Network Security News – Wednesday, September 21, 2005 Events
Avi Alkalay contribute.cgi/contribute.pl template Variable Arbitrary File Retrieval
Celular contribute.cgi or contribute.pl scripts contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the contribute.pl or contribute.cgi script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the template variable.0 It's possible that multiple files can be read via the contribdir variable.. Read more at osvdb.org/19522
Avi Alkalay nslookup.cgi query Variable Arbitrary Command Execution
nslookup.cgi contains a flaw that may allow a malicious user to execute arbitrary commands on the server. The issue is triggered when a semi-colon is entered into the 'query' variable as a seperator for arbitrary commands.. Read more at osvdb.org/19520
Avi Alkalay notify from Variable Arbitrary Command Execution
notify contains a flaw that may allow a malicious user to execute arbitrary commands on the server. The issue is triggered when a semi-colon is entered into the 'from' variable as a seperator for arbitrary commands.. Read more at osvdb.org/19521
Avi Alkalay man-cgi topic Variable Arbitrary Command Execution
man-cgi contains a flaw that may allow a malicious user to execute arbitrary commands on the server. The issue is triggered when a semi-colon is entered into the 'topic' variable. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.. Read more at osvdb.org/19519
Eric3 Unspecified Security Issue
Eric Integrated Development Environment(Eric3) contains an unspecified flaw. No further details have been provided.. Read more at osvdb.org/19485
phpCommunityCalendar event.php Multiple Variable XSS
phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'font', 'CeTi', 'Contact', 'Description' and 'ShowAddress' variables upon submission to the 'event.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19359
phpCommunityCalendar day.php Multiple Variable XSS
phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'font' and 'LocationID' variables upon submission to the 'day.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19358
phpCommunityCalendar calYearlyP.php font Variable XSS
phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calYearlyP.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19367
phpCommunityCalendar calYearly.php font Variable XSS
phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calYearly.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19366
phpCommunityCalendar calWeeklyP.php font Variable XSS
phpCommunityCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'font' variable upon submission to the 'calWeeklyP.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19363
Vuln: Bacula Insecure Temporary File Creation Vulnerabilities
Bacula Insecure Temporary File Creation Vulnerabilities. Read more at securityfocus.com/bid/14881
Vuln: Webmin / Usermin Remote PAM Authentication Bypass Vulnerability
Webmin / Usermin Remote PAM Authentication Bypass Vulnerability. Read more at securityfocus.com/bid/14889
Vuln: SLocate Local Database Corruption Vulnerability
SLocate Local Database Corruption Vulnerability
. Read more at securityfocus.com/bid/14640
Leave a Reply