Network Security News – Wednesday, July 26, 2006 Events
Nucleus Multiple Script Remote File Inclusion (Myth/Fake)
Nucleus has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the action.php, media.php, server.php and api_metaweblog.inc.php scripts not properly sanitizing user input supplied to the 'DIR_LIBS' variable. However, subsequent evaluation by another researcher indicates the DIR_LIBS variable is previously defined by config.php and not user controlled.. Read more at osvdb.org/27502
PHP Live! setup/header.php css_path Variable Remote File Inclusion
PHP Live! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /setup/header.php not properly sanitizing user input supplied to the 'css_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27449
PHP Live! help.php css_path Variable Remote File Inclusion
PHP Live! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to help.php not properly sanitizing user input supplied to the 'css_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27448
Microsoft IE Native Function Iteration NULL Dereference
Microsoft Internet Explorer (MSIE) contains a flaw that may allow a local denial of service. The issue is triggered when attempting to iterate a native function causing a NULL dereference, and will result in loss of availability for the browser.. Read more at osvdb.org/27373
Contenido contenido/classes/class.inuse.php Multiple Variable Remote File Inclusion
Contenido contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /contenido/classes/class.inuse.php not properly sanitizing user input supplied to the 'cfg[path][contenido]' and 'cfg[path][classes]' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27484
Microsoft IE "download behavior" Server Side Redirect Arbitrary File Access
Microsoft Internet Explorer (MSIE) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user visits a malicious web site with their browser while having active scripting enabled. The malicious web site can return a response that overwrites the download URL via a server side redirect, which will disclose local files on the user's system resulting in a loss of confidentiality.. Read more at osvdb.org/11274
sipXtapi INVITE Message CSeq Field Overflow
A remote overflow exists in SIPfoundry, Inc. siXtapi. The program fails to validate the length of the 'CSeq' field of an INVITE message resulting in a buffer overflow. With a specially crafted message, an attacker can run arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/27122
NewsPHP index.php Multiple Variable XSS
NewsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'words', 'tim', 'id', and 'cat_id' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26976
Joomla! SEF Feature Unspecified XSS
Joomla! contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the 'SEF' functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/26913
Joomla! Weblinks Feature SQL Injection
Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Weblinks' functionality. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/26912
Vuln: eIQNetworks Enterprise Security Analyzer Multiple Syslog Daemon Buffer Overflow Vulnerabilities
eIQNetworks Enterprise Security Analyzer Multiple Syslog Daemon Buffer Overflow Vulnerabilities. Read more at securityfocus.com/bid/19167
Vuln: eIQNetworks Enterprise Security Analyzer SyslogServer.EXE Buffer Overflow Vulnerability
eIQNetworks Enterprise Security Analyzer SyslogServer.EXE Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/19165
Vuln: eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability
eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer Overflow Vulnerability
. Read more at securityfocus.com/bid/19164
Vuln: eIQnetworks Enterprise Security Analyzer License Manager Remote Buffer Overflow Vulnerability
eIQnetworks Enterprise Security Analyzer License Manager Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/19163
[security bulletin] HPSBUX02087 SSRT4728 rev.2 – HP-UX running TCP/IP Remote Denial of Service (DoS)
[security bulletin] HPSBUX02087 SSRT4728 rev.2 – HP-UX running TCP/IP Remote Denial of Service (DoS). Read more at securityfocus.com/archive/1/441101
[ GLSA 200607-10 ] Samba: Denial of Service vulnerability
[ GLSA 200607-10 ] Samba: Denial of Service vulnerability
. Read more at securityfocus.com/archive/1/441100
[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities
[ GLSA 200607-09 ] Wireshark: Multiple vulnerabilities. Read more at securityfocus.com/archive/1/441078
[USN-296-2] Firefox vulnerabilities
[USN-296-2] Firefox vulnerabilities. Read more at securityfocus.com/archive/1/441079
Leave a Reply