0verkill recv_packet() Function UDP Handling Overflow DoS

Network Security News – Sunday, July 02, 2006 Events

0verkill recv_packet() Function UDP Handling Overflow DoS

0verkill contains a flaw that may allow a remote denial of service. The issue is triggered when an integer underflow error occurs in recv_packet() function, and will result in loss of availability for the 0verkill daemon. recv_packet() function is involved in handling the received UDP packets. The attacker can send a UDP packet smaller than 12 bytes to cause the underflow and crash the daemon process thereby causing Denial of Service.. Read more at osvdb.org/26029

Webmin / Usermin simplify_path() Failure Arbitrary File Disclosure

Webmin / Usermin contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified error occurs during URL handling by simplify_path() function, which will disclose files content information resulting in a loss of confidentiality.. Read more at osvdb.org/26772

Some Chess board.php gameID Variable SQL Injection

Some Chess contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the board.php script not properly sanitizing user-supplied input to the 'gameID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26784

SmartSiteCMS comment.php root Variable Remote File Inclusion

SmartSiteCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to comment.php not properly sanitizing user input supplied to the 'root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26748

SmartSiteCMS admin/test.php root Variable Remote File Inclusion

SmartSiteCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/test.php not properly sanitizing user input supplied to the 'root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26749

SmartSiteCMS admin/index.php root Variable Remote File Inclusion

SmartSiteCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/index.php not properly sanitizing user input supplied to the 'root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26750

SmartSiteCMS admin/include/inc_adminfoot.php root Variable Remote File Inclusion

SmartSiteCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/include/inc_adminfoot.php not properly sanitizing user input supplied to the 'root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26751

SmartSiteCMS admin/comedit.php root Variable Remote File Inclusion

SmartSiteCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/comedit.php not properly sanitizing user input supplied to the 'root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26752

Micro CMS microcms-include.php microcms_path Variable Remote File Inclusion

Micro CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to microcms-include.php not properly sanitizing user input supplied to the 'microcms_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/26677

MAILsweeper for SMTP/Exchange Malformed Reverse DNS Data DoS

MAILsweeper for SMTP/Exchange contains a flaw that may allow a remote denial of service. The issue is triggered when handling reverse DNS lookups when the 'Received' header in a message includes non-ASCII characters, and will result in loss of availability for the service.. Read more at osvdb.org/26738

Vuln: Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Vulnerability

Microsoft Windows TCP/IP Protocol Driver Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18374

Vuln: SturGeoN Upload Arbitrary File Upload Vulnerability

SturGeoN Upload Arbitrary File Upload Vulnerability. Read more at securityfocus.com/bid/18764

Vuln: Randshop Header.Inc.PHP Remote File Include Vulnerability

Randshop Header.Inc.PHP Remote File Include Vulnerability

. Read more at securityfocus.com/bid/18763

Vuln: deV!Lz Clanportal ID Parameter SQL Injection Vulnerability

deV!Lz Clanportal ID Parameter SQL Injection Vulnerability. Read more at securityfocus.com/bid/18762

SturGeoN Upload v1 Remote Command Execution Exploit

SturGeoN Upload v1 Remote Command Execution Exploit. Read more at securityfocus.com/archive/1/438876

Sql injection in Diesel joke site script

Sql injection in Diesel joke site script

. Read more at securityfocus.com/archive/1/438875

SmS Script SQL Injection

SmS Script SQL Injection. Read more at securityfocus.com/archive/1/438874

Internet Crna Gora SQL Injection

Internet Crna Gora SQL Injection. Read more at securityfocus.com/archive/1/438873