iDefense Security Advisory 10.30.07 - Local exploitation of a file access vulnerability in the swcons command included in multiple versions of IBM Corp.'s AIX could allow for the creation or modification of arbitrary files anywhere on the system. The vulnerability specifically exists due to a lack of sanity checking when using the -p option. If a user specifies a file with the -p option, the contents of that file will be overwritten with 65,535 bytes of uncontrolled data. If the file doesn't exist, it will be created. In both cases, the file will also be converted to mode 222, which allows all users on the system to modify it. By specifying a system file, users can cause a denial of service condition or elevate privileges. iDefense has confirmed the existence of this vulnerability on IBM AIX version 5.2. It is suspected that previous versions are also vulnerable.
137f1cad4a41d7bcbdb4f9ae9c4cf56ffb3ca54059b49a1b60264399bd6c42f0ILIAS versions 3.8.3 and below suffer from a cross site scripting vulnerability.
5c04062e7c2d142c43d85c8c39acfd287054dc5704dbada7794672cddb300fbaphpFaber URLInn version 2.0.5 is susceptible to a remote file inclusion vulnerability.
26be7eb819f53a216e02d78a41a48c2e8e4f564bca36e875cb4e98f1ae8aaae4miniBB version 2.1 suffers from a remote SQL injection vulnerability.
4222c954f5bf2532294f274575e15c2204346ff740800b96422ff0a084047ea0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed