Network Security News – Monday, May 09, 2005 Events
ImageMagick ReadPNMImage() PNM Image Decoding Overflow
ImageMagick contains a flaw that may allow a heap overflow triggering a denial of service. The issue is triggered due to a lack of bounds checking in the ReadPNMImage() function when decoding PNM images, and will result in loss of availability for the application.. Read more at osvdb.org/15891
WoltLab Burning Board pms.php folderid Variable XSS
WoltLab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'folderid' variable upon submission to pms.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15907
WinHex Malformed Filename DoS
X-Ways WinHex contains a flaw that may allow either a Remote or Local denial of service. The issue is triggered when an attacker sends a specially-crafted file name to a buffer causing a heap-based overflow, and will result in loss of availability for the WinHex Application.
This application typically does not run with any elevated privileges and requires command line interaction from a user.. Read more at osvdb.org/15841
Altiris Deployment Solution AClient Password Protection Bypass
Altiris Deployment Solution contains a flaw in its ACLIENT.EXE service that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by manipulating the Aclient interface to launch a windows command prompt which runs at the LocalSystem account level. From within this command prompt, the user can launch any program at those escalated privileges. This flaw may lead to a loss of Integrity.. Read more at osvdb.org/15896
BitDefender Path Subversion Security Bypass
BitDefender 8 Professional Plus and Standard Edition contains a flaw that may allow a malicious user to bypass virus protection. The issue is triggered by a race condition caused by a specially crafted "C:\program.exe" file. At Windows startup the file is detected and an alert message is sent to the user, causing the Windows session to begin without starting BitDefender, resulting in a loss of availability of the anti-virus application.. Read more at osvdb.org/15818
602LAN SUITE Webmail Traversal Arbitrary File Upload
602LAN Suite contains a flaw that allows a remote attacker to upload files to arbitrary directories outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'filename' variable when attaching a file to an email. Files uploaded to the cgi-bin directory can be executed remotely by an authenticated user via a URL and will run at the privileges of the web server.. Read more at osvdb.org/13590
Perl Convert::UUlib Module Local Overflow
An overflow exists in Convert-UUlib. Convert-UUlib fails to perform proper bounds checking on parameter functions resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
It is not clear if this vulnerability can be remotely exploited, or requires malformed content to be sent to a user to run.. Read more at osvdb.org/15867
Syntax Desktop Multiple Nondescript Security Issues
Syntax Desktop contains multiple security flaws. No further details have been provided.. Read more at osvdb.org/15917
SmartList confirm Module Arbitrary Address Subscription
SmartList confirm module contains a flaw that may allow a malicious attacker to subscribe arbitrary addresses to mailing lists. The issue is triggered when a valid cookie containing the malicious subscribing address is sent to the module. It is possible that the flaw may allow list security restrictions to be bypassed resulting in a loss of integrity.. Read more at osvdb.org/16086
MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow
MaxDB Webtool contains a flaw that may allow a malicious attacker to execute arbitrary code. The issue is triggered when the getlfHeader() function fails to properly limit user supplied input allowing for a buffer overflow. With a specially crafted request, an attacker may be able to overflow the buffer with custom code that would be executed with the same privileges as the Webtool.. Read more at osvdb.org/15993
PHPBB Unspecified BBCode.PHP Vulnerability
PhpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …. Read more at securityfocus.com/bid/13545?ref=rss
Mozilla Firefox Install Method Remote Arbitrary Code Execution Vulnerability
Mozilla Firefox is prone to a security vulnerability that could result in the execution of arbitrary code without requiring user interaction. Initial analysis of the vu…. Read more at securityfocus.com/bid/13544?ref=rss
Invision Power Board Login.PHP SQL Injection Vulnerability
Invision Power Board is Web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems.Invision Power…. Read more at securityfocus.com/bid/13529?ref=rss
HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure Vulnerability
HTMLJunction EZGuestbook is a web based forum application.HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the databa…
. Read more at securityfocus.com/bid/13543?ref=rss
Leave a Reply