Network Security News Monitor - Wednesday, March 01, 2006 Events

PHP-Nuke Your_Account Module ublock Variable XSS

PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ublock' variable upon submission to the Your_Account Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Trillian AIM Plugin Null Message DoS

Trillian contains a flaw that may allow a remote denial of service. The issue is triggered when a blank AOL AIM message is received, and will result in loss of availability for the software.. Read more.

GA's Forum Light archive.asp Multiple Variable SQL Injection (Myth/Fake)

GA's Forum Light has been reported to contain an SQL injection issue in the archive.asp script. Subsequent testing by SecurityTracker after the vendor disputed the issue indicates the software uses flat files to store data, not a backend database. Therefore, the SQL injection report is incorrect and was likely diagnosed due to a vbscript parsing error.. Read more.

ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS

ArGoSoft Mail Server Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the Webmail application does not validate various e-mail headers (e.g. "subject" and "from") before being displayed by the "View Headers" functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

FreeBSD nfsd Malformed NFS Mount Request Remote DoS

FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed mount request is received, and will result in loss of availability for the platform.. Read more.