• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

manas tungare Site Membership login.asp Username Variable SQL Injection

Network Security News – Monday, March 13, 2006 Events

manas tungare Site Membership login.asp Username Variable SQL Injection

Site Membership Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.asp script not properly sanitizing user-supplied input to the 'Username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/23755

manas tungare Site Membership login.asp Error Variable XSS

Site Membership Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Error' variable upon submission to the login.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23753

manas tungare Site Membership default.asp Error Variable XSS

Site Membership Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Error' variable upon submission to the default.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23754

PEAR Text_Password Random Number Generator Seeding Weakness

PEAR Text_Password contains a flaw that may cause passwords and CAPTCHA sequences to be generated from a small random seed pool. This could cause the possible password space to be considerably smaller than intended. Additionally, this would allow attackers to easily brute force CAPTCHA sequences, bypassing the protection offered.. Read more at osvdb.org/23825

thttpd htpasswd Arbitrary Privileged Command Execution

thttpd contains a flaw that may allow a malicious local user to execute privileged commands. The issue is triggered when a user calls the 'htpasswd' utility but supplies arbitrary commands along with a username to be added to a password file. It is possible that the flaw may allow the user to bypass the required authentication and execute arbitrary programs with privileged access.. Read more at osvdb.org/23828

VBZooM contact.php UserID Variable XSS

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variables upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23813

VBZooM comment.php UserID Variable XSS

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variables upon submission to the comment.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23812

RunCMS bigshow.php id Variable XSS

RunCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the bigshow.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23823

Joomla! unpublished Flag Unspecified Privileged Item Access

Joomla! contains a flaw related to the 'unpublished' flag that may allow an attacker to access various items such as Weblink, Polls, Newfeeds, Weblinks and Content. No further details have been provided.. Read more at osvdb.org/23821

Joomla! Syndication Component Malformed Filename Path Disclosure

Joomla! contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides a malformed filename to the 'feed' variable in the syndication component, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/23815

Vuln: Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities

Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities. Read more at securityfocus.com/bid/17074

Vuln: Peercast.org PeerCast Remote Buffer Overflow Vulnerability

Peercast.org PeerCast Remote Buffer Overflow Vulnerability. Read more at securityfocus.com/bid/17040

Vuln: txtForum Remote PHP Script Code Injection Vulnerability

txtForum Remote PHP Script Code Injection Vulnerability

. Read more at securityfocus.com/bid/17061

Vuln: Jiros Banner Experience Pro Addadmin.ASP Authorization Bypass Vulnerability

Jiros Banner Experience Pro Addadmin.ASP Authorization Bypass Vulnerability. Read more at securityfocus.com/bid/17060

SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit

SGI IRIX 6.*usr/sysadm/bin/runpriv local root exploit. Read more at securityfocus.com/archive/1/427409

XSS in vCard

XSS in vCard

. Read more at securityfocus.com/archive/1/427408

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.

Jupiter CMS <= 1.1.5 multiple XSS attack vectors.. Read more at securityfocus.com/archive/1/427406

AntiVir PersonalEdition Classic: Local Privilige Escalation

AntiVir PersonalEdition Classic: Local Privilige Escalation. Read more at securityfocus.com/archive/1/427412

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software