oracle Database/Application Server HTTP Server SSL Complex Remote DoS
Oracle Database Server and Application Server contain a flaw related to the HTTP server SSL component that may allow an attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15571
Oracle Collaboration Suite Calendar Component Unspecified Disclosure
Oracle Collaboration Server contains a flaw related to the calendar component that may allow an attacker to gain unauthorized access to information. No further details have been provided.. Read more at osvdb.org/15603
Oracle Collaboration Suite Conferencing Local Unauthenticated Issue
Oracle Collaboration Suite contains a flaw related to the conferencing component that may allow an unauthenticated attacker to compromise the integrity or confidentiality of the server. No further details have been provided.. Read more at osvdb.org/15610
Oracle Collaboration Suite Email Server Unspecified NNTP DoS
Oracle Collaboration Suite contains a flaw related to the email server and NNTP protocol that may allow an attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15596
Oracle E-Business Suite Unspecified Remote Issue
Oracle E-Business Suite contains an unspecified flaw that may allow an attacker to compromise the integrity or confidentiality of the system. No further details have been provided.. Read more at osvdb.org/15583
Multiple Linux Kernel IOCTL Handlers Local Memory Corruption Vulnerabilities
The Linux kernel raw device and pktcdvd block device ioctl handlers are reported prone to local kernel-based memory corruption vulnerabilities. The issues manifest due to…. Read more at securityfocus.com/bid/13651?ref=rss
JGS-Portal Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
JGS-Portal is a portal plug-in for Woltlab Burning Board. It is implemented in PHP.JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilitie…. Read more at securityfocus.com/bid/13650?ref=rss
WoltLab Burning Board Verify_email Function SQL Injection Vulnerability
WoltLab Burning Board is a free Web based bulletin board package based on PHP and MySQL. WoltLab Burning Board is prone to an SQL injection vulnerability. This issue i…. Read more at securityfocus.com/bid/13643?ref=rss
Adobe Version Cue Local Privilege Escalation Vulnerability
Adobe Version Cue is a product designed to manage document versions for Adobe products. It should be noted that this issue is reported to only affect Adobe product runnin…
. Read more at securityfocus.com/bid/11833?ref=rss
NPDS THOLD Parameter SQL Injection Vulnerability
NPDS is a forum software written in PHP.NPDS is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-sup…. Read more at securityfocus.com/bid/13649?ref=rss
DotNetNuke User Registration Information HTML Injection Vulnerability
DotNetNuke (formerly known as the IBuySpy Workshop) is a web based content management system.DotNetNuke is prone to an HTML injection vulnerability. This issue is due …. Read more at securityfocus.com/bid/13644?ref=rss
[SePro Bugtraq] WBB Portal – JGS-Portal <= 3.0.2 – Multiple Vulnerabilities (09.05.05)
Sender: [deluxe at security-project dot org]
. Read more at securityfocus.com/archive/1/398315?ref=rss
Mac OS X – Adobe Version Cue local root exploit [c version exploit]
Sender: ali reza AcTiOnSpIdEr [actionspider at gmail dot com]. Read more at securityfocus.com/archive/1/398314?ref=rss
Pico Server (pServ) Local Information Disclosure
Sender: Claus R dot F dot Overbeck [bugtraq at clausrfoverbeck dot de]. Read more at securityfocus.com/archive/1/398297?ref=rss
Pico Server (pServ) Information Disclosure Of CGI Sources
Sender: Claus R dot F dot Overbeck [bugtraq at clausrfoverbeck dot de]
. Read more at securityfocus.com/archive/1/398290?ref=rss
Leave a Reply