Network Security News – Wednesday, February 22, 2006 Events
NJStar Word Processor Font Name Processing Overflow
A local overflow exists in NJStar Word Processor. The product fails to perform boundary checking when reading font names from NJStar document files (".njx"), resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23354
PHP-Nuke Your_Account Module Nickname Field SQL Injection
PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23259
BomberClone Error Message Remote Overflow
A remote overflow exists in BomberClone. BomberClone fails to perform a proper boundary check within the processing of error messages, resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/23263
Winamp m3u File Name Overflow
A remote overflow exists in Nullsoft Winamp. Winamp fails to perform a proper boundary check when processing a playlist (.m3u) with an overly long filename, resulting in a buffer overflow. With a specially crafted .m3u file, an attacker can cause execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/23265