Network Security News – Tuesday, July 12, 2005 Events
PHP shtool Symlink Arbitrary File Overwrite
PHP contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the included shtool script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/17808
ocaml-mysql shtool Symlink Arbitrary File Overwrite
ocaml-mysql contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the shtool script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. In addition to the shtool temporary files vulnerability, ocaml-mysql uses the contents of temporary files in later processing, allowing an attack through manipulation of the content in predictably-named files.. Read more at osvdb.org/17289
OpenPKG shtool Symlink Arbitrary File Overwrite
OpenPKG shtool contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the shtool script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity. A large number of software packages that may be installed as part of OpenPKG include vulnerable code from shtool.. Read more at osvdb.org/17802
OpenLDAP shtool Symlink Arbitrary File Overwrite
OpenLDAP contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the shtool script, used duing the OpenLDAP build process, creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/17804
UBB.threads download.php Number Variable SQL Injection
UBB.threads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'download.php' script not properly sanitizing user-supplied input to the 'Number' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/17525
Microsoft Windows Web Client Request Processing Remote Code Execution
A remote overflow exists in Windows. The WebClient service fails to validate messages received over the network resulting in a buffer overflow. With a specially crafted request, an attacker with valid logon credentials can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/17309
Interspire ArticleLive 2005 Registration Username Field XSS
ArticleLive 2005 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Username' variable upon submission to the '/authors/register/do' registration script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17780
Peer-to-Peer Chat and File Sharing Application (PrivaShare) Malformed Data DoS
Peer-to-Peer Chat and File Sharing Application (PrivaShare) contains a flaw that may allow a remote denial of service. The issue is triggered when processing malformed data, and will result in loss of availability for the service.. Read more at osvdb.org/17764
ActiveBuyandSell search.asp Keyword Variable XSS
ActiveBuyandSell contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Keyword' variable upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17554
ActiveBuyandSell sendpassword.asp Title Variable XSS
ActiveBuyandSell contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Title' variable upon submission to the 'sendpassword.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/17553
Vuln: MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability
MPlayer MMST Stream ID Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/13271
Vuln: MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability
MPlayer RTSP Server Line Response Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/13270
Vuln: CPIO CHMod File Permission Modification Race Condition Weakness
CPIO CHMod File Permission Modification Race Condition Weakness
. Read more at securityfocus.com/bid/13159
Vuln: CPIO Filename Directory Traversal Vulnerability
CPIO Filename Directory Traversal Vulnerability. Read more at securityfocus.com/bid/13291
WASC-Articles: ‘DOM Based Cross Site Scripting or XSS of the Third Kind: A look at an overlooked flavor of XSS’
WASC-Articles: ‘DOM Based Cross Site Scripting or XSS of the Third Kind: A look at an overlooked flavor of XSS’. Read more at securityfocus.com/archive/1/404756
blogtorrent remote/local user password disclosure
blogtorrent remote/local user password disclosure. Read more at securityfocus.com/archive/1/404757
Re: SiteMinder Multiple Vulnerabilities
Re: SiteMinder Multiple Vulnerabilities
. Read more at securityfocus.com/archive/1/404761
[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities
[SECURITY] [DSA 752-1] New gzip packages fix several vulnerabilities. Read more at securityfocus.com/archive/1/404767
Leave a Reply