Hosting Controller saveuploadfiles.asp Arbitrary File Upload

Network Security News – Saturday, April 22, 2006 Events

Hosting Controller saveuploadfiles.asp Arbitrary File Upload

Hosting Controller 2002 RC1 contains a flaw that may allow a remote attacker to upload files. The issue is due to saveuploadfiles.asp not verifying the value in the OpenPath variable. This may allow an attacker to upload or overwrite arbitrary files on the system.. Read more at osvdb.org/24772

Hosting Controller AccountActions.asp Unauthenticated Account Manipulation

Hosting Controller 2002 RC1 contains a flaw that allows unauthenticated users to modify passwords. It is possible to change a user's password by modifying the UserName field in the AccountActions.asp script.. Read more at osvdb.org/24773

W2B Online Banking index.php SID Variable XSS

W2B Online Banking contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'SID' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24759

NetBSD SIOCGIFALIAS ioctl() Crafted Request Local DoS

NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user attempts to gather information on a non-existent alias of a network interface via the SIOCGIFALIAS ioctl, resulting in a NULL dereference in the kernel when the alias in question is not located. This will lead to a loss of availability for the platform.. Read more at osvdb.org/24578

MyBulletinBoard (MyBB) inc/init.php Variable Overwrite

MyBB contains a flaw that may allow a malicious user to manipulate arbitrary script variables. The issue is triggered when a remote attacker accesses the inc/init.php script which may allow the manipulation of arbitrary script variables or the execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/24711

MyBulletinBoard (MyBB) global.php Variable Overwrite

MyBB contains a flaw that may allow a malicious user to manipulate arbitrary script variables. The issue is triggered when a remote attacker accesses the global.php script which may allow the manipulation of arbitrary script variables or the execution of arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/24710