Network Security News – Tuesday, June 06, 2006 Events
Cisco VPN Client Dialer Local Privilege Escalation
Cisco VPN Client for Windows contains an unspecified flaw related to the VPN Dialer that may allow a user to gain access to unauthorized privileges via privilege escalation. No further details have been provided.. Read more at osvdb.org/25888
phpListPro editsite.php returnpath Variable Remote File Inclusion
PhpListPro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to editsite.php not properly sanitizing user input supplied to the returnpath variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25904
IRIX lpstat -n Option Local Overflow
A local overflow exists in IRIX. The lpstat program fails to check bounds resulting in a buffer overflow. With a specially crafted request at the command line, an attacker may execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/1485
Mac OS X Xcode Tools WebObjects Plugin Project Manipulation
Mac OS X contains a flaw that may allow a malicious user to remotely access objects within a WebObjects project through the WebObjects plugin. The issue is triggered when the included version of Xcode Tools is used, which runs as a network service and allows outside network access. It is possible that the flaw may allow remote access to WebObjects projects resulting in a loss of integrity.. Read more at osvdb.org/25889
IRIX mv Arbitrary File/Directory Modification
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the mv command creates a directory with world writable permissions when it is used to move a directory. This flaw may lead to a loss of integrity.. Read more at osvdb.org/8580
IRIX inetd IPv6 Port Scan DoS
IRIX contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker port scans a system that uses inetd over IPv6, resulting in loss of availability for any services that are started by inetd.. Read more at osvdb.org/8585
IRISconsole icadmin Account Authentication Bypass
IRISconsole contains a flaw that may allow login to the "icadmin" account with the wrong password. It is possible that the flaw may allow a malicious attacker to gain administrative privileges over the IRISconsole environment resulting in a loss of integrity.. Read more at osvdb.org/5351
IRIX rpc.espd Remote Overflow
A remote overflow exists in IRIX. The Embedded Support Partner (ESP) subsystem daemon (rpc.espd) fails to check bounds resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands on the system with root privileges resulting in a loss of integrity.. Read more at osvdb.org/1822
Ottoman index.php default_path Variable Remote File Inclusion
Ottoman contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'default_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25916
Ottoman js.php default_path Variable Remote File Inclusion
Ottoman contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to js.php not properly sanitizing user input supplied to the 'default_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25920
Leave a Reply