Network Security News – Saturday, July 15, 2006 Events
THoRCMS for phpBB functions_cms.php phpbb_root_path Variable Remote File Inclusion
THoRCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions_cms.php not properly sanitizing user input supplied to the 'phpbb_root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26937
CBSMS Mambo Module mod_cbsms_messages.php mosConfig_absolute_path Variable Remote File Inclusion
CBSMS Mambo module contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_cbsms_messages.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26862
phpSysInfo index.php lng Variable Traversal File Existence Enumeration
phpSysInfo contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'lng' variable and null terminated.. Read more at osvdb.org/27015
KDE Konqueror replaceChild() NULL Dereference
KDE contains a flaw that may allow a remote denial of service. The issue is triggered when a DOM element uses the document.replaceChild() method with the parameter set to zero. This will result in loss of availability for the KDE browser due to a NULL dereference.. Read more at osvdb.org/27058
Microsoft IE DXImageTransform.Microsoft.RevealTrans Transition Property NULL Dereference
Internet Explorer contains a flaw that may allow a local denial of service. The issue is triggered when setting the "Transition" property of an instance of the ActiveX object "DXImageTransform.Microsoft.RevealTrans.1." to 1. This will cause a NULL dereference and a loss of availability for the browser.. Read more at osvdb.org/27057
Multiple Vendor nn nn_exitmsg Function Remote Format String
A remote overflow exists in nm. The nm software fails to handle specific client error messages resulting in a format string vulnerability. With a specially crafted request, an attacker can cause the user to execute arbitrary commands on the system with the privileges of the nn process.. Read more at osvdb.org/27086
WebEx Downloader Plug-in ActiveX Unspecified Remote Code Execution
WebEx Downloader plug-in contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ActiveX control installed by WebEx not properly sanitizing user input supplied to the the "GpcUrlRoot" and "GpcIniFileName" variables. This may allow an attacker to include a DLL file from a remote host that contains arbitrary commands which will be executed by the vulnerable object under the security context of the user viewing the web
page.. Read more at osvdb.org/27040
WebEx Downloader Plug-in ActiveX/Java Source Subversion Arbitrary Program Execution
WebEx Downloader plug-in contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ActiveX control installed by WebEx not properly sanitizing user input supplied to the the "GpcUrlRoot" and "GpcIniFileName" variables. This may allow an attacker to include a DLL file from a remote host that contains arbitrary commands which will be executed by the vulnerable object under the security context of the user viewing the web
page.. Read more at osvdb.org/27039
Galleria for Mambo galleria.html.php mosConfig_absolute_path Variable Remote File Inclusion
Galleria for Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to galleria.html.php not properly sanitizing user input supplied to the mosConfig_absolute_path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27010
Cisco Wireless Control System (WCS) Internal Database Persistant Account Remote Access
By default, Wireless Control System installs with an unspecified hidden backdoor password. This allows attackers to trivially access the program or system.. Read more at osvdb.org/26884
Vuln: Linux Kernel PROC Filesystem Local Privilege Escalation Vulnerability
Linux Kernel PROC Filesystem Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/18992
Leave a Reply