Network Security News – Saturday, March 04, 2006 Events
Gallery GallerySession.class 'sessionId' Variable File Deletion
Gallery contains a flaw that allows a remote attacker to delete files outside of the web path. The issue is due to the GallerySession.class not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the sessionId variable(s).. Read more at osvdb.org/23597
Gallery GalleryUtilities.class 'X_FORWARDED_FOR' HTTP Header Field XSS
Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'X_FORWARDED_FOR' HTTP header field upon submission to the GalleryUtilities.class script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23596
IRIX Desktop searchbook Insecure Permission Privilege Escalation
IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the searchbook program creating the iconbook and searchbook desktop files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/8563