Network Security News – Monday, September 11, 2006 Events
ViRobot Linux Server addschup Cookie Field Remote Overflow
A remote overflow exists in ViRobot Linux Server. ViRobot Linux Server fails to perform proper bounds checks in the setuid cgi-bin file 'addschup' when processing the received cookie resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution via inserting commands into the root users crontab file resulting in a loss of integrity.. Read more at osvdb.org/17320
MicroGuestBook index.php Multiple Field XSS
MicroGuestBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'comment' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/28677
iManage CMS whosOnline.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the whosOnline.php script not properly sanitizing user input supplied to the 'asolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28655
iManage CMS themes/simple.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the themes/simple.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28668
iManage CMS themes/purple.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the themes/purple.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28671
iManage CMS themes/portal.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the themes/portal.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28670
iManage CMS themes/default.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the themes/default.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28647
iManage CMS modules/mod_stats.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the modules/mod_stats.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28665
iManage CMS modules/mod_online.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the modules/mod_online.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28664
iManage CMS themes/original.php absolute_path Variable Remote File Inclusion
iManage CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the themes/original.php script not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28669
Leave a Reply