Network Security

Network Security News Monitor - Saturday, May 06, 2006 Events

 

PHP Session Name Unspecified Character Weakness

PHP contains a flaw related to the use of unspecified unusual characters in session names. No further details have been provided.. Read more.

PHP Session Extension Heap Corruption Issue

PHP contains a flaw related to session extension that may allow an attacker to cause a heap corruption. No further details have been provided.. Read more.

PHP unset() Function Variable Persistence

PHP contains a flaw where variables will not have their data removed even after having been unset(). No further details have been provided.. Read more.

Albinator eshow.php Config_rootdir Variable Remote File Inclusion

Albinator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'eshow.php' script not properly sanitizing user input supplied to the 'Config_rootdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Quagga bgpd Telnet Interface Local DoS

Quagga contains a flaw that may allow a local denial of service. The issue is triggered when certain crafted input is passed to the 'sh ip bgp community' command, and will result in loss of availability for the platform by using all up CPU resources.. Read more.

Albinator eday.php Config_rootdir Variable Remote File Inclusion

Albinator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'eday.php' not properly sanitizing user input supplied to the 'Config_rootdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Albinator forgot.php Config_rootdir Variable Remote File Inclusion

Albinator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'forgot.php' script not properly sanitizing user input supplied to the 'Config_rootdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.

Albinator showpic.php preloadSlideShow Variable XSS

Albinator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'preloadSlideShow' variable upon submission to the 'showpic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Albinator dlisting.php cid Variable XSS

Albinator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'dlisting.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.