Network Security News – Wednesday, May 25, 2005 Events
JiRos Statistics System (JSS) admin_login.asp password Field SQL Injection
Jiros Statistics System (JSS) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the password variable in the admin_login.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16752
bzip2 Malformed Archive Decompression DoS
bzip2 contains a flaw that may allow a remote denial of service. The issue is triggered due to the handling of malformed bzip2 archives. It is possible for a remote attacker to send a malformed archive, which will cause the application to go into an infinite loop and consume a large amount of disk space and CPU resources, resulting in a loss of availability.. Read more at osvdb.org/16767
WordPress wp-trackback.php tb_id Variable SQL Injection
WordPress contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tb_id' variable in the wp-trackback.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/16701
WordPress post.php p Variable XSS
WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'p' variable upon submission to the post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16702
WordPress Multiple Script Direct Request Path Disclosure
WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests any one of a number of scripts that calls an unspecified function. The resulting error message will disclose the physical installation path, resulting in a loss of confidentiality.. Read more at osvdb.org/16703
GDB Initialisation File Sourcing Insecure File Handling
GDB, the GNU debugger contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the GDB reads the .gdbinit file from the current working directory. If a privileged user can be tricked to run GDB in another user's directory, and the current working directory contains a malicious .gdbinit, an attacker could gain escalated privileges.. Read more at osvdb.org/16758
Cookie Cart passwd.txt Authentication Credential Disclosure
Cookie Cart contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords when a browser request for the passwd.txt file occurs, which may lead to a loss of confidentiality.. Read more at osvdb.org/16755
Ariadne CMS loader.php Remote File Inclusion
Ariadne CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to loader.php not properly sanitizing user input supplied to the 'ariadne' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/15549
Sun Java System Web Server Unspecified Remote DoS
Java System Web Server contains an unspecified flaw that may allow a remote attacker to cause a denial of service. No further details have been provided.. Read more at osvdb.org/15504
Blue Coat Reporter Unauthenticated License Addition
Blue Coat Reporter contains an unspecified flaw that may allow a remote attacker to add a license. No further details have been provided.. Read more at osvdb.org/16764
Sun CDE DtSvc Unspecified Buffer Overflow Vulnerability
An unspecified buffer overflow vulnerability exists in Sun CDE DtSvc library that is included with SunOS 5.9 and Solaris 9. Few details are known in regard to this issue….. Read more at securityfocus.com/bid/13757?ref=rss
Sun CDE DtSvc DTDataBaseSearchPath Unspecified Buffer Overflow Vulnerability
An unspecified buffer overflow vulnerability exists in Sun CDE DtSvc library that is included with SunOS 5.9 and Solaris 9. The issue manifests when 'DTDATABASESEARCHPATH…. Read more at securityfocus.com/bid/13758?ref=rss
Sun Solaris Directory Creation Kernel Panic Vulnerability
Sun Solaris is affected by a denial of service vulnerability due to a kernel panic.Specific technical details about this issue are not currently available, however, it …. Read more at securityfocus.com/bid/13743?ref=rss
Sun Solaris Powerd Unspecified Buffer Overflow Vulnerability
powerd is the power manager daemon supplied with Solaris.powerd is affected by an unspecified buffer overflow vulnerability. This issue arises because the application …
. Read more at securityfocus.com/bid/13745?ref=rss
Sun Solaris USB Attachment Points Insecure Default Permissions Vulnerability
Sun Solaris is reported prone to a vulnerability that could allow an attacker to gain unauthorized access to a USB drive.This issue presents itself because USB attachme…. Read more at securityfocus.com/bid/13738?ref=rss
Sun TTYMux Kernel Memory Disclosure Vulnerability
ttymux is a STREAMS multiplexer driver that is used to connect multiple serial devices to the system console.ttymux is affected by an unspecified vulnerability that may…. Read more at securityfocus.com/bid/13734?ref=rss
Javamail Multiple Information Disclosure Vulnerabilities
Sender: Ricky Latt [ygnboyz at gmail dot com]
. Read more at securityfocus.com/archive/1/398842?ref=rss
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability
Sender: iDEFENSE Labs [labs-no-reply at idefense dot com]. Read more at securityfocus.com/archive/1/398840?ref=rss
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability
Sender: iDEFENSE Labs [labs-no-reply at idefense dot com]. Read more at securityfocus.com/archive/1/398839?ref=rss
iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities
Sender: iDEFENSE Labs [labs-no-reply at idefense dot com]
. Read more at securityfocus.com/archive/1/398837?ref=rss
Leave a Reply