Network Security News – Wednesday, May 18, 2005 Events
MS Analysis for PHP-Nuke mstrack.php Installation Path Disclosure
MS Analysis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the 'mstrack.php' script without arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.. Read more at osvdb.org/16643
MS Analysis for PHP-Nuke title.php Installation Path Disclosure
MS Analysis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the 'title.php' script without arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.. Read more at osvdb.org/16642
War Times Nickname Overflow DoS
A remote overflow exists in War Times European Frontline. The War Times fails to properly bounds check user-supplied network data prior to copying it into a fixed-size memory buffer. With a specially crafted request containing a nickname of 64 bytes, the max data block size, an attacker can cause a buffer overflow resulting in a loss of availability.. Read more at osvdb.org/16619
Sigma ISP Manager sigmaweb.dll Malformed Input Error Message Information Disclosure
Sigma ISP Manager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when malformed input is given to the "username", "password" or "domain" fields, which will disclose database information resulting in a loss of confidentiality.. Read more at osvdb.org/16620
NetIQ Security Manager Traversal File Restriction Bypass
NetIQ Security Manager may contain a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.
The vendor has stated that their product is not vulnerable to this issue.. Read more at osvdb.org/15791
Uphotogallery edit_image.asp Arbitrary File Upload
Uphotogallery contains a flaw that may allow a malicious user to upload arbitrary files. The issue is triggered when the edit_image.asp is used by an authenticated user. It is possible that the flaw may allow malicious code to be uploaded resulting in a loss of integrity.. Read more at osvdb.org/16603
Lotus Domino Malformed POST Request Remote Overflow
A remote overflow exists in Lotus Domino. The server fails to validate POST requests resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15626
Bsafe/Global Security for iSeries Traversal File Restriction Bypass
Bsafe/Global Security for iSeries may contain a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.. Read more at osvdb.org/15792
SafeStone DetectIT Directory Traversal File Restriction Bypass
SafeStone DetectIT may contain a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.
The vendor has stated that their product is not vulnerable to this issue.. Read more at osvdb.org/15794
Castlehill Computer Services SECURE/NET Traversal File Restriction Bypass
Castlehill Computer Services SECURE/NET contains a flaw that allows a remote attacker to access files outside of the ftp root path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ftp GET command.. Read more at osvdb.org/15793
Leave a Reply