Network Security News – Friday, May 26, 2006 Events
Novell Client Login Field Clipboard Content Disclosure
Novell Client contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the Novell client Login dialog box failure to restrict access to the contents of the clipboard when the system is "locked". It can be possible to disclose the text contents of the current user's clipboard by pasting it into the "User Name" field, or to change the clipboard's content by performing a copy from the "User Name" field information.. Read more at osvdb.org/25760
Sugar Suite Multiple Script sugarEntry Global Variable Remote File Inclusion
Sugar Suite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple scripts in the "modules" directory not properly sanitizing user input supplied to the "sugarEntry" gloabl variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25532
UBB.threads addpost_newpoll.php thispath Variable Remote File Inclusion
UBB.threads contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to addpost_newpoll.php not properly sanitizing user input supplied to the 'thispath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25714
phpListPro config.php Language Cookie Parameter Local File Inclusion
phpListPro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to config.php not properly sanitizing user input supplied to the "Language" cookie variable. This may allow an attacker to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25694
phpMyDirectory cron.php ROOT_PATH Variable Remote File Inclusion
phpMyDirectory contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to cron.php not properly sanitizing user input supplied to the "ROOT_PATH" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/25698
UseBB Member List Search SQL Injection
UseBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the the member list search not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25685
Stylish Text Ads tr1.php id Variable SQL Injection
Stylish Text Ads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the tr1.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/25691
UseBB Date Format XSS
UseBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables related to the user date format. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25684
Stylish Text Ads advertise.php XSS
Stylish Text Ads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified variable upon submission to the advertise.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25692
singapore index.php image Variable XSS
Singapore contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'image' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/25706
Vuln: Easy Software Products CUPS Access Control List Bypass Vulnerability
Easy Software Products CUPS Access Control List Bypass Vulnerability. Read more at securityfocus.com/bid/14265
Leave a Reply