Kaillera Server Message Nickname Overflow

Network Security News – Wednesday, July 12, 2006 Events

Kaillera Server Message Nickname Overflow

A remote overflow exists in Kaillera Server 0.86. Kaillera Server fails to check correctly the length of nicknames in messages resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause Deny Of Service resulting in a loss of availability.. Read more at osvdb.org/27041

ATutor admin/fix_content.php submit Variable XSS

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'submit' variable upon submission to the /admin/fix_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27023

PHPMailList maillist.php email Variable XSS

PHPMailList contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the maillist.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27016

BLOG:CMS photo/thumb.php image Variable Arbitrary Image Upload

BLOG:CMS contains a flaw that may allow a malicious user to upload arbitrary files. The issue is due to the photo/thumb.php script not properly sanitizing user input supplied to the 'image' variable. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.. Read more at osvdb.org/27028

ATutor password_reminder.php forgot Variable XSS

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forgot' variable upon submission to the password_reminder.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27021

ATutor documentation/admin/index.php XSS

ATutor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user supplied input upon submission to the documentation/admin/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27020

Cisco Clean Access Secure Smart Manager /admin/uploadclient.jsp Authentication Bypass File Upload DoS

Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the uploadclient.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.. Read more at osvdb.org/21956

Cisco Clean Access Secure Smart Manager apply_firmware_action.jsp Authentication Bypass File Upload DoS

Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the apply_firmware_action.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.. Read more at osvdb.org/21957

Cisco Clean Access Secure Smart Manager file.jsp Authentication Bypass File Upload DoS

Clean Access Manager contains a flaw that may allow a remote denial of service. The issue is caused by the file.jsp script failing to require a username and password in order to upload files, and will result in loss of availability for the platform if an attacker chooses to fill the partition with files.. Read more at osvdb.org/21958

Microsoft IE DirectAnimation.DAUserData Data Property NULL Dereference

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a call to DirectAnimation.DAUserData with a NULL pointer is referenced by the 'Data' property, and will result in loss of availability for the browser.. Read more at osvdb.org/27013

Vuln: Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability

Linux Kernel PRCTL Core Dump Handling Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/18874

Vuln: Yukihiro Matsumoto Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities

Yukihiro Matsumoto Ruby Multiple SAFE Level Restriction Bypass Vulnerabilities. Read more at securityfocus.com/bid/18944

Vuln: Microsoft Windows Path Conversion Weakness

Microsoft Windows Path Conversion Weakness

. Read more at securityfocus.com/bid/17934

Vuln: Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution Vulnerability

Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution Vulnerability. Read more at securityfocus.com/bid/18905

ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability

ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability. Read more at securityfocus.com/archive/1/439786

TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability

TSRT-06-02: Microsoft SRV.SYS Mailslot Ring0 Memory Corruption Vulnerability

. Read more at securityfocus.com/archive/1/439773

CYBSEC – Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow

CYBSEC – Security Pre-Advisory: Microsoft Windows DHCP Client Service Remote Buffer Overflow. Read more at securityfocus.com/archive/1/439675

[ANNOUNCEMENT] Samba 3.0.1 – 3.0.22: memory exhaustion DoS against smbd

[ANNOUNCEMENT] Samba 3.0.1 – 3.0.22: memory exhaustion DoS against smbd. Read more at securityfocus.com/archive/1/439757