Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation

Network Security News – Friday, June 17, 2005 Events

Microsoft ISA Server NetBIOS Predefined Filter Privilege Escalation

Microsoft ISA Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the NetBIOS (all) predefined packet filter allows remote attackers to connect to services utilizing the NetBIOS protocol. This flaw may lead to a loss of confidentiality or integrity.. Read more at osvdb.org/17312

Gaim Yahoo! Module non-ASCII Filename DoS

GAIM Yahoo! module contains a flaw that may allow a remote denial of service. The issue is triggered when the Yahoo module attempts to process a non-ASCII filename during a file transfer, and will result in loss of availability for the client.. Read more at osvdb.org/17236

Singapore index.php $_GET Variable XSS

singapore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate '$_GET' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17338

Singapore Multiple Default Template Path Disclosure

singapore contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when requesting multiple default template files directly, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17337

Singapore /admin_default/ Multiple Scripts Path Disclosure

singapore contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when requesting multiple scripts in the /admin_default/ directory directly, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17336

Singapore admin.class.php Path Disclosure

singapore contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when requesting the 'admin.class.php' script directly, which will reveal the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/17335

Java Web Start Untrusted Application Privilege Escalation

Java 2 Platform Standard Edition (J2SE) contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an unspecified flaw in Java Web Start, which may allow an untrusted application to grant itself permissions to arbitrary read and write files and/or execute arbitrary applications resulting in a loss of integrty.. Read more at osvdb.org/17299

Java Runtime Environment Untrusted Applet Privilege Escalation

Java 2 Platform Standard Edition (J2SE) contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an unspecified flaw, which may allow an untrusted applet to grant itself permissions to arbitrary read and write files and/or execute arbitrary applications resulting in a loss of integrty.. Read more at osvdb.org/17340