• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Linux Kernel mprotect() Function Memory Permission Bypass

Network Security News – Friday, April 28, 2006 Events

Linux Kernel mprotect() Function Memory Permission Bypass

The Linux Kernel contains a flaw that may allow a malicious user to gain elevated access privileges to shared memory. The issue is triggered because a 'mprotect()' call can be used to set write access to a shared memory segment that was attached read-only, even when IPC would not give permission to do so. It is possible that the flaw may allow an attacker to gain write access to shared memory, resulting in a loss of integrity.. Read more at osvdb.org/24714

IntelliLink Pro edit.cgi Multiple Variable XSS

Intellilink Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id', 'forgotid' and 'forgotpass' variables upon submission to the 'edit.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24733

IntelliLink Pro addlink_lwp.cgi url Variable XSS

Intellilink Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'url' variable upon submission to the 'addlink_lwp.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24732

CommuniMail templates.cgi form_id Variable XSS

CommuniMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'form_id' variable upon submission to the 'templates.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24736

CommuniMail mailadmin.cgi list_id Variable XSS

CommuniMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list_id' variable upon submission to the 'mailadmin.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24735

Thumbnail AutoIndex Unspecified include() Issue

Thumbnail AutoIndex contains a flaw that may allow an attacker to execute arbitrary PHP code on the server. The application makes use of the 'include' function to include the 'README.html' and 'HEADER.html'. This may become an issue for a provider that offers the application as a service but disallows users to create their own PHP scripts. The flaw will allow such a user to include PHP code in one of the files mentioned above, potentially causing a loss of integrity.. Read more at osvdb.org/24873

phpWebFTP index.php port Variable XSS

phpWebFTP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'port' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24975

Beagle External Helper Commandline Argument Injection

Beagle contains a flaw that may allow a malicious user to pass argbitrary arguments to helper applications. The issue is triggered when Beagle, during its indexing process, launches helper applications. It is possible that the flaw may allow arbitrary code exection, resulting in a loss of integrity.. Read more at osvdb.org/24938

AngelineCMS loadkernel.php installPath Variable Remote File Inclusion

AngelineCMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to loadkernel.php not properly sanitizing user input supplied to the 'installPath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/24610

3Com Baseline Switch 2848-SFP Crafted DHCP Packet Remote DoS

3Com Baseline Switch 2848-SFP contains a flaw that may allow a remote denial of service. The issue is triggered when the switch receives a DHCP packet that exceeds 342 bytes in length, and will result in loss of availability for the platform.. Read more at osvdb.org/24942

Vuln: Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities

Multiple Mozilla Products Memory Corruption/Code Injection/Access Restriction Bypass Vulnerabilities. Read more at securityfocus.com/bid/16476

Vuln: Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities

Mozilla Suite, Firefox, SeaMonkey, and Thunderbird Multiple Remote Vulnerabilities. Read more at securityfocus.com/bid/17516

Vuln: Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability

Paul A. Rombouts PDNSD Unspecified Buffer Overflow Vulnerability

. Read more at securityfocus.com/bid/17720

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software