Network Security News – Tuesday, May 02, 2006 Events
ClamAV Freshclam HTTP Header Remote Overflow
A remote overflow exists in Freshclam. The 'freshclam' utility fails to check the length of HTTP headers resulting in a stack-based buffer overflow when a server responds with more than 8KB of header data. With a specially crafted server response, an attacker can cause denial of service or arbitrary code execution resulting in a loss of integrity or availability for the service.. Read more at osvdb.org/25120
Clansys index.php page Variable Remote File Inclusion
Clansys contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25083
SunShop Shopping Cart index.php Multiple Variable XSS
SunSHop Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action', 'id', 'prevaction', 'previd', 'prevstart', and 'itemid' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25119
TextFileBB BBcode Multiple Tag XSS
TextFileBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '[color]', '[size]', and '[url]' BBcode upon submission to an unknown or unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25123
Virtual War includes/functions_common.php vwar_root Variable Remote File Inclusion
Virtual War contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/functions_common.php not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/24481
Virtual War includes/functions_front.php vwar_root Variable Remote File Inclusion
Virtual War contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/functions_front.php not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/24482
Virtual War includes/get_header.php vwar_root Variable Remote File Inclusion
Virtual War contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/get_header.php not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/24480
WebCalendar functions.php includedir Variable Remote File Inclusion
WebCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions.php not properly sanitizing user input supplied to the 'includedir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/19283
Leave a Reply