Network Security News – Tuesday, July 11, 2006 Events
Cisco Wireless Access Point Local User List Only Configuration Weakness Authentication Bypass
Cisco Wireless Access Point contains a flaw that may allow a malicious user to gain unauthorized administrative access. The issue is triggered when the 'Local User List Only' mode is turned on, which removes all security and password configurations. It is possible that the flaw may allow remote users to access the system resulting in a loss of confidentiality.. Read more at osvdb.org/26878
BLOG:CMS index.php URI SQL Injection
BLOG:CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user supplied input passed via the URL. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27027
Linux Kernel prctl Core Dumpe Handling Local Privilege Escalation
Linux Kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an error occurs during handling of core dumps by the 'prctl' function. This flaw may allow privilege escalation and lead to a loss of Integrity.. Read more at osvdb.org/27030
Gimp XCF Parsing xcf_load_vector() Function Overflow
A remote overflow exists in Gimp. The xcf_load_vector() function fails to handle XCF files with a large 'num_axes' value resulting in a buffer overflow. With a specially crafted XCF file, an attacker can execute remote arbitrary code or cause denial of service resulting in a loss of integrity or availability.. Read more at osvdb.org/27037
TTCalc mortgage.php Multiple Variable XSS
TTCalc contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' and 'currency' variables upon submission to the mortgage.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27036
TTCalc loan.php Multiple Variable XSS
TTCalc contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' and 'currency' variables upon submission to the loan.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27035
WinRAR Self-extracting Archive Comment Processing Overflow
A local overflow exists in WinRAR. WinRAR fails to process archive comment when extracting files resulting in a stack overflow. With a specially crafted file, an attacker can cause an application overflow resulting in a loss of integrity.. Read more at osvdb.org/27031
Leave a Reply