Network Security News – Thursday, July 20, 2006 Events
Lazarus Guestbook picture.php img Variable XSS
Lazarus Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'img' variable upon submission to the picture.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27090
Lazarus Guestbook codes-english.php show Variable XSS
Lazarus Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'show' variable upon submission to the codes-english.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27089
Juniper Networks DX System Web Admin Log Script XSS
The Web Admin Log Script of Juniper's DX Application Acceleration Platform contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input submitted to the 'username' field upon submission to the login function. Values are stored unchecked in the application's log files. This could allow a user to create a specially crafted log file entriy that would execute arbitrary code in a administrator's browser within the trust relationship between the browser and the server when looking at the log files, leading to a loss of integrity.. Read more at osvdb.org/27131
Fujitsu ServerView Unspecified XSS
ServerView contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27105
HiveMail search.results.php fields[] Variable SQL Injection
HiveMail contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.results.php script not properly sanitizing user-supplied input to the 'fields[]' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27099
HiveMail search.results.php Multiple Variable Path Disclosure
HiveMail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker defines the "searchdate" and "folderids" variables in the search.results.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/27104
HiveMail read.markas.php markas Variable XSS
HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'markas' variable upon submission to the read.markas.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27103
HiveMail index.php daysprune Variable XSS
HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'daysprune' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27101
HiveMail compose.email.php data[to] Variable XSS
HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'date[to]' variable upon submission to the compose.email.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27102
HiveMail addressbook.view.php Multiple Variable XSS
HiveMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "email", "cond", and "name" variables upon submission to the addressbook.view.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27100
Vuln: Oracle July 2006 Security Update Multiple Vulnerabilities
Oracle July 2006 Security Update Multiple Vulnerabilities. Read more at securityfocus.com/bid/19054
Vuln: Retired: Cisco Security Monitoring Analysis and Response System Multiple Vulnerabilities
Retired: Cisco Security Monitoring Analysis and Response System Multiple Vulnerabilities. Read more at securityfocus.com/bid/19071
Vuln: Noweb Insecure Temporary File Creation Vulnerability
Noweb Insecure Temporary File Creation Vulnerability
. Read more at securityfocus.com/bid/16610
Vuln: OSDate Multiple HTML Injection Vulnerabilities
OSDate Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/19034
Re: imageVue16.1 upload vulnerability
Re: imageVue16.1 upload vulnerability. Read more at securityfocus.com/archive/1/440586
rPSA-2006-0133-1 libpng
rPSA-2006-0133-1 libpng
. Read more at securityfocus.com/archive/1/440594
[ GLSA 200607-06 ] libpng: Buffer overflow
[ GLSA 200607-06 ] libpng: Buffer overflow. Read more at securityfocus.com/archive/1/440585
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Security Monitoring, Analysis and Response System (CS-MARS). Read more at securityfocus.com/archive/1/440580
Leave a Reply