• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Nucleus Multiple Script Remote File Inclusion (Myth/Fake)

Network Security News – Wednesday, July 26, 2006 Events

Nucleus Multiple Script Remote File Inclusion (Myth/Fake)

Nucleus has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the action.php, media.php, server.php and api_metaweblog.inc.php scripts not properly sanitizing user input supplied to the 'DIR_LIBS' variable. However, subsequent evaluation by another researcher indicates the DIR_LIBS variable is previously defined by config.php and not user controlled.. Read more at osvdb.org/27502

PHP Live! setup/header.php css_path Variable Remote File Inclusion

PHP Live! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /setup/header.php not properly sanitizing user input supplied to the 'css_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27449

PHP Live! help.php css_path Variable Remote File Inclusion

PHP Live! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to help.php not properly sanitizing user input supplied to the 'css_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27448

Microsoft IE Native Function Iteration NULL Dereference

Microsoft Internet Explorer (MSIE) contains a flaw that may allow a local denial of service. The issue is triggered when attempting to iterate a native function causing a NULL dereference, and will result in loss of availability for the browser.. Read more at osvdb.org/27373

Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion

Contenido contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /contenido/classes/class.inuse.php not properly sanitizing user input supplied to the 'cfg[path][contenido]' and 'cfg[path][classes]' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27484

Microsoft IE "download behavior" Server Side Redirect Arbitrary File Access

Microsoft Internet Explorer (MSIE) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user visits a malicious web site with their browser while having active scripting enabled. The malicious web site can return a response that overwrites the download URL via a server side redirect, which will disclose local files on the user's system resulting in a loss of confidentiality.. Read more at osvdb.org/11274

sipXtapi INVITE Message CSeq Field Overflow

A remote overflow exists in SIPfoundry, Inc. siXtapi. The program fails to validate the length of the 'CSeq' field of an INVITE message resulting in a buffer overflow. With a specially crafted message, an attacker can run arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/27122

NewsPHP index.php Multiple Variable XSS

NewsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'words', 'tim', 'id', and 'cat_id' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26976

Joomla! SEF Feature Unspecified XSS

Joomla! contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the 'SEF' functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26913

Joomla! Weblinks Feature SQL Injection

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Weblinks' functionality. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26912

Vuln: eIQNetworks Enterprise Security Analyzer Multiple Syslog Daemon Buffer Overflow Vulnerabilities

eIQNetworks Enterprise Security Analyzer Multiple Syslog Daemon Buffer Overflow Vulnerabilities. Read more at securityfocus.com/bid/19167

Vuln: eIQNetworks Enterprise Security Analyzer SyslogServer.EXE Buffer Overflow Vulnerability

eIQNetworks Enterprise Security Analyzer SyslogServer.EXE Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/19165

Vuln: eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability

eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability

. Read more at securityfocus.com/bid/19164

Vuln: eIQnetworks Enterprise Security Analyzer License Manager Remote Buffer Overflow Vulnerability

eIQnetworks Enterprise Security Analyzer License Manager Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/19163

[security bulletin] HPSBUX02087 SSRT4728 rev.2 – HP-UX running TCP/IP Remote Denial of Service (DoS)

[security bulletin] HPSBUX02087 SSRT4728 rev.2 – HP-UX running TCP/IP Remote Denial of Service (DoS). Read more at securityfocus.com/archive/1/441101

[ GLSA 200607-10 ] Samba: Denial of Service vulnerability

[ GLSA 200607-10 ] Samba: Denial of Service vulnerability

. Read more at securityfocus.com/archive/1/441100

[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities

[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities. Read more at securityfocus.com/archive/1/441078

[USN-296-2] Firefox vulnerabilities

[USN-296-2] Firefox vulnerabilities. Read more at securityfocus.com/archive/1/441079

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software