Network Security News Monitor - Friday, May 26, 2006 Events

Novell Client Login Field Clipboard Content Disclosure

Novell Client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the Novell client Login dialog box failure to restrict access to the contents of the clipboard when the system is "locked". It can be possible to disclose the text contents of the current user's clipboard by pasting it into the "User Name" field, or to change the clipboard's content by performing a copy from the "User Name" field information.. Read more.

Sugar Suite Multiple Script sugarEntry Global Variable Remote File Inclusion

Sugar Suite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts in the "modules" directory not properly sanitizing user input supplied to the "sugarEntry" gloabl variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

UBB.threads addpost_newpoll.php thispath Variable Remote File Inclusion

UBB.threads contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to addpost_newpoll.php not properly sanitizing user input supplied to the 'thispath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

phpListPro config.php Language Cookie Parameter Local File Inclusion

phpListPro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to config.php not properly sanitizing user input supplied to the "Language" cookie variable. This may allow an attacker to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

phpMyDirectory cron.php ROOT_PATH Variable Remote File Inclusion

phpMyDirectory contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cron.php not properly sanitizing user input supplied to the "ROOT_PATH" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

UseBB Member List Search SQL Injection

UseBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the the member list search not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

Stylish Text Ads tr1.php id Variable SQL Injection

Stylish Text Ads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the tr1.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.

UseBB Date Format XSS

UseBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables related to the user date format. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Stylish Text Ads advertise.php XSS

Stylish Text Ads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified variable upon submission to the advertise.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

singapore index.php image Variable XSS

Singapore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'image' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Vuln: Easy Software Products CUPS Access Control List Bypass Vulnerability

Easy Software Products CUPS Access Control List Bypass Vulnerability. Read more.