Network Security News – Monday, August 15, 2005 Events
SuSE Linux Kernel Unspecified Stack Fault Exception Local DoS
Linux contains a flaw related to the kernel that may allow an attacker to cause a stack fault exception, resulting in a local denial of service. No further details have been provided.. Read more at osvdb.org/18702
FUDforum mid Variable Tree View Arbitrary Restricted Message Access
FUDforum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker modifies the mid HTTP variable, which will disclose arbitrary restricted forum messages resulting in a loss of confidentiality.. Read more at osvdb.org/18699
Gallery with PostNuke Security Restriction Bypass
Gallery contains a flaw related to input validation of the global '$name' variable when running with PostNuke. Users with any type of admin access in PostNuke have full contol over other users' albums in Gallery, bypassing security restrictions.. Read more at osvdb.org/18684
VERITAS Backup Exec Remote Agent Arbitrary File Download
Veritas Backup Exec for Windows Servers contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user sends a CONNECT_CLIENT_AUTH request with a hardcoded password value to trigger the flaw. If successful, the flaw will disclose arbitrary files that are accessible via the Windows system account, resulting in a loss of confidentiality.. Read more at osvdb.org/18695
FunkBoard reply.php Multiple Variable XSS
FunkBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fbusername' or 'fbpassword' variables upon submission to the 'reply.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18616
FunkBoard register.php Multiple Variable XSS
FunkBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fbusername', 'fmail', 'www', 'icq', 'yim', 'location', 'sex', 'interebbies', 'sig' or 'aim' variables upon submission to the 'register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18618
FunkBoard profile.php Multiple Variable XSS
FunkBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fbusername' or 'fbpassword' variables upon submission to the 'profile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18617
FunkBoard prefs.php Multiple Variable XSS
FunkBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fbusername' or 'fbpassword' variables upon submission to the 'prefs.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18614
FunkBoard newtopic.php Multiple Variable XSS
FunkBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fbusername', 'subject' or 'fbpassword' variables upon submission to the 'newtopic.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/18615
FunkBoard mysql_install.php Admin/Database Password Manipulation
FunkBoard contains a flaw that may allow a remote attacker to arbitrarily manipulate the admin and database passwords. The problem is that the application does not remove the 'mysql_install.php' script after installation, which may allow a remote attacker to arbitrarily create a new database and reset the administrator's username and password resulting in a loss of integrity.. Read more at osvdb.org/18620
Vuln: Nullsoft SHOUTcast File Request Format String Vulnerability
Nullsoft SHOUTcast File Request Format String Vulnerability. Read more at securityfocus.com/bid/12096
Vuln: WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow Vulnerability
WhitSoft Development SlimFTPd Multiple Commands Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/14339
Vuln: Novell ZENworks Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
Novell ZENworks Multiple Remote Pre-Authentication Buffer Overflow Vulnerabilities
. Read more at securityfocus.com/bid/13678
Vuln: Veritas Backup Exec For Windows And NetWare Arbitrary File Download Vulnerability
Veritas Backup Exec For Windows And NetWare Arbitrary File Download Vulnerability. Read more at securityfocus.com/bid/14551
SQL in PHPTB Topic Boards 2.0
SQL in PHPTB Topic Boards 2.0. Read more at securityfocus.com/archive/1/408052
Low security hole affecting Mentor’s ADSLFR4II router
Low security hole affecting Mentor’s ADSLFR4II router. Read more at securityfocus.com/archive/1/408050
JaguarControl Activex Buffer Overflow
JaguarControl Activex Buffer Overflow
. Read more at securityfocus.com/archive/1/408051
Re: Xoops 2.2.1 Full Path Disclosure
Re: Xoops 2.2.1 Full Path Disclosure. Read more at securityfocus.com/archive/1/408002
Leave a Reply