HP Radia Notify Daemon Malformed File Extension Remote Overflow

Network Security News – Sunday, June 12, 2005 Events

HP Radia Notify Daemon Malformed File Extension Remote Overflow

A remote overflow exists in Radia Notify Daemon. The program fails to validate long filename extensions resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/16988

Siteframe siteframe.php LOCAL_PATH Variable Remote File Inclusion

Siteframe contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to siteframe.php not properly sanitizing user input supplied to the LOCAL_PATH variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/17246

FormularManager Unspecified Security Issues

FormularManager contains unspecified security problems. No further details have been provided.. Read more at osvdb.org/17177

YaMT Multiple Option Traversal Arbitrary File Overwrite

YaMT contains a flaw that allows an attacker to overwrite arbitrary files. The issue is due to the sort and rename options not properly sanitizing user input, renaming filenames to be set with characters that are interpreted by the shell such as "/../../filename".. Read more at osvdb.org/17250