• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

SimpBook Guestbook Message Body XSS

Network Security News – Tuesday, December 27, 2005 Events

SimpBook Guestbook Message Body XSS

Codegrrl SimpBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input supplied to the guestbook message body. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21904

Trend Micro ServerProtect Crystal Report rptserver.asp Traversal Arbitrary File Access

ServerProtect contains a flaw that allows a remote attacker to display the contents of files outside of the web path via the Crystal Reports ActiveX object. The issue is due to the rptserver.asp script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'IMAGE' variable.. Read more at osvdb.org/21770

Trend Micro ServerProtect isaNVWRequest.dll POST Request Remote Overflow

A remote overflow exists in ServerProtect. ServerProtect's /ControlManager/cgi-bin/VA/isaNVWRequest.dll fails to properly handle POST requests containing chunked encoding with an overly large length value resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/21771

Trend Micro ServerProtect relay.dll POST Request Remote Overflow

A remote overflow exists in ServerProtect. ServerProtect's /TVCS/relay.dll fails to properly handle POST requests containing chunked encoding with an overly large length value resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/21772

Trend Micro ServerProtect EarthAgent Crafted Packet Remote DoS

ServerProtect contains a flaw that may allow a remote denial of service. The issue is triggered via specially crafted packets containing the string "\x21\x43\x65\x87" to port 5005 running the EarthAgent daemon, and will result in loss of availability for the platform.. Read more at osvdb.org/21773

Webglimpse webglimpse.cgi ID Variable XSS

WebGlimpse contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ID' variable upon submission to the 'webglimpse.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21791

ScareCrow forum.cgi forum Variable XSS

ScareCrow contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forum' variable upon submission to the 'forum.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21777

ProjectForum newpage.html originalpageid Variable XSS

ProjectForum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'originalpageid' variables upon submission to the 'newpage.html' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21734

ScareCrow post.cgi forum Variable XSS

ScareCrow contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forum' variable upon submission to the 'post.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21779

Citrix Program Neighborhood Application Set Name Overflow

A remote overflow exists in Citrix Program Neighborhood for Windows. The Program Neighborhood fails to correctly handle long 'Application Set' responses, resulting in a heap overflow. With a specially crafted UDP packet, an attacker can execute arbitray code, resulting in a loss of integrity.. Read more at osvdb.org/21816

Vuln: Bugzilla Syncshadowdb Insecure Temporary File Creation Vulnerability

Bugzilla Syncshadowdb Insecure Temporary File Creation Vulnerability. Read more at securityfocus.com/bid/16061

Vuln: Golden FTP Server APPE Command Buffer Overflow Vulnerability

Golden FTP Server APPE Command Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/16060

Vuln: Sun Solaris PC NetLink Insecure Permissions Vulnerability

Sun Solaris PC NetLink Insecure Permissions Vulnerability. Read more at securityfocus.com/bid/16059

Vuln: SimpBook Guestbook HTML Injection Vulnerability

SimpBook Guestbook HTML Injection Vulnerability. Read more at securityfocus.com/bid/16058

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software