• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

FatWire UpdateEngine Multiple Variable XSS

Network Security News – Thursday, December 29, 2005 Events

FatWire UpdateEngine Multiple Variable XSS

FatWire UpdateEngine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'FUELAP_TEMPLATENAME', 'EMAIL' and 'COUNTRYNAME' variables upon submission to the 'UpdateEngine' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21936

Cerberus Helpdesk GUI display.php thread Variable SQL Injection

Cerberus Helpdesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'display.php' script not properly sanitizing user-supplied input to the 'thread' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21994

Cerberus Helpdesk GUI display_ticket_thread.php ticket Variable SQL Injection

Cerberus Helpdesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'display_ticket_thread.php' script not properly sanitizing user-supplied input to the 'ticket' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21995

Cerberus Helpdesk GUI email_parser.php Multiple Variable SQL Injection

Cerberus Helpdesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'email_parser.php' script not properly sanitizing user-supplied input to the 'addy' and 'address' variables in the 'is_queue_address', 'is_banned_address' and 'is_admin_address' functions. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21990

MarmaraWeb E-commerce index.php page Variable Arbitrary Command Execution

MarmaraWeb E-commerce contains a flaw that allows a remote arbitrary code execution attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code, leading to a loss of integrity.. Read more at osvdb.org/21903

Cerberus Helpdesk GUI structs.php cer_email_address_struct Function SQL Injection

Cerberus Helpdesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'structs.php' script not properly sanitizing user-supplied input to the 'cer_email_address_struct' function. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21991

MarmaraWeb E-commerce index.php page Variable XSS

MarmaraWeb E-commerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21902

Cerberus Helpdesk GUI addresses_export.php queues Variable SQL Injection

Cerberus Helpdesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'addresses_export.php' script not properly sanitizing user-supplied input to the 'queues' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21993

Cerberus Helpdesk GUI cer_KnowledgebaseHandler.class.php _load_article_details Function SQL Injection

Cerberus Helpdesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'cer_KnowledgebaseHandler.class.php' script not properly sanitizing user-supplied input to the 'mode', 'root', 'sid' and 'kbid' variables of the '_load_article_details' function. This may allow an attacker to fetch the "superuser" md5 password by manipulating SQL queries in the backend database.. Read more at osvdb.org/21992

Quicksilver Forums HTTP_USER_AGENT SQL Injection

Quicksilver Forums contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the input passed to HTTP_USER_AGENT header not being properly sanitized. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21443

Vuln: Koobi BBCode URL Tag Script Injection Vulnerability

Koobi BBCode URL Tag Script Injection Vulnerability. Read more at securityfocus.com/bid/16078

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software