UHP for Mambo uhp_config.php mosConfig_absolute_path Variable Remote File Inclus

Network Security News – Monday, August 07, 2006 Events

UHP for Mambo uhp_config.php mosConfig_absolute_path Variable Remote File Inclusion

UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uhp_config.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27651

WordPress Multiple Unspecified Issues

WordPress contains a flaw related to some unspecified errors that can cause unknown impacts. No further details have been provided.. Read more at osvdb.org/27633

X-Statistics x-statistics.php User-Agent HTTP Header SQL Injection

X-Statistics contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the x-statistics.php script not properly sanitizing user-supplied input to the 'User-Agent' HTTP header. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/27636

Security Images for Joomla lang.php mosConfig_absolute_path Variable Remote File Inclusion

Security Images for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to lang.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27656

Security Images for Joomla server.php mosConfig_absolute_path Variable Remote File Inclusion

Security Images for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to server.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27658

Security Images for Joomla client.php mosConfig_absolute_path Variable Remote File Inclusion

Security Images for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to client.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27657

Microsoft IE Orphan Object Property Access NULL Dereference

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a NULL pointer is referenced by accessing the property of an object that is inside a deleted frame, and will result in loss of availability for the service.. Read more at osvdb.org/27533

Ajax Chat operator_chattranscript.php chatid Variable Traversal Arbitrary File Access

Ajax Chat contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to the operator_chattranscript.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'chatid' variable.. Read more at osvdb.org/27642

Ajax Chat chat.php userid Variable XSS

Ajax Chat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'userid' variable upon submission to the chat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/27643

Cisco Wireless Control System (WCS) TFTP Server Unspecified File Manipulation

Wireless Control System contains an unspecified flaw that may allow a malicious user to read and write arbitrary files if the path chosen for the root of the TFTP server contains a space. It is possible that the flaw may allow arbitrary file manipulation by a remote attacker resulting in a loss of integrity.. Read more at osvdb.org/26881

Vuln: DConnect Daemon DC Chat Denial of Service Vulnerability

DConnect Daemon DC Chat Denial of Service Vulnerability. Read more at securityfocus.com/bid/19370

Vuln: DConnect Daemon Listen Thread UDP Remote Buffer Overflow Vulnerability

DConnect Daemon Listen Thread UDP Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/19369

Vuln: Microsoft Internet Explorer IFrame Refresh Denial of Service Vulnerability

Microsoft Internet Explorer IFrame Refresh Denial of Service Vulnerability

. Read more at securityfocus.com/bid/19364

Vuln: Barracuda Networks Spam Firewall Multiple Vulnerabilities

Barracuda Networks Spam Firewall Multiple Vulnerabilities. Read more at securityfocus.com/bid/19276

MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure

MyBloggie <= 2.1.4 trackback.php SQL injection / admin credentials disclosure. Read more at securityfocus.com/archive/1/442323

[ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability

[ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability

. Read more at securityfocus.com/archive/1/442310

Tinyportal Shoutbox

Tinyportal Shoutbox. Read more at securityfocus.com/archive/1/442308

vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit

vBulletin 3.0.14 ~ init.php~ registerring global arbitary variable~ XSS exploit. Read more at securityfocus.com/archive/1/442306