Network Security News – Tuesday, July 25, 2006 Events
Ji-takz Chat tag.class.php mycfg Variable Remote File Inclusion (Myth/Fake)
Ji-takz Chat has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the tag.class.php script not properly sanitizing user input supplied to the 'mycfg' variable. Subsequent evaluation by CVE staff indicates that an attacker has no avenue for manipulating data passed to the variable.. Read more at osvdb.org/27479
ISPConfig /lib/session.inc.php go_info[server][classes_root] Variable Remote File Inclusion (Myth/Fake)
ISPConfig has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the session.inc.php script not properly sanitizing user input supplied to the 'go_info' variable. The vendor has disputed this disclosure citing several reasons it can not be exploited including the requirement of a non-default PHP option as well as the script location after installation.. Read more at osvdb.org/25355
ISPConfig Multiple Script Remote File Inclusion (Myth/Fake)
ISPConfig has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the server.inc.php, app.inc.php, login.php and trylogin.php scripts not properly sanitizing user input supplied to the 'go_info' variable. The vendor has disputed this disclosure stating the researcher reviewed "the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared that resulted in your errors is created by the installer. ISPCOnfig is not a web application that is run in a normal PHP capable webspace, ISPConfig comes with its own apache webserver and PHP specially compiled and configured for the needs of ISPConfig that prevents the attacks you described.". Read more at osvdb.org/27474
CyBoards PHP Lite common.php script_path Variable Remote File Inclusion (Myth/Fake)
CyBoards PHP Lite has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the common.php script not properly sanitizing user input supplied to the 'script_path' variable. Subsequent evaluation by SecurityTracker indicates the "'/include/common.php' script includes the '/include/config.php' script and that the 'include/config.php' script defines the $script_path parameter to be a static path value". Thus, an attacker would not be able to control input to the variable making this a non-issue.. Read more at osvdb.org/26596
Ltwcalendar calendar.php ltw_config[include_dir] Variable Remote File Inclusion (Myth/Fake)
Ltwcalendar has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the calendar.php script not properly sanitizing user input supplied to the 'ltw_config[include_dir]' variable. However, subsequent testing by CVE staff have determined that "the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement.". Read more at osvdb.org/27452
Microsoft IE Meta Refresh Parsing Weakness (Myth/Fake)
Microsoft IE has been reported to contain a weakness in it's handling of META refresh tags. The original disclosure suggests this weakness may allow code injection in the 'goto' tag due to the way it interprets the content attribute. However, the filtering required for this type of issue is believed to be a responsibility of an application developer or webmaster, not that of the browser.. Read more at osvdb.org/19029
Phorum search.php page Variable SQL Injection (Myth/Fake)
Phorum has been reported to contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is supposedly due to the search.php script not properly sanitizing user-supplied input to the 'page' variable. The vendor has disputed this claim saying "If a non positive integer or non-integer is used for the page parameter for a search URL, the search query will use a negative number for the LIMIT clause. This causes the query to break, showing no results. It IS NOT however a sql injection error.". Read more at osvdb.org/27165
PHPAskIt Multiple Script Remote File Inclusion (Myth/Fake)
PHPAskIt has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the convertaa.php and convertwakqa.php scripts not properly sanitizing user input supplied to the 'qadir' and 'dir' variables respectively. Subsequent testing has revealed that such an attack can not take place. The vendor replies stating "The reason why a file inclusion cannot take place through the query string is because $qadir and $dir are defined within the script. Even with register_globals on, any instance of these variables declared as part of the query string (convertaa.php?qadir=[url to malicious script], for example) will be overwritten with the version in the script."
Additionally, PHPAskIt 2.0+ will not run if any of the import files are
left in place.. Read more at osvdb.org/27458
PunkBuster Screenshot Database Login Form Multiple Field SQL Injection (Myth/Fake)
PunkBuster has been repoted to contain a flaw allowing SQL injection attacks. The initial disclosure contains several discrepancies that suggest this is a fake advisory. Preliminary source code checks do not find mention of the variables mentioned, the vendor URL provided is for an add-on product and the e-mail address supposedly contacted is not referenced on the vendor page or distribution.. Read more at osvdb.org/18981
Simpleshout sboard.php config Variable Remote File Inclusion (Myth/Fake)
Simpleshout has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the sboard.php script not properly sanitizing user input supplied to the 'config' variable. However, subsequent evaluation by CVE staff has determined that the variable keeps a static value and presents no opportunity for an attacker to manipulate the input.. Read more at osvdb.org/27459
Vuln: Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities
Mozilla Firefox, SeaMonkey, Camino, and Thunderbird Multiple Remote Vulnerabilities. Read more at securityfocus.com/bid/18228
Leave a Reply