Network Security News – Saturday, April 16, 2005 Events
Apple Mac OS X Kernel Multiple Local Privilege Escalation And Denial Of Service Vulnerabilities
Multiple local privilege escalation and denial of service vulnerabilities affect Apple Mac OS X. These issues are due to insecure copying of user-supplied data into fini…
. Read more at securityfocus.com/bid/13203?ref=rss
Apple Safari Remote Local Zone Script Execution Vulnerability
Apple Safari is a tabbed browser application developed by Apple Computers. It is designed to be run on Apple Mac OS X platforms.A remote local zone script execution vu…
. Read more at securityfocus.com/bid/13202?ref=rss
PHP-Nuke Surveys Module HTTP Response Splitting Vulnerability
PHP-Nuke is a freeware content management system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.PHP-Nuke is p…
. Read more at securityfocus.com/bid/13201?ref=rss
DameWare NT Utilities Authentication Credentials Persistence Weakness
A problem with DameWare NT Utilities may allow the recovery of sensitive information.DameWare NT Utilities does not safely handle authentication credential information….
. Read more at securityfocus.com/bid/13200?ref=rss
DameWare Mini Remote Control Authentication Credentials Persistence Weakness
A problem with DameWare Mini Remote Control may allow the recovery of sensitive information.DameWare Mini Remote Control does not safely handle authentication credentia…
. Read more at securityfocus.com/bid/13199?ref=rss
IBM WebSphere Application Server Web Server Root JSP Source Code Disclosure Vulnerability
A remote JSP source disclosure vulnerability reportedly affects the IBM WebSphere Application Server. This issue is due to a failure of the application to properly handl…
. Read more at securityfocus.com/bid/13160?ref=rss
Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below
Sender: dcrab [dcrab at hackerscenter dot com]
. Read more at securityfocus.com/archive/1/396000?ref=rss
Re: Http Response Splitting Vulnerability In PHP-NUKE 7.6 and below
Sender: JeiAr [security at gulftech dot org]
. Read more at securityfocus.com/archive/1/396017?ref=rss
Mafia Blog
Sender: Francisco Alisson [dominusvis at click21 dot com dot br]
. Read more at securityfocus.com/archive/1/395995?ref=rss
Vulnerabilities in sphpblog
Sender: echo staff [y3dips at echo dot or dot id]
. Read more at securityfocus.com/archive/1/395994?ref=rss
AzDGDatingPlatinum view.php id Variable XSS
AzDGDatingPlatinum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the view.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15526
AzDGDatingPlatinum index.php from Variable SQL Injection
AzDGDatingPlatinum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'from' variable in the index.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15525
AzDGDatingPlatinum view.php id Variable SQL Injection
AzDGDatingPlatinum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the view.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15524
OneWorldStore owProductDetail.asp Multiple Field XSS
OneWorldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Name', 'Email' or 'Comment' fields upon submission to the owProductDetail.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15523
OneWorldStore owListProduct.asp bSub Variable XSS
OneWOrldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bSub' variable upon submission to the owListProduct.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15522
OneWorldStore owContactUs.asp sEmail Variable XSS
OneWorldStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sEmail' variable upon submission to the owContactus.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15521
OneWorldStore owProductDetail.asp idproduct Variable SQL Injection
OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'idproduct' variable in the owProductDetail.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15520
OneWorldStore owListProduct.asp Multiple Variable SQL Injection
OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'bSpecials' and 'idCategory' variables in the owListProduct.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15519
OneWorldStore owAddItem.asp idProduct Variable SQL Injection
OneWorldStore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'idProduct' variable in the owAddItem.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15518
Microsoft IE External Caching Security Failure Arbitrary File Access
Internet Explorer contains a flaw that may allow a malicious user to access arbitrary files. The issue is due to incomplete security checks on IE external caching, which allows remote attackers to access files on a user's system, resulting in a loss of confidentiality.. Read more at osvdb.org/15224
Leave a Reply