Clavister Firewall ASN.1 Parser IKE Certificate Overflow

Network Security News – Saturday, June 11, 2005 Events

Clavister Firewall ASN.1 Parser IKE Certificate Overflow

A remote overflow exists in Clavister Firewall. The issue is due to an error in the IKE certificate ASN.1 parser. An attacker can establish an IKE connection to a VPN enabled firewall that supports certificate-based authentication and overflow a buffer, which will crash or execute arbitrary code on the firewall, resulting in a loss of integrity.. Read more at osvdb.org/17184

Sawmill Licensing Page license key Field XSS

Sawmill contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the license key field upon submission to the Licensing Page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17103

Sawmill Unauthorized License Addition

Sawmill contains an unspecified flaw that may allow an attacker to add unauthorized licenses. No further details have been provided.. Read more at osvdb.org/17101

Sawmill Unspecified Remote Administrative Privilege Escalation

Sawmill contains an unspecified flaw that may allow a remote attacker to gain administrative privileges. No further details have been provided.. Read more at osvdb.org/17100

Sawmill Add User Window username Field XSS

Sawmill contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the username variable upon submission to the Add User window. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17102

Popper Webmail childwindow.inc.php form Variable Remote File Inclusion

Popper contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to childwindow.inc.php not properly sanitizing user input supplied to the form variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17085

Gaim Malformed MSN Message DoS

gaim contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed MSN message, which causes the application to crash resulting in a loss of availability.. Read more at osvdb.org/17237

Cerberus Helpdesk configuration.php Path Disclosure

Cerberus Helpdesk contains a flaw that may lead to an unauthorized information disclosure. Өis flaw exists because the application does not validate user-supplied input upon submission to the 'configuration.php' script, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17230

Cerberus Helpdesk index.php errorcode Variable XSS

Cerberus Helpdesk contains a flaw that allows a remote cross site scripting attack. The flaw exists because the application does not validate the 'errorcode' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17231

Cerberus Helpdesk knowledgebase.php Path Disclosure

Cerberus Helpdesk contains a flaw that may lead to an unauthorized information disclosure. Өis flaw exists because the application does not validate user-supplied input upon submission to the 'knowledgebase.php' script, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17229

Vuln: IBM AIX Pstart Command Line Argument Local Buffer Overflow Vulnerability

IBM AIX Pstart Command Line Argument Local Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/13917

Vuln: IBM AIX Penable Command Line Argument Local Buffer Overflow Vulnerability

IBM AIX Penable Command Line Argument Local Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/13915

Vuln: IBM AIX Pdisable Command Line Argument Local Buffer Overflow Vulnerability

IBM AIX Pdisable Command Line Argument Local Buffer Overflow Vulnerability

. Read more at securityfocus.com/bid/13916

Vuln: Perl SuidPerl Multiple Local Vulnerabilities

Perl SuidPerl Multiple Local Vulnerabilities. Read more at securityfocus.com/bid/12426

osCommere HTTP Response Splitting

osCommere HTTP Response Splitting. Read more at securityfocus.com/archive/1/401936

Re:[ Suresec Advisories ] – Mac OS X 10.4 – launchd local root vulnerability

Re:[ Suresec Advisories ] – Mac OS X 10.4 – launchd local root vulnerability. Read more at securityfocus.com/archive/1/401937

Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces

Voice VLAN Access/Abuse Possible on Cisco voice-enabled, 802.1x-secured Interfaces

. Read more at securityfocus.com/archive/1/401938

[Full-disclosure] [USN-139-1] Gaim vulnerability

[Full-disclosure] [USN-139-1] Gaim vulnerability. Read more at securityfocus.com/archive/1/401939