Xerox WorkCentre MicroServer Web Server SNMP System Config Modfiication

Network Security News – Tuesday, May 03, 2005 Events

Xerox WorkCentre MicroServer Web Server SNMP System Config Modfiication

Xerox WorkCentre contains a flaw related to the microServer web sever SNMP authentication that may allow remote attackers to modify system configuration. No further details have been provided.. Read more at osvdb.org/15747

HP OpenView Radia Management Agent Nondescript Issue

OpenView Radia Management Agent contains a flaw that may allow a remote attacker to execute arbitrary commands with Local System privileges (on Windows systems) and/or deny service, resulting in a loss of integrity and availability. No further details have been provided.. Read more at osvdb.org/15960

Debian CVS repouid Patch pserver Access Method Authentication Bypass

Debian CVS contains a flaw that may allow a malicious user to bypass the password protection. The issue is triggered when using the pserver access method in conjunction with the repouid patch, allowing an attacker to to bypass user authentication and gain access to the repository, resulting in a loss of confidentiality.. Read more at osvdb.org/15887

GrayCMS error.php path_prefix Variable Remote File Inclusion

GrayCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. If register_globals is enabled, the issue is due to "code/error.php" not properly sanitizing user input supplied to the "path_prefix" parameter. This may allow a remote attacker to send a specially-crafted URL and include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/15860

phpMyVisites set_lang.php Local File Inclusion

phpMyVisites contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to "login.php" not properly sanitizing user input supplied to the "mylang" variable. This may allow a remote attacker to send a specially-crafted URL to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/15857

Symantec Multiple Product RAR Archive Virus Detection Bypass

Multiple Symantec AntiVirus products contain a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially-crafted RAR file and causes an error in the component used for processing encoded or archived content, resulting in loss of availability of the Symantec Antivirus decomposer component and the bypass of the malicious content inside the RAR file by the initial scan. It is possible that the flaw may allow a virus to bypass the filtering and infect the target upon extraction by the user.. Read more at osvdb.org/15906

FlexPHPNews news.php newsid Variable SQL Injection

FlexPHPNews contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'newsid' variable in the 'news.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15715

MaxWebPortal events_functions.asp EVENT_ID Parameter SQL Injection

MaxWebPortal contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'EVENT_ID' parameter in the 'events_functions.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15197

MetaCart e-Shop V-8 product.asp intProdID Variable SQL Injection

MetaCart e-Shop V-8 contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'intProdID' variable in the 'product.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15870

PHP-Calendar search.php SQL Injection

PHP-Calendar contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to improper validation of user-supplied input upon submission to the 'search.php' script and may allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.. Read more at osvdb.org/15866

Linux Kernel Elf Binary Loading Local Denial of Service Vulnerability

Linux Kernel is prone to a potential local denial of service vulnerability. It is reported that this issue exists in the 'load_elf_library' function that resides in th…. Read more at securityfocus.com/bid/12935?ref=rss

Linux Kernel EXT2 File System Information Leak Vulnerability

The Linux kernel EXT2 filesystem handling code is reported prone to a local information leakage vulnerability. It is reported that when a new directory is created on an E…. Read more at securityfocus.com/bid/12932?ref=rss