The php functions "exec", "system", "popen" (and similar) keep file descriptors of the parent process opened. When a new process is run this program will inherit all opened file descriptors of its parent. This can be used by hostile programs to listen and accept connections on port 80, or write to the apache log files.
df0886b7417f348dce9959a45e47a889aa6e01dd100f026507d0c694e50c33e3Armorize-ADV-2006-0006 discloses multiple cross-site scripting vulnerabilities that are found in KnowledgeBank (http://sourceforge.net/projects/knowledgebank/), which is a is a PHP/mySQL web app that allows you to create a searchable database application with categories, subcategories, and screenshots.
c927285de10b58e4f08255e17e9aac5473d0afa4e7f732a3759dd534a2c01d3dKICS cms suffers from an SQL injection vulnerability that can be used to gain administrative privileges.
c63da37314a6840ff5959a53f296ea306761576606a8d1acabaa3afa922df13bUltraCMS 0.9 suffers from an SQL injection vulnerability which can be used to gain administrative privileges.
16f09bababa6c7297143a2a4505336bd9103adb0e2dc170f27c5573543ee0858DigitalHive 2.0 RC2 suffers from a remote file inclusion vulnerability in base_include.php.
64c56e2bb825fa0e0a6fff5d832614de9a5d2c84b668a23f35957848a9af3001A paper discussing a race condition vulnerability in a software package called TORQUE Resource Manager.
8e3866e0319643aa29a9919eaa286e3471d96bfe045e873e7e743efd8891fb19rPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.
d62aeb3881b902a5efb505319342562b3c2dd128421144cad0ce895f592acd96Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.
8975e8f16ac28ee7b9331a2b37d25c54c13dab742ee263dc198ad8e73e93e6bdHPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065: Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d534dbc9037f027408f159b6b857432cbdcb78dbb5f9bd0ddedf322433ac96f7Ubuntu Security Notice 367-1: An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service.
90854ac0e96c7bdf1a8c3510f8ee136c7c53119f8c29929c8dcea427e0ab3fa5Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.
1ffc1a3c73c760ac58f91ec3ae453c8ca7a813338127f8d1868f21bb892b88b0Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.
1ffc1a3c73c760ac58f91ec3ae453c8ca7a813338127f8d1868f21bb892b88b0Gentoo Linux Security Advisory GLSA 200610-08 - Unchecked use of strcpy() and *scanf() leads to several buffer overflows. Versions less than 15.5.20060927 are affected.
28493ecd8598067c624d4c2bb2b0a887735dd04d2ba935ad91f1d97352b11180Drupal security advisory - DRUPAL-SA-2006-024: Multiple XSS (cross site scripting) vulnerabilities have been discovered.
1aa675f91c66e69c739dbfa33817a0d04e6526d3a5f2b4c2b15192944ad977b4Drupal security advisory DRUPAL-SA-2006-025: Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal site while visiting a website created by an attacker. This website will now be able to submit any form to the Drupal site with the privileges of user 1, either by enticing the user to submit a form or by automated means. An attacker can exploit this vulnerability by changing passwords, posting PHP code or creating new users, for example. The attack is only limited by the privileges of the session it executes in.
c2eab01fab47cd53866e412e9c040859163e8d5a1dfd064f8742b495b323b50aDrupal security advisory DRUPAL-SA-2006-026: A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site.
aac4a667546b92b6c6ad5f65a8adf2bf591fd7078837743847a284bbb2d5ba58Novell eDirectory/iMonitor Remote Code Execution Security Advisory: Novell's HTTP Protocol Stack (httpstk) is a component of iMonitor which provides a web-based interface for management of eDirectory, an LDAP service forming the basis for many of the world s largest identity-management deployments. The code fails to check the length of client-supplied HTTP Host request-header (e.g. Host: www.host.com) values before using them to build a formatted URL into an inadequate, statically-sized buffer on the stack. This condition occurs in a call to snprintf() while the server is preparing an HTTP redirect response and can be triggered remotely, before any authentication takes place. This can allow attacker supplied code to be executed on vulnerable systems.
83f493818d78f80ff8f029bc85f643e0e2806d60376926715e9dc35b65088b58[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED): Summary: CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5bThe Asterisk Skinny channel driver for Cisco SCCP phones chan_skinny.so) incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root.
375f21639bb208bd239538725658092493aa1588e6038a60e78e34e06d806e2dNational Cyber Alert System - Technical Cyber Security Alert TA06-291A: Oracle Updates for Multiple Vulnerabilities
8c2cf43c1e1381dd8f0795056b5bc8eeed34189c5408d22004d2fb83b5e60de0An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.
0c45b1d562e077e6945b0677cd1ab74d79b4754f927c1df8be3f30b948146365Secunia Research 18/10/2006 - Joomla BSQ Sitestats Script Insertion and SQL Injection: Secunia Research has discovered some vulnerabilities in the BSQ Sitestats component for Joomla, which can be exploited by malicious people to conduct script insertion or SQL injection attacks.
75f22230642955d8f34b22474e9d1fbc4ee2657453e32d589105b5c872b599fcSecunia Research 18/10/2006: IBM Lotus Notes Insecure Default Folder Permissions - Secunia Research has discovered a security issue in Lotus Notes, which can be exploited by malicious, local users to manipulate arbitrary files.
329a738d598319ed98c9d729752ed575b69c649c13730dad35244762b9e39337The management interface of AirMagnet Enterprise contains several middle-risk vulnerabilities. Vulnerabilities ranges from reflected and stored Cross-Site scripting to remote code execution and protection bypass.
45b51e4b288d9397d096ede91151af95bd3a8a02a4557cdb8b9a9635359a4393Highwall Enterprise and Highwall Endpoint wireless IDS management interface contain multiple vulnerabilities which can lead to privilege escalation and code execution.
104af84b88d66190c16142880c76ba81765558cf0f8d6a9b89f3c81eacec3f1d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed