paFAQ backup.php Database Disclosure Privilege Escalation

Network Security News – Friday, July 01, 2005 Events

paFAQ backup.php Database Disclosure Privilege Escalation

paFaq contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly requests the backup.php script which does not require authentication. Using this script, they can download the entire paFaq database containing usernames and password hashes for all users. Once an attacker has the password hash for the administrative user, they can use it to authenticate against the system without decrypting it by setting their cookie to: Cookie: pafaq_user=USERNAMEHERE; pafaq_pass=PASSWORDHASH. Read more at osvdb.org/17566

VERITAS NetBackup Request Packet Handling Overflow DoS

NetBackup contains a flaw that may allow a remote denial of service. The issue is triggered when the application improperly handles specially crafted request packets resulting in a buffer overflow, and will result in loss of availability for the application.. Read more at osvdb.org/17455

Microsoft Windows Server Message Block (SMB) Remote Code Execution

A remote overflow exists in Windows. The Common Internet File System (CIFS) implementation fails to validate incoming Server Message Block (SMB) packets resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17308

Nortel Communication Server FTP CEL Command Remote DoS

Nortel Communication Server 1000 contains a flaw that may allow a remote denial of service. The issue is triggered when the FTP CEL command is given with a parameter at least 2048 characters long, and will result in loss of availability for the ftp service.. Read more at osvdb.org/17618