Network Security News Monitor - Tuesday, May 02, 2006 Events

ClamAV Freshclam HTTP Header Remote Overflow

A remote overflow exists in Freshclam. The 'freshclam' utility fails to check the length of HTTP headers resulting in a stack-based buffer overflow when a server responds with more than 8KB of header data. With a specially crafted server response, an attacker can cause denial of service or arbitrary code execution resulting in a loss of integrity or availability for the service.. Read more.

Clansys index.php page Variable Remote File Inclusion

Clansys contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

SunShop Shopping Cart index.php Multiple Variable XSS

SunSHop Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action', 'id', 'prevaction', 'previd', 'prevstart', and 'itemid' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

TextFileBB BBcode Multiple Tag XSS

TextFileBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '[color]', '[size]', and '[url]' BBcode upon submission to an unknown or unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Virtual War includes/functions_common.php vwar_root Variable Remote File Inclusion

Virtual War contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/functions_common.php not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Virtual War includes/functions_front.php vwar_root Variable Remote File Inclusion

Virtual War contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/functions_front.php not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Virtual War includes/get_header.php vwar_root Variable Remote File Inclusion

Virtual War contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to includes/get_header.php not properly sanitizing user input supplied to the 'vwar_root' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

WebCalendar functions.php includedir Variable Remote File Inclusion

WebCalendar contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions.php not properly sanitizing user input supplied to the 'includedir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.