Network Security News – Sunday, May 29, 2005 Events
BookReview Malformed File Name Path Disclosure
BookReview contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when issuing a specially crafted request containing a malformed file name, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/16880
BEA WebLogic Active Directory LDAP Access Persistance
WebLogic Server contains a flaw that may allow a malicious user to gain unauthorized privileges. The issue is triggered when the Active Directory LDAP server is used as an authentication database and a user account is disabled but not deleted. It is possible for the disabled user to log in to server with all of the privileges they had before, resulting in a loss of integrity.. Read more at osvdb.org/16842
HP-UX Trusted System telnetd/remshd Security Bypass
HP-UX Trusted System contains unspecified flaws in telnetd and remshd that may allow a malicious user to obtain unauthorized remote access. The issue is triggered when telnetd is configured with TACACS authentication or remshd is enabled for use with rcp, rdist and remsh (rsh) commands. It is possible that the flaw may allow an attacker to bypass security restrictions resulting in a loss of confidentiality.. Read more at osvdb.org/16869
BookReview suggest_review.htm node Variable XSS
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'node' variable upon submission to the 'suggest_review.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16879
BookReview suggest_category.htm node Variable XSS
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'node' variable upon submission to the 'suggest_category.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16873
BookReview search.htm submit string Variable XSS
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'submit string' variable upon submission to the 'search.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16877
BookReview contact.htm user Variable XSS
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' variable upon submission to the 'contact.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16874
BookReview search.htm Path Disclosure
BookReview contains a flaw that may lead to an unauthorized information disclosure. Өis flaw exists because the application does not validate user-supplied input upon submission to the 'search.htm' script, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/16881
BookReview add_booklist.htm node Variable XSS
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'node' variable upon submission to the 'add_booklist.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16875
BookReview add_classification.htm isbn Variable XSS
BookReview contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'isbn' variable upon submission to the 'add_classification.htm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16878
Newmad Technologies PicoWebServer Remote Buffer Overflow Vulnerability
Newmad Technologies PicoWebServer is a light weight Web server for Pocket PC. It runs on Microsoft Windows CE.PicoWebServer is affected by a remote buffer overflow vul…. Read more at securityfocus.com/bid/13807?ref=rss
Hosting Controller Multiple Vulnerabilities
Hosting Controller is an application that consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. Hosting Con…. Read more at securityfocus.com/bid/13806?ref=rss
PHPMailer Data() Function Remote Denial of Service Vulnerability
PHPMailer is a email transport class written in PHP. It provides email functionality with sendmail, PHP mail(), or SMTP.PHPMailer is affected by a remote denial of ser…. Read more at securityfocus.com/bid/13805?ref=rss
OS4E LOGIN.ASP SQL Injection Vulnerability
os4e is a Web application that allows users to create Web sites. It is implemented in ASP.os4e is prone to an SQL injection vulnerability. This issue is due to a failu…
. Read more at securityfocus.com/bid/13804?ref=rss
NPDS Multiple Input Validation Vulnerabilities
NPDS is a forum software written in PHP. NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers t…. Read more at securityfocus.com/bid/13803?ref=rss
Invision Power Board Unauthorized Access Vulnerability
Invision Power Board is Web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems. Invision Powe…. Read more at securityfocus.com/bid/13802?ref=rss
PostNuke Critical SQL Injection and XSS 0.750=>x
Sender: sp3x [sp3x at securityreason dot com]
. Read more at securityfocus.com/archive/1/399201?ref=rss
RE: CAID 32896 – Computer Associates Vet Antivirus engine heap overflow vulnerability
Sender: Williams, James K [James dot Williams at ca dot com]. Read more at securityfocus.com/archive/1/399219?ref=rss
SQL Injection Exploit for myBloggie 2.1.1 – 2.1.2
Sender: Alberto Trivero [trivero at jumpy dot it]. Read more at securityfocus.com/archive/1/399229?ref=rss
[AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability
Sender: Team SHATTER [shatter at appsecinc dot com]
. Read more at securityfocus.com/archive/1/399217?ref=rss
Leave a Reply