Network Security News Monitor - Thursday, March 09, 2006 Events

Owl Intranet Engine lib/OWL_API.php xrms_file_root Variable Remote File Inclusion

Owl Intranet Engine contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'lib/OWL_API.php' not properly sanitizing user input supplied to the 'xrms_file_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

RevilloC MailServer USER Command Remote Overflow

A remote overflow exists in MailServer. The software fails to check the boundaries of input submitted to the POP3 'USER' command, resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution, resulting in a loss of integrity.. Read more.