• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

ImageMagick ReadPNMImage() PNM Image Decoding Overflow

Network Security News – Monday, May 09, 2005 Events

ImageMagick ReadPNMImage() PNM Image Decoding Overflow

ImageMagick contains a flaw that may allow a heap overflow triggering a denial of service. The issue is triggered due to a lack of bounds checking in the ReadPNMImage() function when decoding PNM images, and will result in loss of availability for the application.. Read more at osvdb.org/15891

WoltLab Burning Board pms.php folderid Variable XSS

WoltLab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'folderid' variable upon submission to pms.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15907

WinHex Malformed Filename DoS

X-Ways WinHex contains a flaw that may allow either a Remote or Local denial of service. The issue is triggered when an attacker sends a specially-crafted file name to a buffer causing a heap-based overflow, and will result in loss of availability for the WinHex Application.

This application typically does not run with any elevated privileges and requires command line interaction from a user.. Read more at osvdb.org/15841

Altiris Deployment Solution AClient Password Protection Bypass

Altiris Deployment Solution contains a flaw in its ACLIENT.EXE service that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by manipulating the Aclient interface to launch a windows command prompt which runs at the LocalSystem account level. From within this command prompt, the user can launch any program at those escalated privileges. This flaw may lead to a loss of Integrity.. Read more at osvdb.org/15896

BitDefender Path Subversion Security Bypass

BitDefender 8 Professional Plus and Standard Edition contains a flaw that may allow a malicious user to bypass virus protection. The issue is triggered by a race condition caused by a specially crafted "C:\program.exe" file. At Windows startup the file is detected and an alert message is sent to the user, causing the Windows session to begin without starting BitDefender, resulting in a loss of availability of the anti-virus application.. Read more at osvdb.org/15818

602LAN SUITE Webmail Traversal Arbitrary File Upload

602LAN Suite contains a flaw that allows a remote attacker to upload files to arbitrary directories outside of the web path. The issue is due to the software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'filename' variable when attaching a file to an email. Files uploaded to the cgi-bin directory can be executed remotely by an authenticated user via a URL and will run at the privileges of the web server.. Read more at osvdb.org/13590

Perl Convert::UUlib Module Local Overflow

An overflow exists in Convert-UUlib. Convert-UUlib fails to perform proper bounds checking on parameter functions resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

It is not clear if this vulnerability can be remotely exploited, or requires malformed content to be sent to a user to run.. Read more at osvdb.org/15867

Syntax Desktop Multiple Nondescript Security Issues

Syntax Desktop contains multiple security flaws. No further details have been provided.. Read more at osvdb.org/15917

SmartList confirm Module Arbitrary Address Subscription

SmartList confirm module contains a flaw that may allow a malicious attacker to subscribe arbitrary addresses to mailing lists. The issue is triggered when a valid cookie containing the malicious subscribing address is sent to the module. It is possible that the flaw may allow list security restrictions to be bypassed resulting in a loss of integrity.. Read more at osvdb.org/16086

MaxDB Webtool Remote getIfHeader() WebDAV Function Remote Overflow

MaxDB Webtool contains a flaw that may allow a malicious attacker to execute arbitrary code. The issue is triggered when the getlfHeader() function fails to properly limit user supplied input allowing for a buffer overflow. With a specially crafted request, an attacker may be able to overflow the buffer with custom code that would be executed with the same privileges as the Webtool.. Read more at osvdb.org/15993

PHPBB Unspecified BBCode.PHP Vulnerability

PhpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well …. Read more at securityfocus.com/bid/13545?ref=rss

Mozilla Firefox Install Method Remote Arbitrary Code Execution Vulnerability

Mozilla Firefox is prone to a security vulnerability that could result in the execution of arbitrary code without requiring user interaction. Initial analysis of the vu…. Read more at securityfocus.com/bid/13544?ref=rss

Invision Power Board Login.PHP SQL Injection Vulnerability

Invision Power Board is Web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems.Invision Power…. Read more at securityfocus.com/bid/13529?ref=rss

HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure Vulnerability

HTMLJunction EZGuestbook is a web based forum application.HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the databa…

. Read more at securityfocus.com/bid/13543?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software