• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

active121 Site Manager risultati_ricerca.php cerca Variable XSS

Network Security News – Thursday, January 26, 2006 Events

active121 Site Manager risultati_ricerca.php cerca Variable XSS

active121 Site Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cerca' variable upon submission to the 'risultati_ricerca.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22715

Goldstag Content Management System search.asp text Variable XSS

Goldstag Content Management System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'text' variable upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22711

IdeoContent Manager index.php goto_id Variable XSS

IdeoContent Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'goto_id' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22713

IdeoContent Manager index.php Multiple Variable SQL Injection

IdeoContent Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'goto_id' and 'mid' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22714

IdeoContent Manager news_full.php page Variable XSS

IdeoContent Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'news_full.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22712

ioFTPd Login Error Message Username Enumeration

ioFTPd contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to different messages being returned depending on whether or not a supplied username exists, which will disclose valid usernames resulting in a loss of confidentiality.. Read more at osvdb.org/22709

osCommerce Additional Images Module additional_images.php products_id Variable SQL Injection

osCommerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the additional_images.php script not properly sanitizing user-supplied input to the 'products_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19874

aspReady FAQ Manager Login Multiple Field SQL Injection

aspReady FAQ Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'txtLogin' and 'txtPassword' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/19917

Joomla Content Submission SQL Injection

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the content submission script not properly sanitizing user-supplied input to an unspecified variable(s). This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/20027

Fetchmail Bounced Message DoS

Fetchmail contains a flaw that may allow a remote denial of service. The issue is triggered when a message is bounced to the originator or the local postmaster, and will result in loss of availability for the service.. Read more at osvdb.org/22691

Vuln: Mozilla Thunderbird File Attachment Spoofing Vulnerability

Mozilla Thunderbird File Attachment Spoofing Vulnerability. Read more at securityfocus.com/bid/16271

Vuln: Fetchmail Bounced Message Denial Of Service Vulnerability

Fetchmail Bounced Message Denial Of Service Vulnerability. Read more at securityfocus.com/bid/16365

Vuln: ImageMagick Image Filename Remote Command Execution Vulnerability

ImageMagick Image Filename Remote Command Execution Vulnerability. Read more at securityfocus.com/bid/16093

Vuln: Flyspray Multiple Cross-Site Scripting Vulnerabilities

Flyspray Multiple Cross-Site Scripting Vulnerabilities. Read more at securityfocus.com/bid/15209

Rosiello Security – Eterm-LibAST Advisory

Rosiello Security – Eterm-LibAST Advisory. Read more at securityfocus.com/archive/1/423088

Updated ipsec-tools packages fix vulnerability

Updated ipsec-tools packages fix vulnerability. Read more at securityfocus.com/archive/1/423070

Workaround for unpatched Oracle PLSQL Gateway flaw

Workaround for unpatched Oracle PLSQL Gateway flaw. Read more at securityfocus.com/archive/1/423029

[eVuln] CheesyBlog XSS Vulnerability

[eVuln] CheesyBlog XSS Vulnerability. Read more at securityfocus.com/archive/1/423023

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software