Knusperleicht Shoutbox index.php sb_include_path Variable Remote File Inclusion

Network Security News – Wednesday, August 09, 2006 Events

Knusperleicht Shoutbox index.php sb_include_path Variable Remote File Inclusion

Shoutbox contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'index.php' script not properly sanitizing user input supplied to the 'sb_include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27709

Symantec Brightmail AntiSpam DATABLOB-* Request Traversal Arbitrary File Write

Symantec Brightmail AntiSpam contains a flaw that may allow a malicious user to read or overwrite files. The issue is triggered when an attacker uses specially crafted filenames in a DATABLOB-GET or DATABLOB-SAVE request. By using directory traversal style attacks (../../), it is possible that an attacker could write a file to an arbitrary location.. Read more at osvdb.org/27590

Microsoft IE NDFXArtEffects Multiple Property Overflow

A remote overflow exists in Internet Explorer. Internet Explorer fails to handle a long value in the 'DXImageTransform.Microsoft.NDFXArtEffects.1' ActiveX object's 'RGBExtraColor', 'RGBForeColor' or 'RGBBackColor' properties resulting in a stack overflow. With a specially crafted web page, an attacker can cause a denial of service resulting in a loss of availability.. Read more at osvdb.org/27530

Microsoft IE ADODB.Recordset SysFreeString Invalid Length

Internet Explorer contains a flaw that may allow a local denial of service. The issue is triggered when opening a web page containing a script which calls the 'ADODB.Recordset' ActiveX object's 'NextRecordset' method several times with a long argument. This will result in an invalid memory access causing the browser to crash.. Read more at osvdb.org/27532

Microsoft IE Nested Objects Exception Handler Unspecified Memory Corruption

Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. This issue is caused by a memory corruption error within
the handling of certain "exceptional conditions". The error occurs in mshtml.dll when the browser encounters a set of nested OBJECT tags which triggers a NULL dereference.. Read more at osvdb.org/27475

Ruby alias Function Safe Level Security Bypass

Ruby contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an unspecified error in the handling of the "alias" functionality. No further details have been provided.. Read more at osvdb.org/27144

PowerArchiver DZIPS32.DLL Zip File Addition Overflow

A local overflow exists in PowerArchiver. PowerArchiver fails to add a file with a long filename into a ZIP archive resulting in a stack overflow. With a specially crafted archive containing a long filename, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability.. Read more at osvdb.org/27492

Security Images for Joomla configinsert.php mosConfig_absolute_path Variable Remote File Inclusion

Security Images for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the configinsert.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27655

Osiris Multiple Unspecified Remote Format String

Osiris contains a flaw that may allow a remote attacker to cause a denial of service and possibly execute arbitrary code. The issue is due to multiple format string bugs, possibly related to the logging functionality. No further details have been provided.. Read more at osvdb.org/27645

MyNewsGroups layersmenu.inc.php myng_root Variable Remote File Inclusion

MyNewsGroups contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /lib/tree/layersmenu.inc.php script not properly sanitizing user input supplied to the 'myng_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27666

Vuln: Cisco Internet Key Exchange Denial of Service Vulnerability

Cisco Internet Key Exchange Denial of Service Vulnerability. Read more at securityfocus.com/bid/19176

Vuln: LibWMF WMF File Handling Integer Overflow Vulnerability

LibWMF WMF File Handling Integer Overflow Vulnerability. Read more at securityfocus.com/bid/18751

Vuln: MIT Kerberos 5 Multiple Local Privilege Escalation Vulnerabilities

MIT Kerberos 5 Multiple Local Privilege Escalation Vulnerabilities

. Read more at securityfocus.com/bid/19427

Vuln: PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability

PHP SSCANF() Safe_Mode Restriction-Bypass Vulnerability. Read more at securityfocus.com/bid/19415

Re: Will Microsoft patch remarkable old Msjet40.dll issue?

Re: Will Microsoft patch remarkable old Msjet40.dll issue?. Read more at securityfocus.com/archive/1/442610

[ GLSA 200608-14 ] DUMB: Heap buffer overflow

[ GLSA 200608-14 ] DUMB: Heap buffer overflow

. Read more at securityfocus.com/archive/1/442590

Microsoft PowerPoint Malformed Record Memory Corruption

Microsoft PowerPoint Malformed Record Memory Corruption. Read more at securityfocus.com/archive/1/442592

ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability

ERRATA: [ GLSA 200608-08 ] GnuPG: Integer overflow vulnerability. Read more at securityfocus.com/archive/1/442621