NanoBlogger Unspecified Plugins Arbitrary Command Execution

Network Security News – Wednesday, June 22, 2005 Events

NanoBlogger Unspecified Plugins Arbitrary Command Execution

NanoBlogger contains a unspecified flaw related to an error in some plugins that may allow an attacker to inject arbitrary shell commands. No further details have been provided.. Read more at osvdb.org/17392

NanoBlogger Unspecified Traversal Arbitrary Weblog Directory Creation

NanoBlogger contains a flaw that could allow a remote attacker to create directiories outside of the weblog path. No further details have been provided.. Read more at osvdb.org/17393

Solaris snmpXdmid Long Indication Event Overflow

A remote overflow exists in the snmpXdmid binary shipped with Solaris. The snmpXdmid binary fails to check the length of an incoming buffer resulting in a stack overflow. With a specially crafted request, an attacker can obtain remote root access resulting in a loss of integrity.. Read more at osvdb.org/546

Vipul's Razor-agents Crafted HTML Pre-processing DoS

Vipul's Razor-agents contains a flaw that may allow a remote denial of service. The issue is triggered when certain unspecified malformed HTML emails are processed, and will result in loss of availability for the service.. Read more at osvdb.org/17390

Microsoft Exchange Outlook Web Access HTML Email XSS

Exchange Outlook Web Access contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the IMG SRC tag contained in HTML emails. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17307