• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

phpBB url bbcode in MSIE Arbitrary Script Insertion

Network Security News – Thursday, January 05, 2006 Events

phpBB url bbcode in MSIE Arbitrary Script Insertion

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bbcode' submitted to the 'url' variable upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Note that this vulnerability only affects Microsoft Internet Explorer (MSIE).. Read more at osvdb.org/22161

Enhanced Simple PHP Gallery index.php dir Variable XSS

Enhanced Simple PHP Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dir' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22201

Lizard Cart CMS detail.php id Variable SQL Injection

Lizard Cart CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'detail.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22200

Lizard Cart CMS pages.php id Variable SQL Injection

Lizard Cart CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'pages.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22199

raSMP index.php User-Agent Field XSS

raSMP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input to the "User-Agent" HTTP header before submission to the record_hit() function of the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22198

Next Generation Image Gallery index.php page Variable XSS

Next Generation Image Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22202

BSD rcvtty Incoming Message Privilege Escalation

BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the rcvtty component fails to properly drop SGID privileges before executing arbitrary commands contained within incoming messages. A malicious user can prepare a shell script containing the commands, which will execute with the privileges of the tty group. This flaw may lead to a loss of integrity.. Read more at osvdb.org/13756

Intel ialmrnt5 Graphics Accelerator Driver textfield Overflow DoS

A local overflow exists in Intel Graphics Accelerator Driver. The ialmnt5.sys library file fails to validate user input resulting in an overflow. With a specially crafted data segment, an attacker can cause the Windows Display Driver to stop responding, resulting in a loss of availability.. Read more at osvdb.org/22196

aMSN Messenger File Transfer Remote DoS

aMSN contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted byte string is sent when initiating a file transfer and will result in loss of availability for the service.. Read more at osvdb.org/22186

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software