• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

phpBB GPC Variable Set register_globals Bypass

Network Security News – Thursday, November 03, 2005 Events

phpBB GPC Variable Set register_globals Bypass

phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code. The issue is triggered due to an error where global variables defined by the user are not properly unset. It is possible that the flaw may allow cross site scripting and SQL injection attacks, and/or execution of arbitrary PHP code resulting in a loss of integrity.. Read more at osvdb.org/20386

phpBB Crafted HTTP_SESSION_VARS Variable register_globals Bypass

phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The flaw exists because the application starts not knowing the values of the $_SESSION or $HTTP_SESSION_VARS variables. It is possible a user can supply arbitrary values to these variables which will cause the register_globals setting to be ignored, allowing for cross-site scripting or SQL injection attacks.. Read more at osvdb.org/20413

phpBB register_long_array register_globals Bypass

phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The issue is triggered when the 'register_long_array' option is turned off making PHP not able to verify user-supplied input to the HTTP_* variables. It is possible that the flaw may result in cross site scripting and SQL injection attacks due to the lack of the register_globals function being honored.. Read more at osvdb.org/20414

Mac OS X Keychain Access Password Exposure

Mac OS X contains a flaw that may lead to an unauthorized password exposure. The issue is due to the way the Keychain Access utility handles automatic password display timeouts. When a keychain automatically locks due to a timeout while viewing a stored password, the password will remain visible afterwords. It is possible to gain access to plaintext passwords when viewing a keychain resulting in a loss of confidentiality.. Read more at osvdb.org/20430

OpenBSD vi.recover Arbitrary Zero-byte File Deletion

OpenBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses an unspecified vulnerability in the /usr/libexec/vi.recover script to delete zero-byte files, such as device nodes. This flaw may lead to a loss of integrity.. Read more at osvdb.org/19104

Mac OS X Unspecified Kernel Issue

Mac OS X contains a flaw related to certain kernel interfaces that may allow a malicious user to disclose sensitive information in uninitialized memory. No further details have been provided.. Read more at osvdb.org/20431

OpenBSD uipc System Calls Null Dereference Local DoS

OpenBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious attacker causes the sys_pipe() function to encounter a certain file descriptor error. This will cause sys_pipe() to dereference the user mode retval value instead of the rval kernel mode value. As retval is NULL, this will result in loss of availability for the platform.. Read more at osvdb.org/20354

Mac OS X memberd Membership Modification Delay Access Restriction Bypass

Mac OS X Server contains a flaw that may allow a malicious user to bypass access restrictions. The problem is that the membership daemon (memberd) does not immediately reflect access control changes, which may allow a malicious user to gain access to files and other resources resulting in a loss of confidentiality.. Read more at osvdb.org/20429

Mac OS X Software Update Security Patch Failure

Mac OS X contains a flaw that may allow a malicious user to bypass security patches. The issue is triggered due to the way the Software Update application handles ignored updates, which may allow a malicious user to bypass important security patches by marking all applicable updates as ignored and leave the system in an insecure state resulting in a loss of integrity.. Read more at osvdb.org/20428

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software