Wind River WindWeb Integrated Web Server Malformed GET Request DoS

Network Security News – Wednesday, August 23, 2006 Events

Wind River WindWeb Integrated Web Server Malformed GET Request DoS

WindWeb Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when requesting a specially crafted URL with many directory traversal characters, and will result in loss of availability for the service.. Read more at osvdb.org/20447

planetGallery admin/gallery_admin.php Multiple Extension Arbitrary File Upload Code Execution

PlaNet concept planetGallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/gallery.php not properly sanitizing user input supplied to the _FILES['grafik']['name'][$i] variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27417

Mac OS X Xsan Filesystem Path Name Processing Overflow

A local overflow exists in Mac OS X. The included Xsan filesystem driver fails to validate path names resulting in a buffer overflow. With a specially crafted pathname, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/27994

cPanel dohtaccess.html dir Variable XSS

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dir' variable upon submission to dohtaccess.html. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28041

cPanel editit.html file Variable XSS

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' variable upon submission to editit.html. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28042

cPanel showfile.html file Variable XSS

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the file variable upon submission to showfile.html. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28043

FreeQboard history.php qb_path Variable Remote File Inclusion

FreeQboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the history.php script not properly sanitizing user input supplied to the 'qb_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28065

FreeQboard features.php qb_path Variable Remote File Inclusion

FreeQboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the features.php script not properly sanitizing user input supplied to the 'qb_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28064

FreeQboard contact.php qb_path Variable Remote File Inclusion

FreeQboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the contact.php script not properly sanitizing user input supplied to the 'qb_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28061

FreeQboard faq.php qb_path Variable Remote File Inclusion

FreeQboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the faq.php script not properly sanitizing user input supplied to the 'qb_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28063

Vuln: Blackboard Products Multiple HTML Injection Vulnerabilities

Blackboard Products Multiple HTML Injection Vulnerabilities. Read more at securityfocus.com/bid/19308

Vuln: Linux Kernel SCTP_Make_Abort_User Function Buffer Overflow Vulnerability

Linux Kernel SCTP_Make_Abort_User Function Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/19666

Vuln: Drupal Easylinks Module Unspecified Cross-Site Scripting Vulnerability

Drupal Easylinks Module Unspecified Cross-Site Scripting Vulnerability

. Read more at securityfocus.com/bid/19670

Vuln: JIRAN Cool Messenger SQL Injection Vulnerability

JIRAN Cool Messenger SQL Injection Vulnerability. Read more at securityfocus.com/bid/19669

Linux Kernel SCTP Privilege Elevation Vulnerability

Linux Kernel SCTP Privilege Elevation Vulnerability. Read more at securityfocus.com/archive/1/444066

Symantec Enterprise Security Manager Denial-of-Service Vulnerability

Symantec Enterprise Security Manager Denial-of-Service Vulnerability

. Read more at securityfocus.com/archive/1/444068

BlackBoard Multiple Vulnerabilities (XSS)

BlackBoard Multiple Vulnerabilities (XSS). Read more at securityfocus.com/archive/1/444062

Major updates in PowerPoint FAQ document – not a 0-day issue

Major updates in PowerPoint FAQ document – not a 0-day issue. Read more at securityfocus.com/archive/1/444051