• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

vBulletin Avatar URL Field XSS

Network Security News – Monday, December 05, 2005 Events

vBulletin Avatar URL Field XSS

vBulletin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the remote avatar URL upon submission to the profile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21373

FreeWebStat pixel.php Multiple Variable XSS

FreeWebStat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'site', 'jsref', 'jsres', and 'jscolor' variables upon submission to the pixel.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21207

Gallery Add Image From Web XSS

Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the remote image url upon submission to the "Add Image From Web" feature. This could allow a user to create a specially crafted page that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21221

Atlassian Confluence Search Module searchQuery Variable XSS

Atlassian Confluence contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the variable "searchQuery" in the "dosearchsite.action" module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21377

Softbiz FAQ Script add_comment.php id Variable SQL Injection

FAQ Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the add_comment.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21261

Softbiz FAQ Script faq_qanda.php id Variable SQL Injection

FAQ Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the faq_qanda.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21258

Softbiz FAQ Script index.php cid Variable SQL Injection

FAQ Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21257

Softbiz FAQ Script print_article.php id Variable SQL Injection

FAQ Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the print_article.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21260

Softbiz FAQ Script refer_friend.php id Variable SQL Injection

FAQ Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the refer_friend.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21259

WSN Knowledge Base index.php Multiple Variable SQL Injection

WSN Knowledge Base contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'catid', 'perpage', 'ascdesc' and 'orderlinks' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21262

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software