Network Security News – Saturday, August 27, 2005 Events
CaLogic Path Disclosure cl_minical.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the cl_minical.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18995
CaLogic Path Disclosure defcalsel.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the defcalsel.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18994
CaLogic Path Disclosure doclsqlbak.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the doclsqlbak.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18993
CaLogic Path Disclosure mcconfig.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the mcconfig.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18992
CaLogic Path Disclosure viewhistlog.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the viewhistlog.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18991
CaLogic Path Disclosure clmcpreload.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the clmcpreload.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18990
CaLogic Path Disclosure doclsqlres.php Direct Request Path Disclosure
CaLogic contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the doclsqlres.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/18989
Coppermine Photo Gallery EXIF Data XSS
Coppermine Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly sanitize 'exif' and 'iptc' variables containing EXIF Data upon submission to the displayimage.php script. This could allow a user to create a specially crafted image that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18918
Linux ifenslave Local Overflow
A local overflow exists in Linux ifenslave. The utility fails to validate the length of command line options resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code with root privileges resulting in a loss of integrity.. Read more at osvdb.org/18965
Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
Microsoft IIS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a URL is supplied spoofing the server name in the http GET request. Server scripts that allow elevated privileges when accessed locally may be fooled into thinking a remote request is from a local user. This flaw may lead to a loss of confidentiality or integrity.. Read more at osvdb.org/18926
Vuln: PhotoPost Script Injection Vulnerability
PhotoPost Script Injection Vulnerability. Read more at securityfocus.com/bid/14671
Vuln: Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability
Nokia Affix BTSRV Device Name Remote Command Execution Vulnerability. Read more at securityfocus.com/bid/14672
Leave a Reply