May 24, 2006 : Security and IP mobility challenges are driving demand for a new category of convergence gateway equipment, according to Unstrung Insider
Dark Reading's repository of intel on IT security. More of a 'megabase' than a database, Dark Entries lets you dig for information, or share your expertise. The choice is yours, grasshopper.
ENTERPRISE VULNERABILITIES
Vulnerability: ISPConfig ISPConfig Published: 2006-06-15 Severity: HIGH Description: Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php.
Vulnerability: Codewalkers ltwCalendar Published: 2006-06-15 Severity: HIGH Description: ** DISPUTED ** PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement.
Vulnerability: Amr Talkbox Amr Talkbox Published: 2006-06-15 Severity: HIGH Description: ** DISPUTED ** PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, sine the $direct variable is set to a static value just before the include statement.
Vulnerability: Cescripts Realty Home Rent Published: 2006-06-15 Severity: LOW Description: Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Home Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter.
Vulnerability: Cescripts Realty Room Rent Published: 2006-06-15 Severity: LOW Description: Cross-site scripting (XSS) vulnerability in index.php in Cescripts Realty Room Rent allows remote attackers to inject arbitrary web script or HTML via the sel_menu parameter.
POWERFUL INFORMATION AT YOUR FINGERTIPS (SPONSORED LINKS)