Network Security News – Tuesday, August 22, 2006 Events
Fetchmail Multidrop Mode Headerless Message Remote DoS
Fetchmail contains a flaw that may allow a remote denial of service. The issue is triggered when fetchmail is configured for multidrop mode and the upstream mail server sends a message without headers, and will result in a loss of availability for the application.. Read more at osvdb.org/21906
AOL Directory Permission Weakness Local Privilege Escalation
AOL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to default permissions that grants 'Everyone' group 'Full Control' to the 'America Online 9.0' directory. This flaw may lead to a loss of integrity.. Read more at osvdb.org/27995
Microsoft IE Cookie Disclosure/Modification
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when user accesses a specially crafted url, which will disclose cookies of arbitary domains resulting in a loss of confidentiality.. Read more at osvdb.org/1982
Microsoft IE Crafted WMF Header Size Arbitrary Code Execution
A remote overflow exists in Microsoft Internet Explorer. The Microsoft Internet Explorer fails to check integer bounds resulting in a integer overflow. With a specially crafted request, an attacker can cause corrupted heap memory resulting in a loss of integrity.. Read more at osvdb.org/22976
Microsoft IE Automatic MIME Detection Weakness
Microsoft Internet Explorer contains a flaw related to the its MIME type detection feature that may allow an attacker to trick a user to access of a file of different mime type. For example, a user could be tricked in opening a html file containing JavaScript, but thinks he is opening a jpg file.. Read more at osvdb.org/19024
Microsoft IE ActiveX Object Code Arbitrary Command Execution (Qhosts)
Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitary commands on a user's system. The issue is triggered when a user accesses a maliciously crafted HTML page. It is possible that the flaw may allow execution of arbitary commands resulting in a loss of confidentiality, integrity, and/or availability.. Read more at osvdb.org/7872
ZyXEL Prestige 660H-61 rpSysAdmin a Variable XSS
ZyXEL Prestige 660H-61 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'a' variable upon submission to Forms/rpSysAdmin. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27548
ZyXEL P-2000W_v2 VoIP Wi-Fi Phone UDP Port 9090 Information Disclosure
ZyXEL P-2000W_v2 VoIP Wi-Fi Phone contains a flaw that may lead to an unauthorized information disclosure. . undocumented service is running on UDP port 9090 and some information about the device could be obtained from it :
– Software/Firmware version
– MAC address
This will disclose information about the phone device resulting in a loss of confidentiality.. Read more at osvdb.org/22516
Icecast HTTP Header Processing Remote Overflow
A remote overflow exists in Icecast. Icecast fails to handle HTTP requests containing more than 32 headers resulting in the overwriting of the return address of the vulnerable function. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/10446
Novell NetWare volscgi.pl Sample Application Information Disclosure
Novell NetWare contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when requesting Perl/samples/volcgi.pl, which will disclose server information resulting in a loss of confidentiality.. Read more at osvdb.org/17465
Vuln: FreeType LWFN Files Buffer Overflow Vulnerability
FreeType LWFN Files Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18034
Vuln: Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability
Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability. Read more at securityfocus.com/bid/18308
Leave a Reply