• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Skate Board reguser.php Multiple Field XSS

Network Security News – Monday, February 20, 2006 Events

Skate Board reguser.php Multiple Field XSS

Skate Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the reguser.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23305

Invision Power Board Task Manager Traversal File Execution

Invision Power Board contains a flaw that allows a remote attacker to execute arbitrary programs outside of the web path. The issue is due to the Task Manager not properly sanitizing user input, specifically traversal style attacks (../../) supplied as a task name. This allows the Task Manager to execute tasks outside of the "sources/tasks/" directory. Additionally, the Task Manager does not require task files end with a the ".php" extension, which could allow other types of files, or files uploaded via the bulletin board, to be executed.. Read more at osvdb.org/23337

MUTE P2P MWebCache Information Disclosure

MUTE contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious attacker fills a web cache with malicious nodes or creates a web cache that contains only malicious nodes. This will result in a loss of confidentiality.. Read more at osvdb.org/23336

MUTE P2P DROP_CHAIN Information Disclosure

MUTE contains an issue that may theoretically lead to an unauthorized information disclosure. The issue is triggered when a malicious attacker controls two neighboring nodes. The one neighbor sends a fake request with a high UC to force a DROP_CHAIN, while the other neighbor is the first node on the DROP_CHAIN, which will disclose search result information resulting in a loss of confidentiality.. Read more at osvdb.org/23335

Skate Board POST Method sendpass.php usern Variable SQL Injection

Skate Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the sendpass.php script not properly sanitizing user-supplied input to the 'usern' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23301

Skate Board login.php Multiple Variable SQL Injection

Skate Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23302

Skate Board logged.php Multiple Variable SQL Injection

Skate Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the logged.php script not properly sanitizing user-supplied input to multiple variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23303

Skate Board config.php Administrator Arbitrary PHP Code Execution

Skate Board contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when when an authenticated Skate Board user with administrative priveleges injects PHP code into multiple variables in the config.php script. This flaw may lead to a loss of confidentiality and/or integrity on the server hosting the bulletin board.. Read more at osvdb.org/23304

Macallan Mail Solution IMAP Service Multiple Command Traversal Arbitrary File/Directory Manipulation

Macallan Mail Solution contains a flaw within its IMAP service that allows a remote attacker to access the system outside of the path of their IMAP directories and read other users' email, create and rename directories and remove empty ones. The issue is due to the program not properly sanitizing user input to the 'CREATE', 'SELECT', 'DELETE' and 'RENAME' commands, specifically regarding traversal style attacks (../../).. Read more at osvdb.org/23269

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software