Network Security News Monitor - Saturday, March 18, 2006 Events

Drupal menu.module Menu Item Creation Page Restriction Bypass

Drupal contains a flaw that may lead to an unauthorized information disclosure. When "menu.module" is used to create a menu item, the referenced page will be accessible by everyone, bypassing the expected page restriction. This may allow admin pages to be accessed by a remote attacker, resulting in a loss of confidentiality.. Read more.

Drupal Email Crafted Header Spoofing

Drupal contains a flaw allows a malicious user to insert line feeds and carriage returns into outgoing email. This allows the attacker to insert bogus headers into outgoing email. This could lead to Drupal sites being used to send unwanted email.. Read more.

Macromedia ShockWave Player ActiveX Installer Overflow

A remote overflow exists in Shockwave Player ActiveX Installer. The product fails to perform boundary checks on two unspecified values when using CLSID 166B1BCA-3F9C-11CF-8075-444553540000 resulting in a stack-based buffer overflow. With a specially crafted request to a site hosting malicious shockwave content during the installation procedure, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

Drupal Multiple Unspecified XSS

Drupal contains a flaw that allows multiple unspecifies remote cross site scripting attacks. No further details have been provided.. Read more.

Clam Anti-Virus UPX File Processing Overflow

A remote overflow exists in ClamAV. The product fails to correctly perform a size allocation resulting in a heap overflow. With a specially crafted UPX file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more.

AIX mklvcopy Unspecified Local Issue

AIX contains a unspecified flaw related to the 'mklvcopy' command. No further details have been provided.. Read more.

Horde go.php url Variable Arbitrary File Access

Horde contains a flaw that may lead to an unauthorized information disclosure. The issue is due to go.php not properly sanitizing user input supplied to the 'url' variable. Embedding a NULL character within the 'url' variable enables an attacker to control the variable passed to readfile() function leading to the reading of any file on the file system with the privileges of the web server resulting in a loss of confidentiality.. Read more.