• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

PluggedOut Blog exec.php entryid Variable SQL Injection

Network Security News – Wednesday, February 08, 2006 Events

PluggedOut Blog exec.php entryid Variable SQL Injection

PluggedOut Blog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the exec.php script not properly sanitizing user-supplied input to the 'entryid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/22926

PluggedOut Blog problem.php data Variable XSS

PluggedOut Blog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'data' variable upon submission to the problem.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/22927

Gallery Crafted File Path Manipulation Arbitrary Code Execution

Gallery contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with write access to a server creates a crafted link and tricks an administrator to follow the link. This flaw may lead to a loss of integrity.. Read more at osvdb.org/22944

Gallery zipdownload Malformed Zip Agressive File Deletion DoS

Gallery contains a flaw that may allow a remote denial of service. The issue is triggered when a the server attempts to create a zip archive and fails, and will result in deleting the parent folder of the directory where the zip archive was supposed to be.. Read more at osvdb.org/22943

CommuniGate Pro Server LDAP DN Overflow

A remote overflow exists in CommuniGate Pro Core Server. The product fails to handle numerous DNs correctly resulting in an integer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.. Read more at osvdb.org/22932

Microsoft HTML Help Workshop .hhp Parsing Overflow

A local overflow exists in HTML Help Workshop. HTML Help Workshop fails to check an unspecified buffer when reading .hhp files resulting in a buffer overflow. With a specially crafted file, an attacker can cause code execution by the individual opening the .hhp file resulting in a loss of integrity.. Read more at osvdb.org/22941

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software