Network Security News – Sunday, July 24, 2005 Events
MDaemon IMAP CREATE Command Remote Overflow
A remote overflow exists in MDaemon IMAP server. MDaemon fails to validate the boundary of the CREATE command. With a specially crafted request, an authorized attacker can cause a buffer overflow, resulting in a loss of integrity.. Read more at osvdb.org/18070
Oracle 9iAS PL/SQL Package htp.print cbuf Variable XSS
Oracle 9iAS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cbuf' variable upon submission to the htp.print function of the PL/SQL HTP Package. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18214