Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

PostNuke RSS Module magpie_slashbox.php rss_url Variable XSS

Network Security News – Monday, June 06, 2005 Events

PostNuke RSS Module magpie_slashbox.php rss_url Variable XSS

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "rss_url" variable upon submission to the "magpie_slashbox.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16796

PostNuke Xanthia Module demo.php Multiple Variable XSS

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "skin" and "paletteid" variables upon submission to the "demo.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16790

OpenLDAP back-ldbm Backend DoS

OpenLDAP contains a flaw that may allow a remote denial of service. The issue is due to a failed password extended operation (password EXOP) causing OpenLDAP to free unallocated memory when using the back-ldbm backend. This can be used to launch a memory resource consumption attack resulting in loss of availability for the service.. Read more at osvdb.org/17000

SunOS newsyslog Syslog File Persistant Weak Permission

SunOS/Solaris contains a flaw that may allow a malicious user to gain access to unauthorized privileges or hide evidence of an attack. The issue is triggered when /usr/lib/newsyslog automatically creates /var/log/syslog mode 666 (world readable/writeable). By default, SunOS is configured to run newsyslog every day, causing the permissions to be reset even if fixed once. This flaw may lead to a loss of confidentiality or integrity.. Read more at osvdb.org/17052

SunOS /dev/tcp Malformed Data Local DoS

SunOS contains a flaw that may allow a local denial of service. The issue is triggered when arbitrary data is written to /dev/tcp causing a system reboot, and will result in loss of availability for the operating system.. Read more at osvdb.org/17050

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *