• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

OpenBSD Accept/Deny Rule Parsing Weakness

Network Security News – Wednesday, October 05, 2005 Events

OpenBSD Accept/Deny Rule Parsing Weakness

When OpenBSD is deployed on big endian byte ordered platforms (sparc64), it contains a flaw that may allow a malicious user to bypass httpd access module allow/deny rules. The issue is triggered when IP addresses are used without a netmask causing the rules to fail to match. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality.. Read more at osvdb.org/19837

Astaro Security Linux Proxy Invalid Request Information Disclosure

Astaro Security Linux Proxy contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending an invalid connection request to the proxy port, which will disclose login-credentials used internaly by the Content Filter Framework (Proxy-authorization: Basic LTpwcHBwCg==), resulting in a loss of confidentiality.. Read more at osvdb.org/19793

Astaro Security Linux Proxy index.fpl wfe_download Variable Traversal Arbitrary File Access

Astaro Security Linux Proxy contains a flaw that allows a remote attacker to access files on filesystem outside of the web path. The issue is due to the "index.fpl" not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "wfe_download" variable.. Read more at osvdb.org/19792

IceWarp Web Mail logout.html Traversal Arbitrary File/Directory Deletion

IceWarp Web Mail contains a flaw that allows a remote attacker to delete arbitrary files and directories. The issue is due to the 'logout.html' page not properly sanitizing user input supplied via the 'id' variable.. Read more at osvdb.org/19830

IceWarp Web Mail help.html Traversal Arbitrary File Access

IceWarp Web Mail contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'help.html' page not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'helpid' variable.. Read more at osvdb.org/19831

IceWarp Web Mail calendar_w.html createdataCX Variable XSS

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_w.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19828

IceWarp Web Mail calendar_m.html createdataCX Variable XSS

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_m.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19827

IceWarp Web Mail calendar_d.html createdataCX Variable XSS

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_d.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19826

IceWarp Web Mail bwlist_inc.html Direct Request Path Disclosure

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'bwlist_inc.html' page, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/19829

IceWarp Web Mail blank.html id Variable XSS

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'blank.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19825

Vuln: University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability

University Of Washington IMAP Mailbox Name Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15009

Vuln: Symantec Antivirus Web Service Administrative Interface Buffer Overflow Vulnerability

Symantec Antivirus Web Service Administrative Interface Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/15001

Vuln: Mozilla Suite And Firefox Multiple Script Manager Security Bypass Vulnerabilities

Mozilla Suite And Firefox Multiple Script Manager Security Bypass Vulnerabilities

. Read more at securityfocus.com/bid/13641

Vuln: Mozilla Suite And Firefox DOM Property Overrides Code Execution Vulnerability

Mozilla Suite And Firefox DOM Property Overrides Code Execution Vulnerability. Read more at securityfocus.com/bid/13645

A common researcher diagnosis error: misreading error messages

A common researcher diagnosis error: misreading error messages. Read more at securityfocus.com/archive/1/412450

[security bulletin] SSRT051041 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS)

[security bulletin] SSRT051041 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code or Denial of Service (DoS). Read more at securityfocus.com/archive/1/412415

[security bulletin] SSRT051040 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code

[security bulletin] SSRT051040 rev.0 – HP-UX Mozilla Remote Unauthorized Execution of Privileged Code

. Read more at securityfocus.com/archive/1/412451

[security bulletin] SSRT5940 rev.2 – HP-UX Mozilla remote, unauthorized user may execute privileged code

[security bulletin] SSRT5940 rev.2 – HP-UX Mozilla remote, unauthorized user may execute privileged code. Read more at securityfocus.com/archive/1/412452

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software