Network Security News – Saturday, May 06, 2006 Events
PHP Session Name Unspecified Character Weakness
PHP contains a flaw related to the use of unspecified unusual characters in session names. No further details have been provided.. Read more at osvdb.org/25253
PHP Session Extension Heap Corruption Issue
PHP contains a flaw related to session extension that may allow an attacker to cause a heap corruption. No further details have been provided.. Read more at osvdb.org/25254
PHP unset() Function Variable Persistence
PHP contains a flaw where variables will not have their data removed even after having been unset(). No further details have been provided.. Read more at osvdb.org/25255
Albinator eshow.php Config_rootdir Variable Remote File Inclusion
Albinator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'eshow.php' script not properly sanitizing user input supplied to the 'Config_rootdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25240
Quagga bgpd Telnet Interface Local DoS
Quagga contains a flaw that may allow a local denial of service. The issue is triggered when certain crafted input is passed to the 'sh ip bgp community' command, and will result in loss of availability for the platform by using all up CPU resources.. Read more at osvdb.org/25245
Albinator eday.php Config_rootdir Variable Remote File Inclusion
Albinator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'eday.php' not properly sanitizing user input supplied to the 'Config_rootdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25239
Albinator forgot.php Config_rootdir Variable Remote File Inclusion
Albinator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'forgot.php' script not properly sanitizing user input supplied to the 'Config_rootdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25241
Albinator showpic.php preloadSlideShow Variable XSS
Albinator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'preloadSlideShow' variable upon submission to the 'showpic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25243
Albinator dlisting.php cid Variable XSS
Albinator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'dlisting.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25242
Leave a Reply