1) IBM Tivoli Provisioning Manager OS Deployment Multiple Unspecified Input Validation Vulnerabilities
IBM Tivoli Provisioning Manager for OS Deployment is susceptible to multiple unspecified input validation vulnerabilities. An attacker who successfully exploits these vulnerabilities could execute arbitrary code with system-level privileges, leverage them to crash services, or possibly completely compromise affected computers. A fix is available. Contact the vendor for additional details.
http://www.securityfocus.com/bid/23264
2) Hitachi Multiple Products Unspecified SQL Injection Vulnerability
Multiple Hitachi products including Groupmax Collaboration Portal, uCosminexus Collaboration Portal, and uCosminexus Content Manager are susceptible to a SQL Injection vulnerability. When successfully exploited, SQL Injection can allow an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system. Updates which address these issues have been released. Contact the vendor for more information.
http://www.securityfocus.com/bid/23208/
3) IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
IBM Lotus Domino Web Access is susceptible to an HTML Injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This could possibly be used to steal cookie-based authentication credentials or to launch other attacks. A fix has been released. Contact the vendor for additional information.
http://www.securityfocus.com/bid/23173
4) PHP Folded Mail Headers Email Header Injection Vulnerability
PHP is susceptible to an email Header Injection vulnerability because it fails to properly sanitize user-supplied input when constructing email messages. An attacker could leverage this issue to create arbitrary mail headers, and then create and distribute spam messages from the affected computer. Affected version include PHP 4 up to and including 4.4.6, and PHP 5 up to and including 5.2.1. A fix has not yet been released. Contact the vendor for additional information.
http://www.securityfocus.com/bid/23145
5) PHP Mail Function ASCIIZ Message Truncation Weakness
PHP contains a weakness that allows an attacker to truncate email text to manipulate message content. This would potentially assist in phishing and other types of attacks. A fix has not yet been released. Contact the vendor for further details.
http://www.securityfocus.com/bid/23146
Posted
04-10-2007 11:56 AM
by
mark.painter