Network Security News – Wednesday, May 31, 2006 Events
Novell eDirectory / iMonitor NDS Server URI Overflow
A remote overflow exists in Novell eDirectory iMonitor NDS server. The NDS server fails to parse long URIs to the 'nds' path resulting in a stack-based overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/25781
Novell BorderManager Proxy Invalid Content Type DoS
Novell BorderManager Proxy contains a flaw that may allow a remote denial of service. The issue is triggered due to errors in the proxy service that does not properly handle invalid content type or media streaming over HTTP 1.1, and will result in loss of availability for the service/platform.. Read more at osvdb.org/23752
Publicist Multiple Script Direct Request Path Disclosure
Publicist contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests any script which makes a connection to the database and displays connection problems if unable to reach it, which will result in database connection errors and thereby disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/25766
Tiny FTPd USER Command Overflow DoS
A remote overflow exists in Tiny FTPd. Tiny FTPd fails to check bounds for USER command resulting in a overflow. With a specially crafted request, an attacker can cause crash of service resulting in a loss of availability.. Read more at osvdb.org/25767
vpopmail Cleartext Password Authentication Bypass
vpopmail contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is triggered due to an error within the handling of SMTP AUTH and APOP password authentication. It is possible that the flaw may allow an attacker to authenticate to the mail server using a blank password resulting in a loss of confidentiality.. Read more at osvdb.org/25445
WikiNi Page Edit XSS
WikiNi contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate edited content when creating or editing pages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25802
Leave a Reply