• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

phpBB datenbank Module mod.php id Variable XSS

Network Security News – Tuesday, January 24, 2006 Events

phpBB datenbank Module mod.php id Variable XSS

phpBB datenbank Module contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'mod.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15812

CityPost Automated Link Exchange message.php msg Variable XSS

CityPost Automated Link Exchange contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the 'message.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15676

Invision Power Board topics.php highlite Variable XSS

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'highlite' variable upon submission to the 'topics.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/16298

Tftpd32 Long File Name Request Remote DoS

Tftpd32 contains a flaw that may allow a remote denial of service. The issue is triggered when the server receives a TFTP request with a long filename, and will result in loss of availability for the service.. Read more at osvdb.org/12898

ParosProxy JDBC HSQLDB Command Injection

ParosProxy contains a flaw that may allow a malicious user to inject arbitary commands in the embedded HSQLDB. The issue is triggered when a local user submits a specially crafted request via JDBC on TCP port 9001. It is possible that the flaw may allow injection of arbitary commands resulting in a loss of integrity.. Read more at osvdb.org/20722

RCBlog index.php post Variable Arbitrary .txt File Access

RCBlog contains a flaw that allows a remote attacker to view arbitrary files with the .txt extension outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "post" variable.. Read more at osvdb.org/22680

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software