Clam AntiVirus FSG File Processing Overflow

Network Security News – Tuesday, July 26, 2005 Events

Clam AntiVirus FSG File Processing Overflow

A remote overflow exists in Clam AntiVirus. Clam AntiVirus fails to perform adequate boundary check in libclamav/fsg.c, resulting in a heap overflow. With a specially crafted request, an attacker can gain privileges equal to those of the Clam AntiVirus process, possibly allowing for a remote system compromise.. Read more at osvdb.org/18259

OpenBSD ip_ctloutput() Socket IPSec Credential DoS

OpenBSD contains a flaw that may allow a local denial of service. The issue is triggered when an attacker calls getsockopt() to retrieve the IPSEC credentials on an existing packet, and will result in loss of availability for the platform.. Read more at osvdb.org/17384

CaLogic cl_minical.php CLPATH Variable Remote File Inclusion

CaLogic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cl_minical.php not properly sanitizing user input supplied to the CLPATH variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18058

CaLogic clmcpreload.php CLPATH Variable Remote File Inclusion

CaLogic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to clmcpreload.php not properly sanitizing user input supplied to the CLPATH variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18059

CaLogic mcconfig.php CLPATH Variable Remote File Inclusion

CaLogic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mcconfig.php not properly sanitizing user input supplied to the CLPATH variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18060

CaLogic mcpi-demo.php CLPATH Variable Remote File Inclusion

CaLogic contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mcpi-demo.php not properly sanitizing user input supplied to the CLPATH variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/18061

Oracle Enterprise Manager CORE:SDK Unspecified Remote DoS

Oracle Enterprise Manager contains an unspecified flaw related to the CORE:SDK component that may allow a remote attacker to perform a denial of service. No further details have been provided.. Read more at osvdb.org/18053

Oracle Enterprise Manager Instance Management Unspecified Issue

Oracle Enterprise Manager contains an unspecified flaw related to the Instance Management component that may allow a remote attacker to compromise the integrity and/or confidentiality of a server. No further details have been provided.. Read more at osvdb.org/18052

Oracle iSQL*Plus HTTP Unspecified Trivial DoS

Oracle Database Server contains an unspecified flaw related to iSQL*Plus that may allow a remote denial of service via HTTP. No further details have been provided.. Read more at osvdb.org/18026

Oracle iSQL*Plus Unspecified Trivial Database Content Disclosure

Oracle Database Server contains an unspecified flaw related to iSQL*Plus that may lead to an unauthorized information disclosure resulting in a loss of confidentiality.. Read more at osvdb.org/18027

Vuln: Ares Fileshare Remote Buffer Overflow Vulnerability

Ares Fileshare Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/14377

Vuln: Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability

Microsoft Windows Unspecified USB Driver Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/14376

Vuln: PSToText Arbitrary Code Execution Vulnerability

PSToText Arbitrary Code Execution Vulnerability

. Read more at securityfocus.com/bid/14378

Vuln: NetPBM PSToPNM Arbitrary Code Execution Vulnerability

NetPBM PSToPNM Arbitrary Code Execution Vulnerability. Read more at securityfocus.com/bid/14379

[security bulletin] SSRT4884 rev.5 – HP-UX TCP/IP Remote Denial of Service (DoS)

[security bulletin] SSRT4884 rev.5 – HP-UX TCP/IP Remote Denial of Service (DoS). Read more at securityfocus.com/archive/1/406416

[security bulletin] SSRT5954 rev.5 – HP-UX TCP/IP Remote Denial of Service (DoS)

[security bulletin] SSRT5954 rev.5 – HP-UX TCP/IP Remote Denial of Service (DoS). Read more at securityfocus.com/archive/1/406413

[ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu library

[ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu library

. Read more at securityfocus.com/archive/1/406404

[ GLSA 200507-22 ] sandbox: Insecure temporary file handling

[ GLSA 200507-22 ] sandbox: Insecure temporary file handling. Read more at securityfocus.com/archive/1/406402