Network Security News – Sunday, July 23, 2006 Events
Adobe Acrobat PDF Distillation Overflow
A local overflow exists in Acrobat Reader. Acrobat Reader fails to handle malicious content inserted in a PDF file resulting in a buffer overflow. If a user opens specially crafted file, an attacker can cause execute arbitrary
commands resulting in a loss of integrity.. Read more at osvdb.org/27156
Adobe Acrobat / Reader on Mac OS X Default Permission Weakness
Adobe Acrobat and Adobe Reader contains a flaw that may allow a malicious user to remove files or replace them with malicious programs. The flaw exists due to insecure default file permissions being set on the installed files and folders. It is possible that the flaw may allow the attacker to bypass certain security restrictions or gain escalated privileges resulting in a loss of confidentiality and integrity.. Read more at osvdb.org/27157
Microsoft IE WebViewFolderIcon setSlice Overflow
Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when calling the 'setSlice' method of the WebViewFolderIcon.WebViewFolderIcon.1 ActiveX object with the first parameter set to 0x7fffffff. This causes an invalid memory copy and will result in the loss of availability for the browser.. Read more at osvdb.org/27110
Microsoft IE OVCtl NewDefaultItem Method NULL Dereference
Microsoft Internet Explorer contains a flaw that may allow a malicious user to remotely crash an instance of Internet Explorer. The issue is triggered by a null dereference when an ActiveX object is created for Microsoft Office Outlook View Control. This could allow an attacker to create a specially crafted web page that would crash Internet Explorer resulting in loss of integrity.. Read more at osvdb.org/27112
Microsoft IE HTML Help COM Object Click Method NULL Dereference
Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when calling the "Click()" method of the Internet.HHCtrl.1 ActiveX object. This triggers a NULL dereference and will result in loss of availability for the browser.. Read more at osvdb.org/27231
Microsoft IE CEnroll SysAllocStringLen Invalid Length
Internet Explorer contains a flaw that may allow a local denial of service. The issue is triggered when a long parameter in the CEnroll.CEnroll.2 ActiveX object's stringToBinary method is used, and will result in loss of availability for the Internet Explorer software.. Read more at osvdb.org/27230
ActionApps um_uedit.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the include/um_uedit.php3 script not properly sanitizing user input supplied to the 'GLOBALS[AA_INC_PATH]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27305
ActionApps sliceobj.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the include/sliceobj.php3 script not properly sanitizing user input supplied to the 'GLOBALS[AA_INC_PATH]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27298
ActionApps tv_misc.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the include/tv_misc.php3 script not properly sanitizing user input supplied to the 'GLOBALS[AA_INC_PATH]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27304
ActionApps tv_email.php3 GLOBALS[AA_INC_PATH] Remote File Inclusion
ActionApps contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the include/tv_email.php3 script not properly sanitizing user input supplied to the 'GLOBALS[AA_INC_PATH]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27303
Vuln: Advanced Guestbook Multiple Cross-Site Scripting Vulnerabilities
Advanced Guestbook Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15927
Vuln: Advanced Guestbook Index.PHP Entry Parameter SQL Injection Vulnerability
Advanced Guestbook Index.PHP Entry Parameter SQL Injection Vulnerability. Read more at securityfocus.com/bid/13548
Leave a Reply