Network Security News – Monday, December 19, 2005 Events
Limbo CMS index2.php option Variable Traversal Arbitrary File Access
Limbo CMS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'index2.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'option' variable.. Read more at osvdb.org/21755
Limbo CMS index2.php _SERVER[REMOTE_ADDR] Variable Arbitrary PHP Command Execution
Limbo CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'index2.php' script not properly sanitizing user input supplied to the '_SERVER[REMOTE_ADDR]' variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.. Read more at osvdb.org/21756
Limbo CMS index.php _SERVER[REMOTE_ADDR] Variable SQL Injection
Limbo CMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the '_SERVER[REMOTE_ADDR]' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21753
Limbo CMS index.php _SERVER[REMOTE_ADDR] Variable XSS
Limbo CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_SERVER[REMOTE_ADDR]' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21754
Limbo CMS doc.inc.php Direct Request Path Disclosure
Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'doc.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21757
Limbo CMS element.inc.php Direct Request Path Disclosure
Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'element.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21758
Limbo CMS node.inc.php Direct Request Path Disclosure
Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'node.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21759
CKGold search.php keywords Variable XSS
CKGold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variables upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21675
ClickCartPro cp-app.cgi affl Variable XSS
ClickCartPro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'affl' variables upon submission to the 'cp-app.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21716
Teamwork Unspecified Menu Issue
Teamwork contains a flaw related to the menu security. No further details have been provided.. Read more at osvdb.org/21745
Leave a Reply