Links Manager add_url.php Multiple Variable XSS

Network Security News – Saturday, August 26, 2006 Events

Links Manager add_url.php Multiple Variable XSS

Links Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the title, description, or keywords variables upon submission to the add_url.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28067

Symantec Enterprise Security Manager Crafted ESM Agent Request DoS

Enterprise Security Manager contains a flaw that may allow a remote denial of service. The issue is triggered due to a race condition when processing specially crafted request sent to the manager server to simulate an ESM agent, and will result in loss of availability for the service.. Read more at osvdb.org/28108

SSH Tectia Management Agent sshd Restart Local Privilege Escalation

SSH Communications Security SSH Tectia Manager contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the legitimate sshd process has stopped, and a malicious user runs a separate program named sshd. When "Restart" is selected in the management server, the illegitimate sshd process is discovered via a process listing, and the binary is restarted with root privileges, leading to a loss of integrity.. Read more at osvdb.org/28159

WebSense Crafted URL Uncategorized Filter Bypass

WebSense contains a flaw that may allow a malicious user to bypass URL filtering policies. The issue is triggered when appending a '/?' to the end of a URL which is part of the 'uncategorized' WebSense category, and will allow the user to bypass any restrictions set on 'uncategorized' websites, resulting in a loss of integrity.. Read more at osvdb.org/25211

WebTrends Reporting Center get_od_toc.pl Path Disclosure

WebTrends Reporting Center contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when calling the get_od_toc.pl script with an empty 'Profile' argument, which will display an error message disclosing real server path information resulting in a loss of confidentiality.. Read more at osvdb.org/10447

indexcity add_url2.php url Variable XSS

IndexCity contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the add_url2.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28070

indexcity list.php cate_id Variable SQL Injection

IndexCity contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the list.php script not properly sanitizing user-supplied input to the 'cate_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/28069

Jetbox CMS Admin Section Site Statistics Page URL XSS

Jetbox CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URL upon submission to the "Site statistics" page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27713

Jetbox CMS admin/cms/index.php login Variable XSS

Jetbox CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'login' variable upon submission to the admin/cms/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27712

Jetbox CMS Search query_string Form Field XSS

Jetbox CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query_string' variable upon submission to the serach engine script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27714

Vuln: Wireshark Multiple Vulnerabilities

Wireshark Multiple Vulnerabilities. Read more at securityfocus.com/bid/19690

Vuln: Xine-Lib HTTP Response Buffer Overflow Vulnerability

Xine-Lib HTTP Response Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/18187

Vuln: OpenBSD Semaphore Allocation Denial Of Service Vulnerability

OpenBSD Semaphore Allocation Denial Of Service Vulnerability

. Read more at securityfocus.com/bid/19713

Vuln: ISC Memory.C DHCP Server Denial Of Service Vulnerability

ISC Memory.C DHCP Server Denial Of Service Vulnerability. Read more at securityfocus.com/bid/19348

CuteNews 1.3.* Remote File Include Vulnerability

CuteNews 1.3.* Remote File Include Vulnerability. Read more at securityfocus.com/archive/1/444385

[ MDKSA-2006:151 ] – Updated kernel packages fix multiple vulnerabilities

[ MDKSA-2006:151 ] – Updated kernel packages fix multiple vulnerabilities

. Read more at securityfocus.com/archive/1/444377

[ MDKSA-2006:150 ] – Updated kernel packages fix multiple vulnerabilities

[ MDKSA-2006:150 ] – Updated kernel packages fix multiple vulnerabilities. Read more at securityfocus.com/archive/1/444354

Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities

Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities. Read more at securityfocus.com/archive/1/444321