• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

CubeCart index.php Multiple Variable XSS

Network Security News – Wednesday, January 18, 2006 Events

CubeCart index.php Multiple Variable XSS

CubeCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'productId', 'docId', 'viewProd', or 'catId' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22471

America OnLine (AOL) YPG Picture Finder Tool ActiveX Control (YGPPicFinder.DLL) Overflow

A remote overflow exists in America Online. America Online contains a boundary error in the YPG Picture Finder Tool ActiveX Control, YGPPicFinder.DLL, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/22486

SimpleBlog comments.asp Comment Field XSS

SimpleBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the comment field upon submission to the comments.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22448

SMBCMS Site Search text Variable XSS

SMBCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'text' variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22494

WordPress wp-stats.php author Variable SQL Injection

WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-stats.php script not properly sanitizing user-supplied input to the 'author' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22450

geoBlog viewcat.php cat Variable SQL Injection

geoBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewcat.php script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22463

SimpleBlog index.php month Variable SQL Injection

SimpleBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'month' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22447

Mantis Project Documents Port Unspecified XSS

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the project document port functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22488

Tux Paint tuxpaint-import.sh Symlink Arbitrary File Overwrite

Tux Paint contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the tuxpaint-import.sh script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.. Read more at osvdb.org/22453

Mantis manage_user Unspecified XSS

Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the manage_users functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22487

Vuln: EMC Legato Networker Multiple Remote Vulnerabilities

EMC Legato Networker Multiple Remote Vulnerabilities. Read more at securityfocus.com/bid/16275

Vuln: Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability

Cisco IOS HTTP Service CDP Status Page HTML Injection Vulnerability. Read more at securityfocus.com/bid/16291

Vuln: Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability

Linux Kernel ProcFS Kernel Memory Disclosure Vulnerability. Read more at securityfocus.com/bid/16284

Vuln: Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability

Check Point VPN-1 SecureClient Path Specification Local Privilege Escalation Vulnerability. Read more at securityfocus.com/bid/16290

[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation

[SECURITY] [DSA 945-1] New antiword packages fix insecure temporary file creation. Read more at securityfocus.com/archive/1/422161

Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow – Exploit

Re: Veritas NetBackup "Volume Manager Daemon" Module Stack Overflow – Exploit. Read more at securityfocus.com/archive/1/422157

Re: Fullpath disclosure in roundcube webmail

Re: Fullpath disclosure in roundcube webmail. Read more at securityfocus.com/archive/1/422168

[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities

[SECURITY] [DSA 944-1] New mantis packages fix several vulnerabilities. Read more at securityfocus.com/archive/1/422152

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software