• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Helpdesk Issue Manager find.php Multiple Variable SQL Injection

Network Security News – Tuesday, November 29, 2005 Events

Helpdesk Issue Manager find.php Multiple Variable SQL Injection

HelpDesk Issue Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the find.php script not properly sanitizing user-supplied input to several variables (id, detail[], orderdir and orderby). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21115

e-Quick Cart shopprojectlogin.asp strpemail Variable SQL Injection

e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopprojectlogin.asp' script not properly sanitizing user-supplied input to the 'strpemail' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20998

e-Quick Cart shopprojectlogin.asp strpid Variable XSS

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strpid' variable upon submission to the 'shopprojectlogin.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20995

e-Quick Cart shoptellafriend.asp Custname Variable XSS

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Custname' variable upon submission to the 'shoptellafriend.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20996

e-Quick Cart shoptellafriend.asp id Variable SQL Injection

e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shoptellafriend.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20999

e-Quick Cart shopmaillist.asp strfirstname Variable XSS

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strfirstname' variable upon submission to the 'shopmaillist.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20994

e-Quick Cart shopgift.asp strgifttoname Variable XSS

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strgifttoname' variable upon submission to the 'shopgift.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20993

e-Quick Cart shopaddtocart.asp productid Variable SQL Injection

e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopaddtocart.asp' script not properly sanitizing user-supplied input to the 'productid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20997

blogBuddies index.php u Variable XSS

blogBuddies contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'u' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21111

blogBuddies magpie_slashbox.php rss_url Variable XSS

blogBuddies contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'rss_url' variable upon submission to the 'magpie_slashbox.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21113

Vuln: SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities

SearchSolutions Multiple Products Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15612

Vuln: Microsoft Windows SynAttackProtect Predictable Hash Remote Denial of Service Vulnerability

Microsoft Windows SynAttackProtect Predictable Hash Remote Denial of Service Vulnerability. Read more at securityfocus.com/bid/15613

Vuln: PHP Doc System Local File Include Vulnerability

PHP Doc System Local File Include Vulnerability. Read more at securityfocus.com/bid/15611

Vuln: GuppY Multiple Local File Include and Information Disclosure Vulnerabilities

GuppY Multiple Local File Include and Information Disclosure Vulnerabilities. Read more at securityfocus.com/bid/15610

Re: – Cisco IOS HTTP Server code injection/execution vulnerability

Re: – Cisco IOS HTTP Server code injection/execution vulnerability-. Read more at securityfocus.com/archive/1/417949

Core FORCE and OpenBSD PF’s

Core FORCE and OpenBSD PF’s. Read more at securityfocus.com/archive/1/417965

Flaw in Syn Attack Protection on non-updated Microsoft OSes can lead to DoS

Flaw in Syn Attack Protection on non-updated Microsoft OSes can lead to DoS. Read more at securityfocus.com/archive/1/417952

What is wrong with these people?

What is wrong with these people?. Read more at securityfocus.com/archive/1/417948

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software