Network Security News – Saturday, July 01, 2006 Events
UltimateGoogle index.php REQ Variable XSS
UltimateGoogle contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'REQ' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26757
Linux Kernel xt_sctp 0 Chunk Length Infinite Loop DoS
Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when a user sends data with a 0 chunk length value that the 'xt_sctp' code fails to check, resulting in loss of availability for the platform.. Read more at osvdb.org/26680
KDE KDM Login Sesson Type Symlink Arbitrary File Read
KDM contains a flaw that may allow a malicious local user to read any files on the system. The issue is due to the 'ReadDmrc()' function reading temporary files insecurely. It is possible for a user to use a symlink style attack to read arbitrary files, resulting in a loss of confidentiality.. Read more at osvdb.org/26511
Invision Power Board POST Request Hexadecimal HTML XSS
Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate POST data containing hexadecimal HTML entities. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26747
Azureus Tracker index.tmpl search Variable XSS
Azureus Tracker contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the index.tmpl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26768
Atlassian JIRA Enterprise Edition ConfigureReleaseNote.jspa XSS
Atlassian JIRA Enterprise Edition contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed via the URL upon submission to the ConfigureReleaseNote.jspa script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26744
Atlassian JIRA Enterprise Edition secure/ConfigureReleaseNote.jspa projectId Variable Path Disclosure
Atlassian JIRA Enterprise Edition contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker passes the string 'secure/ConfigureReleaseNote.jspa' in the URL, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/26745
IRIX System Manager sysmgr GUI Descriptor File Command Execution
IRIX contains a flaw that may allow a malicious attacker to obtain root privileges. The issue is triggered when an SGI user browsing web pages or reading email can inadvertently download a "trojan horse" runtask(1M) or runexec(1M) descriptor file. It is possible that the flaw may allow execution of a local System Manager Task with the privileges of the user web browsing. If the SGI user is the root user, this can lead to a local root compromise resulting in a loss of integrity.. Read more at osvdb.org/8556
Leave a Reply