• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Microsoft Windows Font Processing Local Privilege Escalation

Network Security News – Thursday, April 14, 2005 Events

Microsoft Windows Font Processing Local Privilege Escalation

A local overflow exists in Windows. The kernel fails to validate certain kinds of fonts resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code to execute with kernel privileges resulting in a loss of integrity.. Read more at osvdb.org/15459

Pinnacle Cart index.php pg Variable XSS

Pinnacle Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'pg' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15485

portupgrade pkg_fetch Symlink Privilege Escalation

portupgrade contains a flaw that may allow a malicious local user to overwrite, create and manipulate arbitrary files on the system with the permissions of the user running portupgrade. The issue is due to the 'pkg_fetch' download packages creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/15477

Red Hat Linux 4GB Split Patch access check Regression Error Local DoS

RedHat Linux contains a flaw that may allow a local denial of service. The issue is due to a missing access check, due to a regression error in the RedHat Linux 4 kernel 4GB/4GB split patch, and will result in loss of availability for the platform.. Read more at osvdb.org/15417

Linux Kernel jfs File System Driver Race Condition DoS

The Linux kernel contains a flaw related to the jfs file system driver that may allow race condition resulting in a kernel crash & denial of service. No further details have been provided aside from this can only happen under "unusual" conditions.. Read more at osvdb.org/15490

Sun Java JDK/SDK Jar Arbitrary File Overwrite

The Jar utility provided with Java's JDK/SDK allows the extraction of files with names that traverse the directory structure of host system. This could be used to create a malicious Jar that will overwrite arbitrary files on the host system when it is extracted.. Read more at osvdb.org/15435

Lotus Domino htcgibin.exe MS-DOS Device Name Request Path Disclosure

Lotus Domino contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a specially-crafted MS-DOS Device name request, which will disclose physical path information resulting in a loss of confidentiality.. Read more at osvdb.org/15455

Morpheus ChatServers.ini Chat Credential Local Disclosure

Morpheus contains a flaw that may lead to an unauthorized information disclosure. Өe issue is due to user credentials being stored in clear text within the ChatServers.ini file, which will disclose usernames and passwords to local users resulting in a loss of confidentiality.. Read more at osvdb.org/15393

Wordit Logbook logbook.pl file Parameter Arbitrary Command Execution

Wordit contains a flaw that may allow an attacker to execute arbitrary commands. The issue is due to the "file" variable in the "logbook.pl" script not being properly sanitized and may allow an attacker to inject or manipulate commands.. Read more at osvdb.org/15392

Microsoft MSN Messenger Malformed GIF Code Execution

A remote code execution flaw exists in MSN Messenger. The program fails to validate GIF image height and width information. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15468

S9Y Serentdipity Exit.PHP SQL injection Vulnerability

Serendipity is a web log application that is written in PHP.Serendipity is affected by an SQL injection vulnerability. This issue is due to a failure in the applicatio…

. Read more at securityfocus.com/bid/13161?ref=rss

CPIO CHMod File Permission Modification Race Condition Weakness

cpio is an open-source file compression/decompression utility for Unix and Linux variants.cpio is prone to a security weakness. The issue is only present when an archiv…

. Read more at securityfocus.com/bid/13159?ref=rss

OpenOffice Malformed Document Remote Heap Overflow Vulnerability

OpenOffice is an open source office software package distributed and maintained by the OpenOffice project. It is available for Unix, Linux, and Microsoft Windows operatin…

. Read more at securityfocus.com/bid/13092?ref=rss

PHPBB Photo Album Module Album_Comment.PHP Cross-Site Scripting Vulnerability

Photo Album is a module for the popular phpBB bulletin board system.Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in …

. Read more at securityfocus.com/bid/13158?ref=rss

PHPBB Photo Album Module Album_Cat.PHP Cross-Site Scripting Vulnerability

Photo Album is a module for the popular phpBB bulletin board system.Photo Album is affected by a cross-site scripting vulnerability. This issue is due to a failure in …

. Read more at securityfocus.com/bid/13157?ref=rss

IBM iSeries AS400 POP3 Server Remote Information Disclosure Vulnerability

IBM iSeries AS400 computers are reported prone to a remote information disclosure vulnerability. The issue exists in the POP3 service that is installed and runs by defaul…

. Read more at securityfocus.com/bid/13156?ref=rss

Multiple Sql injection and XSS vulnerabilities in phpBB Plus v.1.52 and below and some of its modules.

Sender: dcrab [dcrab at hackerscenter dot com]

. Read more at securityfocus.com/archive/1/395720?ref=rss

LG U8120 Mobile Phone Denial of Service

Sender: Luca Ercoli [io at lucaercoli dot it]

. Read more at securityfocus.com/archive/1/395714?ref=rss

NetManage RUMBA 7.4 Profile Handling Multiple Buffer Overflow Vulnerabilities

Sender: Bahaa Naamneh [b_naamneh at hotmail dot com]

. Read more at securityfocus.com/archive/1/395705?ref=rss

IBM WebSphere Widespread configuration JSP disclosure

Sender: SPI Labs [spilabs at spidynamics dot com]

. Read more at securityfocus.com/archive/1/395701?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software