• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Apache worker.c MPM Memory Exhaustion DoS

Network Security News – Tuesday, November 08, 2005 Events

Apache worker.c MPM Memory Exhaustion DoS

Apache Multi-Processing Module (MPM) contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker uses aborted connection attempts to fill transaction pool memory, preventing the memory from being reused for other connections. This will result in loss of availability for the service.. Read more at osvdb.org/20462

Phorum Cookie User Credential Storage

Phorum contains a flaw that may allows a remote attacker to arbitrary hijack user sessions. The problem is that the application stores user credentials in cookies. It is possible for a remote attacker to arbitrary manipulate cookies and hijack user sessions resulting in a loss of integrity.. Read more at osvdb.org/19157

Phorum control.php User Signature XSS

Phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the user signature upon submission to the 'control.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19156

Phorum register.php Username Field XSS

Phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'Username' field upon submission to the 'register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19155

PHP mod_php apache2handler SAPI Crafted .htaccess DoS

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user places a specially crafted .htaccess file in a root directory while safe mode is active. This will cause a segmentation fault, resulting in loss of availability for the service.. Read more at osvdb.org/20491

Land Down Under journal.php w Variable XSS

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'w' variable upon submission to the 'journal.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19295

Land Down Under index.php Multiple Variable XSS

Land Down Under (LDU) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'c', 'm' and 'w' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/19297

DCP Portal POST Method calendar.php year Variable SQL Injection

DCP Portal contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'calendar.php' script not properly sanitizing user-supplied POST requests to the 'year' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20494

DCP Portal POST Method register.php name Variable SQL Injection

DCP Portal contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'register.php' script not properly sanitizing user-supplied POST requests to the 'name' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20493

eyeOS desktop.php motd Variable XSS

eyeOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'motd' variable upon submission to the 'desktop.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/20410

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software