Network Security News – Thursday, May 26, 2005 Events
Yahoo! Messenger URL Handler Remote DoS
Yahoo! Messenger contains a flaw that may allow a remote denial of service. The issue is triggered due to the processing of arguments in the YMSGR: URL handler links. With a specially crafted request containing certain characters after the first or third colon, a remote attacker can causing the user to be disconnected from the current chat session resulting in a loss of availability.. Read more at osvdb.org/16816
Yahoo! Messenger Communication Log Local Disclosure
Yahoo! Messenger contains a flaw that may lead to an unauthorized information disclosure. Өe problem is that the application stores communication logs in the 'ypager.log' file in plaintext, which will disclose sensitive information resulting in a loss of confidentiality.. Read more at osvdb.org/16815
Warrior Kings: Battles Malformed Join Packet DoS
Warrior Kings: Battles contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed join packet, which causes the server to crash resulting in a loss of availability.. Read more at osvdb.org/16802
Warrior Kings: Battles Nickname Remote Format String
Warrior Kings and Warrior Kings: Battles contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to a format string error in the text visualization. With a specially crafted nickname, a remote attacker may execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/16801
GNOME gedit Filename Format String DoS
gedit contains a flaw that may allow a local denial of service. The issue is triggered due to the handling of binary files with format string specifiers in the filename. With a specially crafted filename, a malicious user can cause the application to crash resulting in a loss of availability.. Read more at osvdb.org/16809
Yahoo! Chat! Add Buddy Restriction Bypass
Yahoo! Chat! servers contains a flaw that may allow a remote attacker to bypass 'Add Buddy' restrictions. The problem is that the server does not send confirmation when 'Add Buddy' requests are made. With a specially crafted URL, a remote attacker can arbitrarily add buddies without permission and disclose their online status resulting in a loss of confidentiality.. Read more at osvdb.org/16817
Active News Manager login.asp Password SQL Injection
Active News Manager contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Username and Password variables in the login.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16826
FunkyASP AD System admin.asp Password Field SQL Injection
FunkyASP contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the password variable in the admin.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16825
Halo: Combat Evolved Malformed Data DoS
Halo: Combat Evolved contains a flaw that may allow a remote denial of service. The issue is triggered when sending malformed data, which causes the application to go into an infinite loop and consume all available CPU resources resulting in a loss of availability.. Read more at osvdb.org/16824
Microsoft Word mcw File Processing Overflow
A remote overflow exists in Microsoft Word for Windows. The application fails to perform proper bounds checking resulting in a buffer overflow. With a malformed *.mcw file created with Microsoft Word for Macintosh, a remote attacker can cause arbitrary code execution once the victim opens the file resulting in a loss of integrity.. Read more at osvdb.org/16814
GNU SHTool Insecure Temporary File Deletion Vulnerability
GNU shTool is a set of small shell scripts. GNU shTool is prone to an insecure temporary file deletion vulnerability. This issue is due to a design error that causes…. Read more at securityfocus.com/bid/13767?ref=rss
DavFS2 Failure To Enforce UNIX Filesystem Permissions Design Error Vulnerability
Davfs2 is a WebDAV file system driver that is available for Linux. It relies on the Coda Linux kernel driver and neon.Davfs2 is prone to a security vulnerability. Repor…. Read more at securityfocus.com/bid/13770?ref=rss
Linux Kernel Local MEMLOCK RLIMIT Bypass Denial Of Service Vulnerability
The Linux kernel contains the capability to lock allocated memory. This capability is used by certain applications to ensure that memory is not swapped out of main memory…. Read more at securityfocus.com/bid/13769?ref=rss
SCO OpenServer NWPrint Command Line Argument Local Buffer Overflow Vulnerability
nwprint that is distributed with SCO OpenServer is prone to a local buffer overflow vulnerability. This issue arises because the application fails to perform boundary ch…
. Read more at securityfocus.com/bid/12986?ref=rss
L-Soft Listserv Multiple Unspecified Vulnerabilities
Listserv is a publicly available multi-platform application used to manage mailing lists. Listserv is affected by multiple unspecified vulnerabilities. These issues ma…. Read more at securityfocus.com/bid/13768?ref=rss
Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerability
The Linux kernel supports the creation of core dumps for processes to aid in the debugging of faulty applications. Core dumps are images of aborted processes memory space…. Read more at securityfocus.com/bid/13589?ref=rss
OpenServer 5.0.6 OpenServer 5.0.7 : nwprint privilege escalation
Sender: [please_reply_to_security at sco dot com]
. Read more at securityfocus.com/archive/1/398920?ref=rss
davfs2 does not honour Unix permissions
Sender: martin f krafft [madduck at madduck dot net]. Read more at securityfocus.com/archive/1/398923?ref=rss
High Risk Vulnerability in L-Soft's LISTSERV Server
Sender: NGSSoftware Insight Security Research [nisr at ngssoftware dot com]. Read more at securityfocus.com/archive/1/398919?ref=rss
shtool insecure temporary file creation
Sender: ZATAZ dot net [exploits at zataz dot net]
. Read more at securityfocus.com/archive/1/398918?ref=rss
Leave a Reply