• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

WMNews wmcomments.php ArtID Variable XSS

Network Security News – Tuesday, March 14, 2006 Events

WMNews wmcomments.php ArtID Variable XSS

WMNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ArtID' variable upon submission to the wmcomments.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23842

WMNews footer.php ctrrowcol Variable XSS

WMNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ctrrowcol' variable upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23841

WMNews wmview.php ArtCat Variable XSS

WMNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ArtCat' variable upon submission to the wmview.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23840

Dwarf HTTP Crafted Request Script Source Disclosure

Dwarf HTTP contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when a remote attacker makes a specially crafted request using dot, space, slash and NULL characters which will disclose script source code resulting in a loss of confidentiality.. Read more at osvdb.org/23836

Dwarf HTTP Error Message XSS

Dwarf HTTP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the server via the URL, which is displayed via the error page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23837

QwikiWiki index.php Multiple Variable XSS

Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'from', or 'help' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23786

QwikiWiki login.php Multiple Variable XSS

Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action', 'page', 'debug', 'help', 'username' or 'password' variables upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23787

QwikiWiki pageindex.php help Variable XSS

Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'help' variables upon submission to the pageindex.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23788

JiRos Banner System Professional addadmin.asp Unauthenticated Privileged Account Creation

JiRos Banner System Professional contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a failure in the application to properly perform authentication before granting administrator access. By making a direct request to the addadmin.asp script, an unauthenticated user may create a new account and set any privileges (including administrative).. Read more at osvdb.org/23780

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software