• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference Do

Network Security News – Tuesday, August 08, 2006 Events

Microsoft Windows Server Driver (srv.sys) Crafted SMB Packet NULL Dereference DoS

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted SMB packet to the Server service (srv.sys), and will result in loss of availability for the platform.. Read more at osvdb.org/27644

aWebNews login.php page Variable Arbitrary File Access (Myth/Fake)

aWebnews has been reported to contain a flaw that allows a remote attacker to access arbitrary files inside the web path. The issue is supposedly due to the login.php script not properly sanitizing user input, specifically direct path requests supplied via the 'page' variable. However, subsequent examination indicates that the variable is only used in a META refresh call and can not access files unless they have already been accessed.. Read more at osvdb.org/27671

Microsoft IE ActiveX Killbit Setting Bypass

Microsoft Internet Explorer contains a flaw that may allow a malicious user to bypass the kill bit settings for ActiveX controls. The issue is triggered when user visits a malicious web page that contains specially crafted HTML which would cause the killbit setting for ActiveX controls to be bypassed. It is possible that the flaw may allow to execute arbitary code with user privileges.. Read more at osvdb.org/23657

Microsoft IE Cross Frame Security Arbitrary File Access

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a user visits a malicious web site, which could read files on the local file system.. Read more at osvdb.org/7837

SAXON news.php template Variable Remote File Inclusion (Myth/Fake)

SAXON has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the news.php script not properly sanitizing user input supplied to the 'template' variable. However, due to a high percent of inaccurate assessments by this researcher, it is believed that an attacker does not have the ability to manipulate the input.. Read more at osvdb.org/27661

Colophon for Joomla admin.colophon.php mosConfig_absolute_path Variable Remote File Inclusion

Colophon for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin.colophon.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/27659

BomberClone send_pkg Function Remote Information Disclosure

BomberClone contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specialy crafted packet (containing a huge word value related to the length of the packet), which will disclose part of the memory in the answering packet payload resulting in a loss of confidentiality.. Read more at osvdb.org/27648

BomberClone rscache_add Crafted Packet Remote DoS

BomberClone contains a flaw that may allow a malicious user to cause a denial of service. The issue is triggered when sending a specially crafted packet that is processed and used incorrectly in a memcpy function. Due to a big-endian check bypass it is possible that the flaw may cause a NULL dereference or overwrite of parts of the memory resulting in a loss availability.. Read more at osvdb.org/27647

AWStats awstats.pl PluginMode Parameter Arbitrary Command Execution

AWStats contains a flaw that may allow a malicious user to issue arbitrary commands under the webserver privileges. The issue is triggered when passing perl commands to the 'PluginMode' variable of the awstats.pl script via a colon (:) character. It is possible that the flaw may allow execution of arbitrary commands resulting in a loss of integrity.. Read more at osvdb.org/13832

AWStats awstats.pl Multiple Parameter Shell Metacharacter Arbitrary Command Execution

AWStats contains several flaws that may allow a malicious user to execute arbitrary code. The issue is triggered when providing shell meta-characters to the "pluginmode", "loadplugin", or "noloadplugin" variables of the awstats.pl script. It is possible that the flaw may allow execution of arbitrary commands under the web server privileges resulting in a loss of integrity.. Read more at osvdb.org/16089

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software