Network Security News – Saturday, August 12, 2006 Events
docpile:we lib/document.class.php INIT_PATH Variable Remote File Inclusion
docpile:we contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the lib/document.class.php script not properly sanitizing user input supplied to the 'INIT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27861
NEWSolved Lite newsticker/newsscript_get.php abs_path Variable Remote File Inclusion
NEWSolved contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to newsticker/newsscript_get.php not properly sanitizing user input supplied to the 'abs_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27837
PHP Simple Shop admin/adminglobal.php abs_path Variable Remote File Inclusion
PHP Simple Shop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /admin/adminglobal.php not properly sanitizing user input supplied to the 'abs_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27802
docpile:we lib/access.inc.php INIT_PATH Variable Remote File Inclusion
docpile:we contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the lib/access.inc.php script not properly sanitizing user input supplied to the 'INIT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27863
NEWSolved Lite newsscript_lyt.php abs_path Variable Remote File Inclusion
NEWSolved contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to newsscript_lyt.php not properly sanitizing user input supplied to the 'abs_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27836
NEWSolved Lite inc/output/news_theme3.php abs_path Variable Remote File Inclusion
NEWSolved contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/output/news_theme3.php not properly sanitizing user input supplied to the 'abs_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27840
NEWSolved Lite inc/output/news_theme2.php abs_path Variable Remote File Inclusion
NEWSolved contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/output/news_theme2.php not properly sanitizing user input supplied to the 'abs_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27839
NEWSolved Lite inc/output/news_theme1.php abs_path Variable Remote File Inclusion
NEWSolved contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/output/news_theme1.php not properly sanitizing user input supplied to the 'abs_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27838
docpile:we lib/templates.inc.php INIT_PATH Variable Remote File Inclusion
docpile:we contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the lib/templates.inc.php script not properly sanitizing user input supplied to the 'INIT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27866
docpile:we lib/init.inc.php INIT_PATH Variable Remote File Inclusion
docpile:we contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the lib/init.inc.php script not properly sanitizing user input supplied to the 'INIT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27865
Vuln: ScatterChat ECB Mode Cryptographic Module Weakness
ScatterChat ECB Mode Cryptographic Module Weakness. Read more at securityfocus.com/bid/19485
Vuln: SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities
SquirrelMail Compose.PHP Multiple Information Disclosure and Data Modification Vulnerabilities. Read more at securityfocus.com/bid/19486
Vuln: XChat Remote Denial of Service Vulnerability
XChat Remote Denial of Service Vulnerability
. Read more at securityfocus.com/bid/19398
Vuln: Invision Power Board Threaded View Information Disclosure Vulnerability
Invision Power Board Threaded View Information Disclosure Vulnerability. Read more at securityfocus.com/bid/19483
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory
Re: Re: Cisco VPN Concentrator IKE resource exhaustion DoS Advisory. Read more at securityfocus.com/archive/1/442971
rPSA-2006-0152-1 squirrelmail
rPSA-2006-0152-1 squirrelmail
. Read more at securityfocus.com/archive/1/442980
TSLSA-2006-0046 – multi
TSLSA-2006-0046 – multi. Read more at securityfocus.com/archive/1/442936
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released – fixes variableoverwriting attack
Re: [SM-ANNOUNCE] SquirrelMail 1.4.8 released – fixes variableoverwriting attack. Read more at securityfocus.com/archive/1/442995
Leave a Reply