Network Security News – Friday, August 18, 2006 Events
Fetchmail fetchmailconf Race Condition Password Disclosure
Fetchmail contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text passwords when the fetchmailconf utility is used to create a configuration. The utility writes the configuration file before restricting access to other users, which may lead to a loss of confidentiality.. Read more at osvdb.org/20267
Axis Network Camera Webserver DoS
An unspecified overflow exists in several Axis Communications Products (Camera, DVR and Video Server). These products contain an unspecified flaw in the authentication code module resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/4805
Axis Network Camera Webserver Message Log Disclosure
Axis Network Camera contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when getting the /support/messages on the target webserver, which will disclose the '/var/log/messages' system logfile which can contains sensitive information resulting in a loss of confidentiality.. Read more at osvdb.org/4806
Axis Network Camera Webserver File Overwrite
Axis Network Camera contains a flaw that may allow a malicious user to overwrite system files. The issue is triggered when using specially crafted parameters (especially 'buffername' and 'format' ) when calling the '/axis-cgi/buffer/command.cgi' script o the web interface. It is possible that the flaw may allow overwriting of system files resulting in a loss of integrity.. Read more at osvdb.org/4807
Axis Network Camera Webserver File Creation
Axis Network Camera contains a flaw that may allow a malicious user to create arbitrary files. The issue is triggered when calling the 'axis-cgi/buffer/command.cgi' with specific 'buffername' and 'format' parameters in the Web interface. It is possible that the flaw may allow creation of arbitrary files resulting in a loss of integrity.. Read more at osvdb.org/4808
Allegro RomPager Malformed Authentication Request DoS
Allegro RomPager contains a flaw that may allow a remote denial of service. The issue is triggered when using a long value in the 'Authenticate' HTTP header of a request, and will result in loss of availability for the service.. Read more at osvdb.org/1371
WebSTAR ShellExample.cgi Arbitrary Directory Browsing
WebSTAR contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when calling /cgi-bin/ShellExample.cgi with metacaracters like '*' after the directory name, which will disclose directory listing information resulting in a loss of confidentiality.. Read more at osvdb.org/7795
PowerPortal search.php search Variable XSS
PowerPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the search.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27958
PowerPortal index.php search Variable XSS
PowerPortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to index.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27957
Belkin Wireless Router Web Management Multiple Session Authentication Bypass
Belkin Wireless Router contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a legitimate administrator is logged in. During the session an attacker can browse and change the router configuration through the web interface. This flaw may lead to a loss of confidentiality.. Read more at osvdb.org/20877
Vuln: Trac Information Disclosure And Denial of Service Vulnerabilities
Trac Information Disclosure And Denial of Service Vulnerabilities. Read more at securityfocus.com/bid/18323
Leave a Reply