Network Security News – Wednesday, May 04, 2005 Events
TRG News display.php Remote File Inclusion
TRG News contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'display.php' not properly sanitizing user input supplied to the 'dir' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14923
TRG News displayall.php Remote File Inclusion
TRG News contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'displayall.php' not properly sanitizing user input supplied to the 'dir' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14924
TRG News comment.php Remote File Inclusion
TRG News contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'comment.php' not properly sanitizing user input supplied to the 'dir' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14922
TRG News authorall.php Remote File Inclusion
TRG News contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'authorall.php' not properly sanitizing user input supplied to the 'dir' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14921
TRG News article.php Remote File Inclusion
TRG News contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'article.php' not properly sanitizing user input supplied to the 'dir' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/14920
ArcInfo Workstation asmaster Local Overflow
A local overflow exists in ESRI ArcInfo Workstation. Asmaster fails to handle overly long command line arguments issued resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary files with root access resulting in a loss of integrity.. Read more at osvdb.org/16059
tcpdump Malformed RSVP Packet Remote DoS
tcpdump contains a flaw that may allow a remote denial of service. The issue is triggered when a specially-crafted RSVP packet causes tcpdump to enter an infinate loop and stop responding. This will result in loss of availability for the service.. Read more at osvdb.org/15904
vBulletin calendar.php comma Parameter Arbitrary Command Execution
vBulletin contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'calendar.php' script not properly sanitizing user input supplied to the 'comma' variable. By sending a specially crafted request containing shell metacharacters, a remote attacker could execute arbitrary commands resulting in a loss of integrity.. Read more at osvdb.org/3299
phpmyfamily census.php SQL Injection
phpmyfamily contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to improper validation of user-supplied input upon submission to the 'census.php' script and may allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.. Read more at osvdb.org/14912
phpmyfamily document.php SQL Injection
phpmyfamily contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to improper validation of user-supplied input upon submission to the 'document.php' script and may allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.. Read more at osvdb.org/14911
Apple Mac OS X Multiple Vulnerabilities
Multiple security vulnerabilities are reported to affect Apple Mac OS X. These issues were disclosed in the referenced vendor advisory.Apache htdigest is prone to a bu…. Read more at securityfocus.com/bid/13480?ref=rss
OSTicket Multiple Input Validation and Remote Code Injection Vulnerabilities
osTicket is an open source support ticket system.osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the applicatio…. Read more at securityfocus.com/bid/13478?ref=rss
Golden FTP Server Pro Directory Traversal Vulnerability
Golden FTP Server Pro is susceptible to a directory traversal vulnerability.This vulnerability presents itself when a '\..' argument is passed to 'Get' FTP commands iss…. Read more at securityfocus.com/bid/13479?ref=rss
JGS-Portal ID Variable SQL Injection Vulnerability
JGS-Portal is a portal plug-in for Woltlab Burning Board. It is implemented in PHP.JGS-Portal is prone to an SQL injection. This issue may potentially be exploited to…
. Read more at securityfocus.com/bid/13451?ref=rss
GNUTLS Padding Denial of Service Vulnerability
GNU Transport Layer Security Library (GnuTLS) is a library that implements the TLS 1.0 and SSL 3.0 protocols. It is maintained by GNU and is available for Unix and Linux …. Read more at securityfocus.com/bid/13477?ref=rss
RaidenFTPD Unauthorized File Access Vulnerability
RaidenFTPD is an FTP server for Windows operating systems.RaidenFTPD is prone to a vulnerability that could allow unauthorized access to files outside the FTP root. The…. Read more at securityfocus.com/bid/13292?ref=rss
ASP.NET __VIEWSTATE crypto validation prone to replay attacks
Sender: Michal Zalewski [lcamtuf at gmail dot com]
. Read more at securityfocus.com/archive/1/397375?ref=rss
Re: Apache hacks (./atac, d0s.txt)
Sender: Nick Bright [nick-tech at terraworld dot net]. Read more at securityfocus.com/archive/1/397348?ref=rss
tHorK FrameWork Beta v0.1::: another exploit framework
Sender: gilbert nzeka [dark_khaalel at yahoo dot fr]. Read more at securityfocus.com/archive/1/397347?ref=rss
[CLA-2005:952] Conectiva Security Announcement – kernel
Sender: Conectiva Updates [secure at conectiva dot com dot br]
. Read more at securityfocus.com/archive/1/397346?ref=rss
Leave a Reply