KDE Kate/KWrite Backup File Insecure Permission Information Disclosure

Network Security News – Thursday, July 21, 2005 Events

KDE Kate/KWrite Backup File Insecure Permission Information Disclosure

Kate/KWrite create a file backup before saving a modified file. These backup files are created with default permissions (as set by umask), even if the original file had more strict permissions set. Depending on system setup, relaxed permissions may make the backup file readable to users who would not have read permission to the original file. Kate/KWrite are network transparent, therefore this disclosure might not be limited to local users.. Read more at osvdb.org/18063

Adobe License Management Service Unspecified Privilege Escalation

Multiple Adobe products that utilize the Adobe License Management Service contains a flaw that may allow an attacker to run an arbtirary program with administrator privileges. No further details have been provided.. Read more at osvdb.org/17283

Clever Copy calendar.php yr Variable XSS

Clever Copy contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'yr' variable upon submission to the 'calendar.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17919

WatchGuard Firebox II FTP/SMTP Proxy DoS

WatchGuard Firebox II contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker floods the server with FTP or SMTP requests, disabling subsequent proxy handling.. Read more at osvdb.org/1648