Network Security News – Sunday, September 03, 2006 Events
Fuji Xerox Printing Systems (FXPS) Print Engine Crafted Request HTTP Authentication Bypass
Fuji Xerox Printing Systems (FXPS) Print Engine contains a flaw that may allow bypassing certain security restrictions. The issue is triggered because the embedded HTTP server does not authenticate certain HTTP requests correctly. It is possible that the flaw may allow a malicious user to make unauthorized changes to the system configuration or to cause a denial of service resulting in a loss of integrity or availability.. Read more at osvdb.org/28250
GDB DWARF Debugging Code Crafted Location Block Overflow
A remote overflow exists in GDB DWARF. The compiler fails to handle 'DWARF' or 'DWARF2' information resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/28318
xbiff2 .xbiff2rc File Permission Weakness Information Disclosure
Xbiff 2 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the configuration routine which creates .xbiff2rc with file permissions set to 755, which will disclose user's POP or IMAP credentials resulting in a loss of confidentiality.. Read more at osvdb.org/28278
Cerberus Helpdesk ticket Variable Arbitrary Ticket Access
Cerberus Helpdesk contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to missing access verification in the Client Support Center when viewing tickets, which will disclose other users' tickets informations by changing the 'ticket' parameter resulting in a loss of confidentiality.. Read more at osvdb.org/28317
AIX dtterm Unspecified Local Privilege Escalation
AIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges and execute arbitrary code with root privileges. The issue is triggered due to an unspecified error in 'dtterm'. This flaw may lead to a loss of Integrity.. Read more at osvdb.org/28275
Streamripper HTTP Header Parsing Overflow
A remote overflow exists in Streamripper. The product fails to check for boundary errors while processing certain HTTP headers resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/28178
Sun Java System Content Delivery Server Arbitrary File Disclosure
Sun Java System Content Delivery Server contains a flaw that may allow a malicious user to read data from arbitrary file. No further details have been provided.. Read more at osvdb.org/28227
phpCodeGenie Core.php BEAUT_PATH Variable Remote File Inclusion
phpCodeGenie contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the '/app/common/lib/codeBeautifier/Beautifier/Core.php' script not properly sanitizing user input supplied to the 'BEAUT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28035
phpECard functions.php include_path Variable Remote File Inclusion
phpECard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'functions.php' not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28291
ezContents showlinks.php GLOBALS[admin_home] Variable Remote File Inclusion
ezContents contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the showlinks.php script not properly sanitizing user input supplied to the 'GLOBALS[admin_home]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/28325
Leave a Reply