Nucleus PLUGINADMIN.php GLOBALS[DIR_LIBS] Variable Remote File Inclusion

Network Security News – Saturday, June 03, 2006 Events

Nucleus PLUGINADMIN.php GLOBALS[DIR_LIBS] Variable Remote File Inclusion

Nucleus contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to PLUGINADMIN.php not properly sanitizing user input supplied to the "GLOBALS[DIR_LIBS]" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25749

Novell GroupWise grpWise.exe Cleartext Password Disclosure

Novell GroupWise contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the 'grpWise.exe' process stores the user's e-mail password in memory in clear text, which can be used by a local attacker to obtain a target user's e-mail password resulting in a loss of confidentiality.. Read more at osvdb.org/17470