• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

vTiger CRM Account Name XSS

Network Security News – Wednesday, December 07, 2005 Events

vTiger CRM Account Name XSS

vTiger CRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Account Name' field upon submission to the index.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21232

phpYellow print_me.php ckey Variable SQL Injection

phpYellow contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the print_me.php script not properly sanitizing user-supplied input to the 'ckey' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21429

phpYellow search_result.php haystack Variable SQL Injection

phpYellow contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search_result.php script not properly sanitizing user-supplied input to the 'haystack' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21428

QualityEBiz Quality PPC Search Module REQ Variable XSS

Quality PPC contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'REQ' variable upon submission to the search module query. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21387

PluggedOut Nexus search.php Multiple Variable XSS

Nexus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'firstname', 'lastname' and 'location' variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21479

PluggedOut Nexus search.php Multiple Variable SQL Injection

Nexus contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'firstname', 'lastname' and 'location' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21478

PluggedOut Blog index.php Multiple Variable SQL Injection

Blog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'categoryid', 'entryid', 'year', 'month' and 'day' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21480

Trac Search Module SQL Injection

Trac contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search module not properly sanitizing user-supplied input to an unspecified variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21459

FileLister definesearch.jsp searchwhat Variable XSS

FileLister contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'searchwhat' variables upon submission to the definesearch.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21476

FileLister definesearch.jsp searchwhat Variable SQL Injection

FileLister contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the definesearch.jsp script not properly sanitizing user-supplied input to the 'searchwhat' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/21416

Vuln: Ipswitch Collaboration Suite and IMail Server SMTPD Remote Format String Vulnerability

Ipswitch Collaboration Suite and IMail Server SMTPD Remote Format String Vulnerability. Read more at securityfocus.com/bid/15752

Vuln: Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability

Ipswitch Collaboration Suite and IMail Server IMAPD LIST Command Denial Of Service Vulnerability. Read more at securityfocus.com/bid/15753

Vuln: Multiple Vendor BIOS Password Persistence Weakness

Multiple Vendor BIOS Password Persistence Weakness. Read more at securityfocus.com/bid/15751

Vuln: e107 Website System Voting Manipulation Vulnerability

e107 Website System Voting Manipulation Vulnerability. Read more at securityfocus.com/bid/15748

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf StreamPredictor Heap Overflow Vulnerability. Read more at securityfocus.com/archive/1/418741

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Progressive Heap Overflow. Read more at securityfocus.com/archive/1/418739

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf DCTStream Baseline Heap Overflow Vulnerability. Read more at securityfocus.com/archive/1/418738

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability

iDefense Security Advisory 12.05.05: Multiple Vendor xpdf JPX Stream Reader Heap Overflow Vulnerability. Read more at securityfocus.com/archive/1/418740

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software