• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Clever Copy Private Message Subject Field XSS

Network Security News – Friday, February 17, 2006 Events

Clever Copy Private Message Subject Field XSS

Clever Copy contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Subject' variable upon submission to the privatemessages.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23235

Plume CMS prepend.php _PX_config[manager_path] Variable Remote File Inclusion

Plume CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to prepend.php not properly sanitizing user input supplied to the "_PF_CONFIG['manager_path']" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23204

@Mail Webmail Message HTML Image Tag XSS

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate message HTML image tags upon submission to an email message. This could allow a user to create a specially crafted email that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23236

dotProject /modules/tasks/gantt.php baseDir Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/tasks/gantt.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23219

dotProject /modules/public/date_format.php baseDir Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/public/date_format.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23218

dotProject /modules/public/calendar.php baseDir Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/public/calendar.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23217

dotProject /modules/admin/vw_usr_roles.php baseDir Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/admin/vw_usr_roles.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23216

dotProject /modules/projects/vw_files.php dPconfig[root_dir] Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/projects/vw_files.php not properly sanitizing user input supplied to the 'dPconfig[root_dir]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23215

dotProject /modules/projects/gantt2.php dPconfig[root_dir] Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/projects/gantt2.php not properly sanitizing user input supplied to the 'dPconfig[root_dir]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23214

dotProject /modules/projects/gantt.php dPconfig[root_dir] Variable Remote File Inclusion

dotProject contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /modules/projects/gantt.php not properly sanitizing user input supplied to the 'dPconfig[root_dir]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more at osvdb.org/23213

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software