Network Security News – Thursday, July 07, 2005 Events
Diebold Opti-scan Vote Program Manipulation
The firmware in the Diebold AccuVote-OS Optical Scan system contains a flaw that may allow a malicious user to manipulate vote data. This flaw occurs because the system does not do integrity checking on the memory card installed. It is possible for a person to remove and replace the memory card with their own, without impacting the system. Such an alternate card could contain modified voting data that would be processed by the system, appearing as legitimate votes.. Read more at osvdb.org/17203
Diebold Opti-scan Vote Data Manipulation
The firmware in the Diebold AccuVote-OS Optical Scan system contains a flaw that may allow a malicious user to manipulate vote data. This flaw occurs because the system does not do integrity checking on the memory card installed. It is possible for a person to remove and replace the memory card with their own, without impacting the system. Such an alternate card could contain modified voting software that could impact the election being recorded.. Read more at osvdb.org/17202
QuickBlogger Comment sys.php Multiple Variable Arbitrary Script Insertion
QuickBlogger contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'b_sp' and 'name' variables upon submission to the sys.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17751
Gossamer Threads Links add.cgi Multiple Field Arbitrary Script Insertion
Gossamer Links contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the add.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17743
Gossamer Threads Links user.cgi Email Field Arbitrary Script Insertion
Gossamer Links contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email' variable upon submission to the user.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17742
Adobe Acrobat Reader UnixAppOpenFilePerform() Function /Filespec Tag Processing Overflow
A remote overflow exists in Adobe Acrobat Reader for Unix. The program fails to handle the processing of a document which contains a malformed /Filespec tag, resulting in a stack based buffer overflow. With a specially crafted PDF file, an attacker can cause arbitrary code execution under the privileges of the local user resulting in a loss of integrity.. Read more at osvdb.org/17740
Jinzora Unspecified Security Issues
Jinzora contains unspecified security problems. No further details have been provided.. Read more at osvdb.org/17736
Yahoo! 360¦ User Status Disclosure
Yahoo! 360¦ contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a Yahoo! Messenger or Yahoo! Profiles user has chosen to have their on-line status hidden. The Yahoo! 360¦ service does not honor these settings, and displays their on-line status to other Yahoo! 360¦ users which will disclose status information resulting in a loss of confidentiality.. Read more at osvdb.org/17729
Leave a Reply