Network Security News – Wednesday, June 29, 2005 Events
IA eMailServer IMAP4 LIST Command Remote DoS
IA eMailServer contains a flaw that may allow a remote denial of service. The issue is triggered when the characters '%x' are sent as the second argument to the IMAP4 LIST command, and will result in loss of availability for the service.. Read more at osvdb.org/17609
e107 comment.php Comment Field XSS
e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17574
e107 forum_post.php Multiple Field XSS
e107 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the subject or post fields upon submission to the forum_post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17573
e107 usersettings.php Arbitrary HTML Injection
e107 contains a flaw that may allow an attacker to carry out an HTML injection attack. The issue is due to the usersettings.php script not properly sanitizing user-supplied input to the location variable (other variables may also be unsanitized). This may allow an attacker to inject or manipulate the HTML code displayed to browsers of areas of e107 where the location variable is used.. Read more at osvdb.org/17572
e107 plugins.php Direct Request Path Disclosure
e107 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a request directly to a plugin php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/17570
e107 admin.php Administrator Account Enumeration
e107 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker attempts to login with an administrator username. The resulting error message is different for valid vs invalid accounts allowing the attacker to verify legitimate administrator accounts. This can be used to launch more focused attacks such as brute force attempts.. Read more at osvdb.org/17569
Microsoft Windows SMB LanMan Pipe Server Listing Disclosure
Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using the \PIPE\LANMAN transaction pipe, which will disclose lists of neighboring machines resulting in a loss of confidentiality.. Read more at osvdb.org/300
Microsoft IIS idq.dll IDA/IDQ ISAPI Remote Overflow
A remote overflow exists in Microsoft IIS. The 'idq.dll' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/568
paFAQ index.php id Variable XSS
paFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17563
paFAQ index.php username Variable SQL Injection
paFAQ contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17564
Vuln: Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of Service Vulnerabilities
Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of Service Vulnerabilities. Read more at securityfocus.com/bid/13124
Vuln: PhpMyChat SQL Injection Vulnerability
PhpMyChat SQL Injection Vulnerability. Read more at securityfocus.com/bid/14085
Vuln: PhpMyChat Cross-site Scripting Vulnerability
PhpMyChat Cross-site Scripting Vulnerability
. Read more at securityfocus.com/bid/14082
Vuln: PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
PHPBB Viewtopic.PHP Remote Code Execution Vulnerability. Read more at securityfocus.com/bid/14086
Security Advisory – phpBB 2.0.15 PHP-code injection bug
Security Advisory – phpBB 2.0.15 PHP-code injection bug. Read more at securityfocus.com/archive/1/403631
MDKSA-2005:107 – Updated ImageMagick packages fix vulnerabilities
MDKSA-2005:107 – Updated ImageMagick packages fix vulnerabilities. Read more at securityfocus.com/archive/1/403599
MDKSA-2005:106 – Updated spamassassin packages fix DoS vulnerabilities
MDKSA-2005:106 – Updated spamassassin packages fix DoS vulnerabilities
. Read more at securityfocus.com/archive/1/403595
RE: [Fwd: phpBB 2.0.16 released]
RE: [Fwd: phpBB 2.0.16 released]. Read more at securityfocus.com/archive/1/403592
Leave a Reply