Network Security News – Wednesday, September 28, 2005 Events
Polipo Cached Password-Protected Object Disclosure
Polipo contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when password-protected objects are cached and returned to unauthorized clients, which may allow a remote attacker to disclose sensitive information resulting in a loss of confidentiality.. Read more at osvdb.org/19691
Polipo dns.c dnsDecodeReply() Function Overflow
A remote overflow exists in Polipo. The 'dnsDecodeReply()' function in 'dns.c' fails to perform proper bounds checking resulting in a buffer overflow, which may allow a remote attacker to execute arbitrary code. No further details have been provided.. Read more at osvdb.org/19692
Polipo on C89 Systems snnprintf() Function Overflow
A remote overflow exists in Polipo when running on C89 systems. The 'snnprintf()' function fails to perform proper bounds checking resulting in a buffer overflow, which may allow a remote attacker to execute arbitrary code. No further details have been provided.. Read more at osvdb.org/19690
Polipo Unspecified Traversal Arbitrary File Access
Polipo contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. No further details have been provided.. Read more at osvdb.org/19693
Polipo Server Side Pipelining Overflow
A remote overflow exists in Polipo. An unspecified function, responsible for the pipelining feature fails to perform proper bounds checking resulting in a buffer overflow, which may allow a remote attacker to execute arbitrary code. No further details have been provided.. Read more at osvdb.org/19689
phpMyFAQ index.php LANGCODE Variable Traversal Arbitrary File Access
phpMyFAQ contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'LANGCODE' variable.. Read more at osvdb.org/19669
phpMyFAQ password.php user Field SQL Injection
phpMyFAQ contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password.php script not properly sanitizing user-supplied input to the user: field. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19666
phpMyFAQ footer.php PMF_CONF[version] Variable XSS
phpMyFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'PMF_CONF[version]' variable upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19667
phpMyFAQ User Agent Field Arbitrary PHP Code Execution
phpMyFAQ contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered when an attacker sends a crafted User Agent field with PHP code. Once injected, subsequent commands to a script such as index.php can be called to execute arbitrary commands.. Read more at osvdb.org/19672
phpMyFAQ Remote Log Access Information Disclosure
phpMyFAQ contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests a log file from the /data/ directory occurs, which will disclose user information and other log entries resulting in a loss of confidentiality. This attack requires the attacker to supply a file name based on the date.. Read more at osvdb.org/19670
Leave a Reply