• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

LibVC (vCard) count_vcards() Function Local Overflow

Network Security News – Tuesday, March 21, 2006 Events

LibVC (vCard) count_vcards() Function Local Overflow

An overflow exists in LibVC. LibVC fails to validate that the size of a string fscanf'd into the local 'buf' is smaller than 256 bytes resulting in a stack overflow. With a specially crafted vCard, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23985

vCard PRO create.php Multiple Variable XSS

vCard PRO contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'card_id', 'uploaded', 'card_fontsize', and 'card_color' variables upon submission to the create.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23838

Ubuntu Installer Log File Cleartext Password Disclosure

The Ubunto installer contains a flaw that may lead to an unauthorized password exposure. The installer log files fail to sanitize passwords used during the installation. The installer log files are world-readable, thus any local user can see the password of the first user account, which has full sudo privileges by default, thus leading to a loss of confidentiality.. Read more at osvdb.org/23868

Zeroboard Session IP Security Bypass XSS

ZeroBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate memo subject, user email address, and the homepage field upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23847

Sendmail DECODE Alias Arbitrary File Overwrite

Sendmail contains a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due tot he program allowing remote access to the 'decode' alias. By sending a crafted email to the alias, the sendmail program would write user-supplied content to an arbitrary file as well as set custom permissions.. Read more at osvdb.org/196

Sendmail debug Arbitrary Command Execution

Sendmail contains a flaw that may allow a remote attacker to execute commands without authentication. The issue is triggered when an attacker connects to the SMTP service (port 25), and issues the 'debug' command. If enable, this may allow an attacker to pipe arbitrary commands that will be executed under the same privileges as sendmail.. Read more at osvdb.org/195

TENEX Page Fault Race Condition Password Prediction Weakness

TENEX contains a flaw that may allow a local attacker to more trivially guess user passwords. By carefully examining the virtual memory paging timing for differential timing for page faults, it is possible to determine if a specific character matched a portion of the password. By performing this timing attack for each character of a password, an attacker could effectively brute force a relatively strong password in a matter of minutes, instead of having to exhaust a majority of the possible password space.. Read more at osvdb.org/23199

UNIX-V6 su File Descriptor Exhaustion Local Privilege Escalation

UNIX-V6 contains a flaw that may allow a local attacker to gain increased privileges. The flaw occurs when an attacker intentionally exhausts all file descriptors before executing the 'su' program. In such a case, 'su' would invoke a super-user shell instead of failing to execute.. Read more at osvdb.org/535

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software