Network Security News – Thursday, May 05, 2005 Events
Oracle webcacheadmin Multiple Variable XSS
The webcacheadmin module in Oracle Application Server Web Cache contains multiple flaws that allows remote cross site scripting attacks. The flaws exists because the application does not validate 'cache_dump_file' and 'PartialPageErrorPage' variables upon submission to various scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15910
Oracle webcacheadmin Arbitrary File Corruption
The webcacheadmin module in Oracle Application Server Web Cache contains a flaw which allows appending arbitrary data to the end of files that may allow a remote attacker to corrupt files. No further details have been provided.. Read more at osvdb.org/15909
Pound add_port() Function Remote Overflow
A remote overflow exists in Pound. The add_port() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker can crash the application resulting in a loss of availability.. Read more at osvdb.org/15963
libXpm ParseAndPutPixels Function Stack Overflow
A local overflow exists in libXpm. The ParseAndPutPixels function fails to validate user-supplied input resulting in a stack overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/10034
libXpm xpmParseColors Function XPMv2/3 Parsing Stack Overflow
A local overflow exists in libXpm. The xpmParseColors function fails to validate user-supplied XPMv2/3 image files resulting in a stack overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/10029
libXpm xpmParseColors Function XPMv1 Parsing Stack Overflow
A local overflow exists in libXpm. The xpmParseColors function fails to validate user-supplied XPMv1 image files resulting in a stack overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/10028
libXpm xpmParseColors Function Integer Overflow
A local overflow exists in libXpm. The xpmParseColors function fails to validate user-supplied input resulting in an integer overflow. With a specially crafted request, a malicious user can cause a denial of service resulting in a loss of availability.. Read more at osvdb.org/10030
libXpm ParseAndPutPixels Function Integer Overflow
A local overflow exists in libXpm. The ParseAndPutPixels function fails to validate user-supplied input resulting in an integer overflow. With a specially crafted request, a malicious user can cause a denial of service resulting in a loss of availability.. Read more at osvdb.org/10026
libXpm XpmCreateImageFromXpmImage Function Integer Overflow
A local overflow exists in libXpm. The XpmCreateImageFromXpmImage function fails to validate user-supplied input resulting in an integer overflow. With a specially crafted request, a malicious user can cause a denial of service resulting in a loss of availability.. Read more at osvdb.org/10031
libXpm CreateXImage Function Integer Overflow
A local overflow exists in libXpm. The CreateXImage function fails to validate user-supplied input resulting in an integer overflow. With a specially crafted request, a malicious user can cause a denial of service resulting in a loss of availability.. Read more at osvdb.org/10032
Apple Mac OS X Terminal Window Title Escape Sequence Command Execution Vulnerability
Apple Mac OS X Terminal is reported prone to an input validation vulnerability.Apple Terminal window title feature may be abused to execute arbitrary commands on a syst…. Read more at securityfocus.com/bid/13503?ref=rss
Apple Mac OS X Terminal X-Man-Path Input Validation Vulnerability
Apple Mac OS X Terminal is reported prone to an input validation vulnerability.Apple Terminal allows escape characters embedded in x-man-path URI's to insert commands i…. Read more at securityfocus.com/bid/13502?ref=rss
YusASP Web Asset Manager Unauthorized Access Vulnerability
YusASP is a file manager for Web content.YusASP Web Asset Manager is prone to an unauthorized access vulnerability. The application does not perform any authentication…. Read more at securityfocus.com/bid/13501?ref=rss
LibXpm Image Decoding Multiple Remote Buffer Overflow Vulnerabilities
libXpm is a graphics library available for the Linux and Unix operating systems. It decodes X Pixmap (XPM) image formats.Multiple vulnerabilities are reported to exist…
. Read more at securityfocus.com/bid/11196?ref=rss
Apple Mac OS X AppleScript Editor Code Obfuscation Vulnerability
Mac OS X AppleScript editor is prone to a code obfuscation vulnerability. This issue involves the use of the applescript: URI mechanism.Normally, the applescript: URI …. Read more at securityfocus.com/bid/13500?ref=rss
Leave a Reply