Network Security News – Wednesday, May 24, 2006 Events
Florian Amrhein NewsPortal poll.php Remote File Inclusion
NewsPortal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to poll.php not properly sanitizing user input supplied to the "file_newsportal" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25577
ScozNews Multiple Script CONFIG[main_path] Variable Remote File Inclusion
ScozNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts not properly sanitizing user input supplied to the 'CONFIG[main_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25616
Linux Kernel SCTP Fragmented Control Chunk Remote DoS
The Linux kernel contains a flaw that may allow a remote denial of service. The issue is present in the Stream Control Transmission Protocol (SCTP) code of the kernel. It is triggered when IP-fragmented SCTP control chunks are received by the kernel. Incorrect handling of these in the 'skb_pull()' function might result in a kernel panic, and therefore in loss of availability for the platform.. Read more at osvdb.org/25633
Linux Kernel SCTP ECNE Chunk Handling Remote DoS
The Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered because of a flow in the kernel's Stream Control Transmission Protocol (SCTP). When a crafted 'ECNE chunk' SCTP is sent to the system, an incorrect state table entry might be created when the packet is received in closed state. This might result in a kernel panic and hence loss of availability for the platform.. Read more at osvdb.org/25632
WhatsUp Professional Crafted Request Script Source Disclosure
WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a request for a script is crafted by adding a period at the end of the request, which will disclose the script's source code, resulting in a loss of confidentiality.. Read more at osvdb.org/25474
WhatsUp Professional DeviceSelection.asp Arbitrary Site Redirection
WhatsUp Professional contains a flaw that may allow a malicious user to redirect the victim to an arbitrary website. The issue is due to the 'NmConsole/DeviceSelection.asp' script not properly sanitizing input passed via the 'sRedirectUrl' and 'sCancelURL' parameters. It is possible that the flaw may facilitate phishing attacks, effectively causing a loss of integrity.. Read more at osvdb.org/25473
WhatsUp Professional NmConsole Error Message Path Disclosure
WhatsUp contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a request for pages that will result in a HTTP 404 error message, which will disclose information about the software's installation path, resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/25477
WhatsUp Professional NmConsole/Login.asp Error Message Account Enumeration
WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is present in the 'NmConsole/Login.asp' login page. The application gives different responses to login attempts with wrong usernames and/or passwords, giving an attacker the opportunity to enumerate valid user accounts. This may result in a loss of confidentiality.. Read more at osvdb.org/25476
WhatsUp Professional RenderMap.asp Information Disclosure
WhatsUp Professional contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the 'NmConsole/utility/RenderMap.asp' script does not properly authenticate requests made via the 'nDeviceGroupID' variable. This will disclose information about monitored devices, resulting in a loss of confidentiality.. Read more at osvdb.org/25475
zawhttpd GET Request Remote Overflow DoS
zawhttpd contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed GET request containing numerous backslashes is received, and will result in loss of availability for the service.. Read more at osvdb.org/25671
Vuln: AlstraSoft E-Friends Multiple HTML Injection Vulnerabilities
AlstraSoft E-Friends Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/18079
Vuln: Dia Filename Remote Format String Vulnerability
Dia Filename Remote Format String Vulnerability. Read more at securityfocus.com/bid/18078
Vuln: Blender BlenLoader File Processing Integer Overflow Vulnerability
Blender BlenLoader File Processing Integer Overflow Vulnerability
. Read more at securityfocus.com/bid/15981
Vuln: KPdf and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities
KPdf and KWord Multiple Unspecified Buffer and Integer Overflow Vulnerabilities. Read more at securityfocus.com/bid/16143
Re: Circumventing quarantine control in Windows 2003 and ISA 2004
Re: Circumventing quarantine control in Windows 2003 and ISA 2004. Read more at securityfocus.com/archive/1/434820
Nucleus CMS <= 3.22 arbitrary remote inclusion
Nucleus CMS <= 3.22 arbitrary remote inclusion
. Read more at securityfocus.com/archive/1/434837
[security bulletin] HPSBMA02098 SSRT5911 rev.1 – HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation
[security bulletin] HPSBMA02098 SSRT5911 rev.1 – HP OpenView Network Node Manager (OV NNM) Remote Unauthorized Privileged Access, Arbitrary Command Execution, Arbitrary File Creation. Read more at securityfocus.com/archive/1/434872
[security bulletin] HPSBUX02114 SSRT061115 rev.1 – HP-UX Running Software Distributor Local Elevation of Privilege
[security bulletin] HPSBUX02114 SSRT061115 rev.1 – HP-UX Running Software Distributor Local Elevation of Privilege. Read more at securityfocus.com/archive/1/434838
Leave a Reply