Network Security News Monitor - Monday, March 27, 2006 Events

dotNetBB iforget.aspx Email Field XSS

dotNetBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'em' variable upon submission to the iforget.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

uniForum wbadmlog.aspx Multiple Field XSS

uniForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'txtuser' and 'txtemail' variables upon submission to the wbadmlog.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

ssCMS search.aspx keywords Variable XSS

ssCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the search.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.

Mac OS X automount Reserved Name File System Mount

Mac OS X contains an unspecified flaw related to the automount daemon that may allow a malicious file server to cause a denial of service or execute arbitrary code. No further details have been provided.. Read more.