Network Security News – Tuesday, May 24, 2005 Events
Xitami Server Remote Overflow
A remote overflow exists in Xitami Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted SSI file, a remote attacker can cause the server to crash resulting in a loss of availability.. Read more at osvdb.org/16589
HP OpenView EMANATE snmpModules Information Disclosure
The Emanate SNMP agent supplied with HP OpenView and HP-UX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when someone who knows a read-only community string performs an SNMP walk query in the snmpV2.snmpModules branch, which will disclose all the community names configured on the host, resulting in a loss of confidentiality and possible unauthorized system access.. Read more at osvdb.org/11343
MailScanner Crafted ZIP File Scanner Bypass
MailScanner contains a flaw that may allow a malicious user to bypass virus scanning of ZIP files. It is possible that the flaw may allow ZIP files containing viruses to bypass scanning. The issue is due to the program not correctly parsing size checks on the contents of zip files vs the zip files themselves.. Read more at osvdb.org/16728
PhotoPost member.php uid Variable SQL Injection
PhotoPost contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'uid' variable in the 'member.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16731
phpGB login.php password Parameter SQL Injection
phpGB contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'password' parameter in the 'login.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/10111
WowBB view_user.php sort_by Variable SQL Injection
WowBB contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'sort_by' variable in the 'view_user.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16543
Ability Mail Server Connection Saturation DoS
Ability Mail Server contains a flaw that may allow a remote denial of service. The issue is triggered when establishing more than 150 simultaneous connections with three services (Webmail, Admin and SMTP), which will consume all available CPU resources, resulting in a loss of availability.. Read more at osvdb.org/7719
Ability Server APPE Command Remote Overflow
A remote overflow exists in Ability Server. The application fails to perform proper bounds checking resulting in a buffer overflow. By issuing an overly long string to the 'APPE' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/12347
Leave a Reply