FlatNuke help.php Multiple Variable XSS

Network Security News – Friday, June 10, 2005 Events

FlatNuke help.php Multiple Variable XSS

FlatNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'border' and 'back' variables upon submission to the help.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17167

FlatNuke footer.php Multiple Variable XSS

FlatNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'back' and 'border' variables upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17168

FlatNuke foot_news.php Direct Request CPU Consumption DoS

Flatnuke contains a flaw that may allow a remote denial of service. The issue is due to an unspecified error in "foot_news.php" script that causes high CPU resource consumption when the script is directly called.. Read more at osvdb.org/17165

FlatNuke referer.php Crafted Referer Arbitrary PHP Code Execution

FlatNuke contains a flaw that may allow a malicious user to execute arbitrary PHP command. The issue is due to insufficient input validation in the referer.php script. When an attacker first sends a specially crafted request with a spoofed referer field to the website, then directly accesses the referer.php script, the website will execute the PHP commands in the referer field.. Read more at osvdb.org/17166

FlatNuke index.php where Variable Path Disclosure

FlatNuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specially crafted request to the "index.php" script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17169

CA Multiple Products Vet Engine OLE Stream Remote Overflow

A remote overflow exists in multiple products which rely on Computer Associates Vet Antivirus engine. The engine fails to perform bounds checking while analyzing an OLE stream resulting in a heap overflow. With a specially crafted Microsoft Office document, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16780

Microsoft Windows Remote Desktop Protocol (RDP) Private Key Disclosure

Microsoft Windows Remote Desktop Protocol contains a flaw that may lead to an unauthorized information disclosure. The issue is due to a private key used to sign the Terminal Server public key being hardcoded in a program library (DLL). This may allow an attacker to disclose the key and calculate a valid signature to carry out man in the middle (MITM) attack.. Read more at osvdb.org/17131

RakNet Empty UDP Datagram Remote DoS

Raknet contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is received by the server, and will result in loss of availability for the service.. Read more at osvdb.org/17125

PHP Advanced Transfer Manager (phpATM) index.php include_location Function Remote File Inclusion

phpATM contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the include_location variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/16692

YaPiG upload.php dir Variable Arbitrary Directory Manipulation

YaPiG contains a flaw that allows an authenticated user to create and delete arbitrary directories outside of the gallery directory. The issue is due to the upload.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the dir variable.. Read more at osvdb.org/17120

Vuln: TCPDump BGP Decoding Routines Denial Of Service Vulnerability

TCPDump BGP Decoding Routines Denial Of Service Vulnerability. Read more at securityfocus.com/bid/13906

Vuln: Macromedia eLicensing Client Activation Code Local Privilege Escalation Vulnerability

Macromedia eLicensing Client Activation Code Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/13925

Vuln: IBM AIX GetLVName Command Line Argument Local Buffer Overflow Vulnerability

IBM AIX GetLVName Command Line Argument Local Buffer Overflow Vulnerability

. Read more at securityfocus.com/bid/13914

Vuln: IBM AIX Invscout Local Buffer Overflow Vulnerability

IBM AIX Invscout Local Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/13909

"Meanwhile, on the other side of the web server" – a new write-up by Amit Klein

"Meanwhile, on the other side of the web server" – a new write-up by Amit Klein. Read more at securityfocus.com/archive/1/401866

MDKSA-2005:098 – Updated wget packages fix vulnerabilities

MDKSA-2005:098 – Updated wget packages fix vulnerabilities. Read more at securityfocus.com/archive/1/401865

[ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities

[ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities

. Read more at securityfocus.com/archive/1/401868

Arbitrary code execution in eping plugin

Arbitrary code execution in eping plugin. Read more at securityfocus.com/archive/1/401862