IRIX rpc.mountd Anonymous Access Deny Issue

Network Security News – Thursday, June 09, 2005 Events

IRIX rpc.mountd Anonymous Access Deny Issue

IRIX rpc.mountd contains a flaw that may allow a denial of service. The issue is triggered when rpc.mountd incorrectly denies access to anonymous clients whose hostname is not listed in DNS, NIS or /etc/hosts. If an attacker were able to manipulate one of these naming services it could result in loss of availability to the service for some users.. Read more at osvdb.org/17206

LutelWall Symlink Arbitrary File Create/Overwrite

A vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.. Read more at osvdb.org/17173

Chipmunk Forum authenticate.php username Parameter SQL Injection

Chipmunk Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$username" variable in the "authenticate.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13568

Chipmunk Forum edit.php ID Parameter SQL Injection

Chipmunk Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$ID" variable in the "edit.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13569

Chipmunk Forum getpassword.php email Parameter SQL Injection

Chipmunk Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$email" variable in the "getpassword.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13567

Chipmunk Forum reguser.php Multiple Parameter SQL Injection

Chipmunk Forum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the $query variable in the authenticate module is not verified properly and will allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13572

Chipmunk Forum newtopic.php Multiple Parameter SQL Injection

Chipmunk Forumcontains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$name", "$title", and "$post" variables in the "newtopic.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13571

CMScore authenticate.php username Parameter SQL Injection

CMScore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$username" variable in the "authenticate.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13574

CMScore index.php Multiple Parameter SQL Injection

CMScore contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the "$EntryID" and "$searchterm" variables in the "index.php" script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13573

Chipmunk Forum search.php searchterm Parameter SQL Injection

Chipmunk Forum contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the '$searchterm' variable in the 'search.php' script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/13570

Vuln: Loki Download Manager Catinfo.ASP SQL Injection Vulnerability

Loki Download Manager Catinfo.ASP SQL Injection Vulnerability. Read more at securityfocus.com/bid/13900

Vuln: Symantec Brightmail AntiSpam Remote Information Disclosure Vulnerability

Symantec Brightmail AntiSpam Remote Information Disclosure Vulnerability. Read more at securityfocus.com/bid/13828

Vuln: Leafnode FetchFews Client Article Header Timeout Remote Denial of Service Vulnerability

Leafnode FetchFews Client Article Header Timeout Remote Denial of Service Vulnerability

. Read more at securityfocus.com/bid/13901

Vuln: Cisco Voice VLAN 802.1x Authentication Bypass Vulnerability

Cisco Voice VLAN 802.1x Authentication Bypass Vulnerability. Read more at securityfocus.com/bid/13902

2 SQL injection in Loki download manager v2.0

2 SQL injection in Loki download manager v2.0. Read more at securityfocus.com/archive/1/401771

[ GLSA 200506-05 ] SilverCity: Insecure file permissions

[ GLSA 200506-05 ] SilverCity: Insecure file permissions. Read more at securityfocus.com/archive/1/401770

[USN-137-1] Linux kernel vulnerabilities

[USN-137-1] Linux kernel vulnerabilities

. Read more at securityfocus.com/archive/1/401748

Second-Order Symlink Vulnerabilities

Second-Order Symlink Vulnerabilities. Read more at securityfocus.com/archive/1/401682