Network Security News Monitor - Saturday, May 13, 2006 Events

Claroline postnuke.inc.php includePath Variable Remote File Inclusion

Claroline contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to claroline/auth/extauth/drivers/postnuke.inc.php not properly sanitizing user input supplied to the 'includePath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

IBM WebSphere Application Server HTTP Request Handlers Unspecified Exposure

IBM WebSphere Application Server contains a flaw related to its HTTP Request handlers that may allow an unspecified 'security/integrity exposure'. No further details have been provided.. Read more.

IBM WebSphere Application Server addNode.log Cleartext Credential Disclosure

IBM WebSphere Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is present because the 'addNode.log' may contain credentials in cleartext, resulting in a loss of confidentiality. No further information has been provided.. Read more.

IBM WebSphere Application Server Administrative Console Unspecified Issue

IBM WebSphere Application Server contains a flaw related to the Administrative Console. No further details have been provided.. Read more.

IBM WebSphere Application Server on Solaris Corrupt Token Authentication Bypass

IBM WebSphere Application Server on Solaris contains a flaw related to the handling of tokens that may allow an attacker to gain unauthorised access using a corrupt token, resulting in a loss of integrity. No further details have been provided.. Read more.

IBM WebSphere Application Server SOAP Port Unspecified Issue

IBM WebSphere Application Server contains a flaw related to the service's SOAP port. No further details have been provided.. Read more.

Linux Kernel die_if_kernel() Function Unspecified Return Issue

The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered because the 'die_if_kernel()' function is labeled with the 'noreturn' attribute. On Intel ia64 systems, this can lead to a kernel panic when user faults are caused, which will result in loss of availability for the platform.. Read more.