Network Security News Monitor - Monday, May 15, 2006 Events
PHP Arena paCheckbook index.php Multiple Variable SQL Injection
psCheckbook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "transtype" and "entry" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
phpBB TopList toplist.php phpbb_root_path Variable Remote File Inclusion
TopList contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to toplist.php not properly sanitizing user input supplied to the 'phpbb_root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
TopList for phpBB list.php returnpath Variable Remote File Inclusion
TopList contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to list.php not properly sanitizing user input supplied to the 'returnpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
Winamp m3u/pls .wma Parsing Overflow
A remote overflow exists in WinAmp. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '*.m3u' and/or '*.pls' file and an ending filename having the '*.wma' extension, a remote attacker can cause arbitrary code execution or the application to crash resulting in a loss of integrity and/or availability.. Read more.
OpenPGP CFB Module Quick Check Feature Information Disclosure
OpenPGP protocol contains a flaw that may allow a malicious user to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed. The issue is triggered when handling a message that was encrypted using cipher feedback (CFB) mode. It is possible that the flaw may result in a loss of confidentiality.. Read more.
OpenPGP / PGP Secret Key Ring Modification Private Key Disclosure
OpenPGP protocol contains a flaw that may allow a malicious user to determine the private signature key. The issue is triggered when an attacker alters the encrypted private key file and captures a single message signed with the signature key. It is possible that the flaw may result in a loss of confidentiality and/or integrity.. Read more.
OzzyWork Galeri add.asp Arbitrary File Upload
OzzyWork contains a flaw that may allow a malicious user to upload arbitray files. The issue is caused by improper file extensions checks in add.asp. It is possible that the flaw may allow an attacker to upload and execute arbitrary ASP code resulting in a loss of integrity.. Read more.
OzzyWork Galeri admin_default.asp Multiple Field SQL Injection
OzzyWork Galeri contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin_default.asp script not properly sanitizing user-supplied input to the 'id' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Océ 3121/3122 Printer Web Server Overflow DoS
Océ contains a flaw that may allow a remote denial of service. The issue is triggered due to an error in the built-in webserver when handling an overly long user-supplied URL, and will result in loss of availability for the platform.. Read more.
OpenFAQ submit.php q Variable XSS
OpenFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the submit.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
