• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Sybase ASE attrib_valid Function Overflow

Network Security News – Monday, April 11, 2005 Events

Sybase ASE attrib_valid Function Overflow

A remote overflow exists in Sybase Adaptive Server Enterprise attrib_valid function. The function fails to check input during internal parsing resulting in a buffer overflow. With a specially crafted request, an attacker can execute the code of their choice in the security context of the Sybase database server process resulting in a loss of integrity.

In order for this condition to be exploited an authenticated connection to ASE must exist.. Read more at osvdb.org/15198

GNU sharutils shar Output Overflow

A local overflow exists in GNU sharutils shar command. GNU shar fails to check the length of data returned by the shar command resulting in a buffer overflow. With a specially crafted shar archive, an attacker can cause loss of integrity.. Read more at osvdb.org/15375

FirstClass Client Bookmark Files Arbitrary Program Execution

OpenText FirstClass contains a flaw that may allow an attacker to execute arbitrary files. The issue is due to a lack of restrictions on bookmark URIs. This may allow an attacker to link to a file on a remote host which will be executed by the vulnerable client.. Read more at osvdb.org/15356

HP OpenView Network Node Manager Nondescript DoS

HP OpenView Network Node Manager contains a flaw that may allow a remote denial of service. No further information has been provided.. Read more at osvdb.org/15321

Linksys WET11 changepw.html Unauthenticated Password Modification

The LinkSys WET11 v1 Wireless Ethernet Bridge contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a remote user sends a crafted HTTP request to the Change Password scipt which will change the password without authentication.. Read more at osvdb.org/15311

P2P Share Spy Registry Local Password Disclosure

P2P Share Spy contains a flaw that may lead to an unauthorized information disclosure. The issue is due to plaintext storage of information in the registry, which may disclose the program launch password to local users resulting in a loss of confidentiality.. Read more at osvdb.org/15312

FireFly Registry Plaintext Proxy Password Disclosure

NetCruiser Software FireFly contains a flaw that may lead to an unauthorized information disclosure. The issue is due to plaintext storage of information in the registry, which may disclose the proxy username and password to local users resulting in a loss of confidentiality.. Read more at osvdb.org/15325

PunBB profile.php jabber Variable XSS

PunBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the jabber variable upon submission to the profile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15373

PunBB profile.php new_email Variable SQL Injection

PunBB contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the new_email variable in the profile.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15372

remstats remoteping Service Arbitrary Command Execution

remstats contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when a remote user manipulates the inputs in the 'remoteping-server.pl' script. It is possible that the flaw may allow a user to execute arbitrary commands due to missing input sanitizing resulting in a loss of integrity.. Read more at osvdb.org/15259

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software