• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Utopia News Pro news.php newsid Variable SQL Injection

Network Security News – Sunday, October 16, 2005 Events

Utopia News Pro news.php newsid Variable SQL Injection

Utopia News Pro contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'news.php' script not properly sanitizing user-supplied input to the 'newsid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19942

Utopia News Pro header.php sitetitle Variable XSS

Utopia News Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sitetitle' variable upon submission to the 'header.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19940

Utopia News Pro footer.php Multiple Variable XSS

Utopia News Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'version' and 'query_count' variables upon submission to the 'footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19941

Cyphor footer.php t_login Variable XSS

Cyphor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 't_login' variable upon submission to the 'footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19946

Cyphor lostpwd.php nick Field SQL Injection

Cyphor contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'lostpwd.php' script not properly sanitizing user-supplied input to the 'nick' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19943

Cyphor newmsg.php fid Variable SQL Injection

Cyphor contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newmsg.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19944

Cyphor newmsg.php fid Variable XSS

Cyphor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fid' variable upon submission to the 'newmsg.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19945

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software