Network Security News – Tuesday, June 27, 2006 Events
Windows SMB MrxSmbCscIoctlOpenForCopyChunk Function Overflow
A local overflow exists in Microsoft SMB. The function 'MrxSmbCscIoctlOpenForCopyChunk' fails to validate input when handling certain DeviceIoControl requests resulting in an overflow. With a specially crafted request, an attacker can execute arbitrary code with escalated privileges resulting in a loss of integrity.. Read more at osvdb.org/26440
TWiki Registration Crafted form Element Account Hijack
TWiki contains a flaw that may allow a malicious user to gain administrator privileges. The issue is caused due to an error in the registration process that can be exploited by changing the action attribute of the form element to the Sandbox web. It is possible that the flaw may allow a user to gain privileges of another user resulting in a loss of confidentiality.. Read more at osvdb.org/26623
Toshiba Bluetooth Stack for Windows TOSRFBD.SYS Remote Overflow DoS
Toshiba Bluetooth Stack for Windows contains a flaw that may allow a remote denial of service. The issue is caused due to an error within the TOSRFBD.SYS driver when handling L2CAP Echo Requests with a large payload, and will result in loss of availability for the system.. Read more at osvdb.org/26686
Simple File Manager fm.php msg Variable XSS
Simple File Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the fm.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26665
phpTRADER confirm_newad.php sectio Variable SQL Injection
phpTRADER contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the confirm_newad.php script not properly sanitizing user-supplied input to the 'sectio' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26706
Ad Manager Pro common.php ipath Variable Remote File Inclusion
Ad Manager Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to common.php not properly sanitizing user input supplied to the 'ipath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26674
Ad Manager Pro ad.php ipath Variable Remote File Inclusion
Ad Manager Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ad.php not properly sanitizing user input supplied to the 'ipath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26673
Particle Gallery viewimage.php imageid Variable SQL Injection
Particle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25953
Leave a Reply