• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Imoel CMS setting.php SQL Authentication Credential Cleartext Disclosure (Myth/F

Network Security News – Wednesday, December 21, 2005 Events

Imoel CMS setting.php SQL Authentication Credential Cleartext Disclosure (Myth/Fake)

Imoel CMS has been reported to contain a vulnerability that may allow the remote disclosure of the SQL authentication credentials (login/password). The reported issue would only occur on a system that is not configured to serve up PHP pages (.php) correctly, or was used in conjunction with another vulnerability that bypassed the normal behavior of the web server.. Read more at osvdb.org/21766

Template Markup Language (TML) index.php form Variable XSS

TML contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'form' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21801

Template Markup Language (TML) index.php id Variable SQL Injection

TML contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21802

iHTML Merchant Pro merchant.ihtml Multiple Variable SQL Injection

iHTML Merchant Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the merchant.ihtml script not properly sanitizing user-supplied input to the 'pid', 'id' and 'step' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21808

Honeycomb Archive CategoryResults.cfm Multiple Variable SQL Injection

Honeycomb Archive contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the CategoryResults.cfm script not properly sanitizing user-supplied input to the 'series', 'cat_parent', 'cat' and 'div' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21827

Honeycomb Archive search.cfm keyword Variable XSS

Honeycomb Archive contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the search.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21828

paFileDB Extreme Edition pafiledb.php Multiple Variable SQL Injection

paFileDB Extreme Edition contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the pafiledb.php script not properly sanitizing user-supplied input to the 'newsid' and 'id' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21822

Libertas ECMS /search/index.php page_search Variable XSS

Libertas ECMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page_search' variable upon submission to the '/search/index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21819

lemoon Search Module q Variable XSS

lemoon contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "q" variable upon submission to the search module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21820

iCMS RunScript.asp Event_ID Variable SQL Injection

iCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the RunScript.asp script not properly sanitizing user-supplied input to the 'Event_ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21810

Vuln: Multiple Fortinet Products IKE Exchange Denial Of Service Vulnerabilities

Multiple Fortinet Products IKE Exchange Denial Of Service Vulnerabilities. Read more at securityfocus.com/bid/15997

Vuln: myEZshop Shopping Cart Multiple Input Validation Vulnerabilities

myEZshop Shopping Cart Multiple Input Validation Vulnerabilities. Read more at securityfocus.com/bid/15965

Vuln: pTools Index.ASP SQL Injection Vulnerability

pTools Index.ASP SQL Injection Vulnerability. Read more at securityfocus.com/bid/15996

Vuln: LiveJournal Cleanhtml.PL HTML Injection Vulnerability

LiveJournal Cleanhtml.PL HTML Injection Vulnerability. Read more at securityfocus.com/bid/15990

MDKSA-2005:234 – Updated sudo packages fix vulnerability

MDKSA-2005:234 – Updated sudo packages fix vulnerability. Read more at securityfocus.com/archive/1/419916

iDefense Security Advisory 12.20.05: Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability

iDefense Security Advisory 12.20.05: Qualcomm WorldMail IMAP Server String Literal Processing Overflow Vulnerability. Read more at securityfocus.com/archive/1/419893

Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass

Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass. Read more at securityfocus.com/archive/1/419895

iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite

iDefense Security Advisory 12.20.05: McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite. Read more at securityfocus.com/archive/1/419896

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software