Network Security News – Saturday, April 29, 2006 Events
SpeedProject Multiple Product ACE Archive Handling Overflow
A remote overflow exists in Squeez and SpeedCommander. Squeez and SpeedCommander fails to handle an ACE archive that contains a file with an overly long filename resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/24990
Instant Photo Gallery portfolio_photo_popup.php id Variable SQL Injection
Instant Photo Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the portfolio_photo_popup.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24987
IRIX rpcbind -w Option Symlink Arbitrary File Overwrite
IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to rpcbind creating files insecurely when used with the '-w' option. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/8578
IRIX IPv6 Capability snoop Unspecified Privilege Escalation
IRIX contains a flaw related to the snoop network protocol analyzer that may allow undisclosed attacks under IPv6, due to a failure to properly handle packets. No further details have been provided.. Read more at osvdb.org/2216
DevBB member.php member Variable XSS
DevBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'member' variables upon submission to the member.php script. This could allow a user to create a specially crafted URL that would execute arbitrary HTML and script code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24994
Leave a Reply