WhatsUp Professional NmConsole/ToolResults.asp sHostname Variable XSS

Network Security News – Wednesday, May 17, 2006 Events

WhatsUp Professional NmConsole/ToolResults.asp sHostname Variable XSS

WhatsUp Professional contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sHostname' variable upon submission to the 'NmConsole/ToolResults.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25470

WhatsUp Professional NmConsole/Navigation.asp sDeviceView Variable XSS

WhatsUp Professional contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sDeviceView' variable upon submission to the 'NmConsole/Navigation.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25469

RealVNC Remote Password Authentication Bypass

RealVNC contains a flaw that may allow a malicious user to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password. The issue is triggered due to an error within the handling of VNC password authentication requests. This flaw may lead to a loss of confidentiality.. Read more at osvdb.org/25479

Squirrelcart cart_content.php cart_isp_root Variable Remote File Inclusion

Squirrelcart contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cart_content.php not properly sanitizing user input supplied to the "cart_isp_root" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25523

PopPhoto popp.config.loader.inc.php cfg[popphoto_base_path] Variable Remote File Inclusion

PopPhoto contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to popp.config.loader.inc.php not properly sanitizing user input supplied to the cfg[popphoto_base_path] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25524

RadLance Gold popup.php read Variable Traversal Arbitrary File Access

RadLance Gold contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the popup.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'read' variable.. Read more at osvdb.org/25522

Novell NetWare NILE.NLM SSL Server Cleartext Communication Disclosure

Novell NetWare and Novell Open Enterprise Server contains a flaw that may allow a malicious user to force server to negotiate a less secure SSL connection. The issue is triggered because SSL server implementation in NILE.NLM permits encryption with a NULL key, which results in cleartext communication. It is possible that the flaw may allow remote attackers to read an SSL protected session resulting in a loss of confidentiality.. Read more at osvdb.org/24046

Novell NetWare NILE.NLM SSL Server Unspecified Weak Encryption Support

Novell NetWare and Novell Open Enterprise Server contains a unspecified flaw that may allow a malicious user to use a less secure SSL connection. The issue is triggered because SSL server implementation in NILE.NLM sometimes selects a weak cipher instead of an available stronger cipher. It is possible that the flaw may allow remote attackers to decrypt contents of an SSL protected session resulting in a loss of confidentiality.. Read more at osvdb.org/24047

Novell NetWare NILE.NLM SSL Server Encryption Downgrade Weakness

Novell NetWare and Novell Open Enterprise Server contains a flaw that may allow a malicious user to force server to negotiate a less secure SSL connection. The issue is triggered because SSL server implementation in NILE.NLM allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility. It is possible that the flaw may allow remote attackers to decrypt contents of an SSL protected session resulting in a loss of confidentiality.. Read more at osvdb.org/24048

Novell GroupWise Messenging Agent Accept-Language Header Remote Overflow

A remote overflow exists in Novell GroupWise Messenger. The Novell Messaging Agent service fails to check length during the parsing of long parameters within the Accept-Language header resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution in the context of SYSTEM or superuser.. Read more at osvdb.org/24617