• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Mac OS X SUID/SGID Scripts Allowed

Network Security News – Monday, April 18, 2005 Events

Mac OS X SUID/SGID Scripts Allowed

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by the ability to install or create and run SUID/SGID scripts. This flaw may lead to a loss of integrity.. Read more at osvdb.org/15639

CalendarScript calendar.pl template Variable XSS

CalendarScript contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'template' or 'username' variables upon submission to the calendar.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15547

CalendarScript calendar.pl calendar Variable Path Disclosure

CalendarScript contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker provides malformed input to the calendar.pl script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15546

Comersus ASP Shopping Cart comersus_searchItem.asp curPage Variable XSS

Comersus ASP Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'curPage' variable upon submission to the comersus_searchItem.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15539

RM SafetyNet Plus snpfiltered.pl u Variable XSS

RM SafetyNet Plus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u' variable upon submission to the snpfiltered.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15543

Multiple Vendor ICMP Implementation Malformed Path MTU DoS

Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages and when the "Path MTU Discovery" (PMTUD) mechanism is used. By sending a specially crafted ICMP error message, a remote attacker could arbitrary reduce the throughput of a TCP connection resulting in a loss of availability.. Read more at osvdb.org/15619

Multiple Vendor ICMP Implementation Spoofed Source Quench Packet DoS

Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages. By sending a specially crafted ICMP Source Quench packet, a remote attacker could arbitrary reduce the throughput of a TCP connection resulting in a loss of availability.. Read more at osvdb.org/15618

Multiple Vendor ICMP Message Handling DoS

Multiple ICMP implementations contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of ICMP error messages. By sending a specially crafted ICMP error message, a remote attacker could reset TCP connections resulting in a loss of availability.. Read more at osvdb.org/15457

Multiple Vendor TCP Implementation Acknowledgement Number Checking Issue

Multiple TCP implementations contains a flaw that may allow a remote attacker to forge ICMP error messages. The problem is that the TCP Acknowledgement number in an ICMP error message generated by an intermediate routher is not checked whether it is within the range of possible values for data that has already been acknowledged. It is possible that the flaw may allow a remote attacker to forge ICMP error messages resulting in a loss of integrity.. Read more at osvdb.org/15621

Multiple Vendor TCP Implementation Malformed Sequence Number Range Issue

Multiple TCP implementations contains a flaw that may allow a remote attacker to forge ICMP error messages. The problem is that the TCP sequence number in an ICMP error message is not checked whether it is within the range of sequence numbers for data that has been sent but not acknowledged. It is possible that the flaw may allow a remote attacker to forge ICMP error messages resulting in a loss of integrity.. Read more at osvdb.org/15620

Apple Mac OS X Kernel Syscall Emulation Buffer Overflow Vulnerability

A heap-based buffer overflow vulnerability affects Apple Mac OS X. This issue is due to a failure of the application to securely manage user-supplied data when copying it…

. Read more at securityfocus.com/bid/13207?ref=rss

Detenbank Module For PHPBB Remote Mod.PHP Cross-Site Scripting Vulnerability

The datenbank module for is a German mod for phpbb. It facilitates presenting and managing lists on phpbb sites.A remote cross-site scripting vulnerability affects the…

. Read more at securityfocus.com/bid/13210?ref=rss

PHPBB Remote Mod.PHP SQL Injection Vulnerability

The datenbank module for is a German mod for phpbb. It facilitates presenting and managing lists on phpbb sites.A remote SQL injection vulnerability affects the datenb…

. Read more at securityfocus.com/bid/13209?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software