• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

netMailshar Webmail Service Traversal Arbitrary File Access

Network Security News – Sunday, April 24, 2005 Events

netMailshar Webmail Service Traversal Arbitrary File Access

netMailshar Professional contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the application web server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI variable.. Read more at osvdb.org/15722

netMailshar Webmail Service Error Message Username Enumeration

netMailshar Professional Edition contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker attempts to log into the system and receives varying error messages with each username attempt, disclosing whether the username is valid or not, resulting in a loss of confidentiality.. Read more at osvdb.org/15723

cpio Race Condition Arbitrary File Permission Modification

cpio contains a flaw that may allow a malicious user to modify permissions of arbitrary files. The issue is triggered via a hard link attack on a file while it is being decompressed. It is possible that the flaw may allow arbitrary file permission modification resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/15725

BIG-IP Configuration Utility Cached Login Credential Authentication Bypass

BIG-IP contains a flaw that may allow a malicious user to bypass authenitication procedures. The issue is triggered when the configuration utility caches login credentials and does not check the entered password on subsequent sessions. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.. Read more at osvdb.org/15714

PortalApp content.asp contenttype Variable XSS

PortalApp contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'contenttype' variable upon submission to the content.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15743

Apache Log Entry Terminal Escape Sequence Injection

Apache HTTP Server contains a flaw that may allow a malicious user to inject terminal escape sequences into Apache's error log. The issue is triggered when Apache fails to strip the escape sequences. If an administrator views the log files using certain terminal applications it may execute the escape sequences with the privileges of the administrator.. Read more at osvdb.org/4382

RealPlayer RAM File Processing Overflow

A remote overflow exists in RealPlayer. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted RAM file containing an overly long hostname, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15710

Red Hat Linux Itanium unw_unwind_to_user Function Local DoS

Red Hat Linux for Itanium contains a flaw that may allow a local denial of service. The issue is triggered by a flaw in unw_unwind_to_user function, and will result in loss of availability for the platform.. Read more at osvdb.org/15728

xv TIFF Decoder Format String

XV contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by a format string error in the TIFF decoder. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/15679

Serendipity exit.php Multiple Variable SQL Injection

Serendipity contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the $_GET['url_id'] or
$_GET['entry_id'] variables in the exit.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15542

ACS Blog Administrative Access Authentication Bypass Vulnerability

ACS Blog is Web blog software implemented in ASP.ACS Blog is vulnerable to an authentication bypass vulnerability. This issue is due to a design flaw whereby remote adm…

. Read more at securityfocus.com/bid/13346?ref=rss

PixySoft E-Cart Art Parameter Remote Command Execution Vulnerability

PixySoft E-Cart is an e-comerce plug-in for WebAPP. It is written in Perl and is freely available for UNIX, Linux and Microsoft Windows platforms. PixySoft E-Cart is pr…

. Read more at securityfocus.com/bid/13321?ref=rss

PHPBB Viewtopic.PHP Cross-Site Scripting Vulnerability

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …

. Read more at securityfocus.com/bid/13345?ref=rss

PHPBB Profile.PHP Cross-Site Scripting Vulnerability

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …

. Read more at securityfocus.com/bid/13344?ref=rss

Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of Service Vulnerabilities

Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial of service attacks.ICMP is employed by network n…

. Read more at securityfocus.com/bid/13124?ref=rss

CartWIZ SearchResults.ASP Name Argument Cross-Site Scripting Vulnerability

CartWIZ is a Web-based shopping cart application implemented in ASP.CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the app…

. Read more at securityfocus.com/bid/13343?ref=rss

Multiple Sql injection and XSS in CartWIZ ASP Cart

Sender: dcrab [dcrab at hackerscenter dot com]

. Read more at securityfocus.com/archive/1/396749?ref=rss

-==phpBB 2.0.14 Multiple Vulnerabilities==

Sender: HaCkZaTaN [hck_zatan at hotmail dot com]

. Read more at securityfocus.com/archive/1/396744?ref=rss

Local file detection found through Adobe Reader ActiveX control

Sender: Hyperdose Security [robfly at hyperdose dot com]

. Read more at securityfocus.com/archive/1/396747?ref=rss

E-Cart v1.1 Remote Command Execution

Sender: Nicolas Montoza [xonico at gmail dot com]

. Read more at securityfocus.com/archive/1/396748?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software