• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

PHP SimpleNEWS Cookie Authentication Bypass

Network Security News – Thursday, March 16, 2006 Events

PHP SimpleNEWS Cookie Authentication Bypass

PHP SimpleNEWS and PHP SimpleNEWS MySQL contain a flaw that may allow a malicious user to bypass administrative authentication. The issue is due to the program only comparing the username supplied by the cookie when accessing the pages. By creating a cookie with the value of 'admin', the program does not compare the password supplied, allowing for administrative access.. Read more at osvdb.org/23803

QwikiWiki recentchanges.php help Variable XSS

Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'help' variable upon submission to the recentchanges.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23789

Microsoft Office Crafted Routing Slip Arbitrary Code Execution

A remote overflow exists in Microsoft Office 2000, Office XP (2002), and Office 2003. The Microsoft Word, Excel, PowerPoint, and Outlook applications fail to parse the routing slip metadata resulting in a buffer overflow. With a specially crafted document, an attacker can cause arbitrary code execution when a user closes a malicious document resulting in a loss of integrity.. Read more at osvdb.org/23903

Microsoft Office Excel Malformed Description Arbitrary Code Execution

A local overflow exists in Excel. The product fails to check the length of the Description in .xls files resulting in a buffer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23900

Microsoft Office Excel BIFF File Processing Malformed BOOLERR Record Arbitrary Code Execution

A local overflow exists in Excel. The product fails to verify the length of BOOLERR records in the BIFF file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbityrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23899

Microsoft Office Excel Malformed Record Arbitrary Code Execution

A remote overflow exists in Excel. The product fails to check the length of a buffer of a record resulting in a stack overflow. With a specially crafted .xls file, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23902

Macromedia Flash Player swf Processing Multiple Unspecified Code Execution

Flash Player contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the victim loads a malicious SWF file. It is possible that the flaw may allow an attacker to take control of the affected system resulting in a loss of confidentiality, integrity, and/or availability.. Read more at osvdb.org/23908

VPMi Enterprise Service_Requests.asp Request_Name_Display Variable XSS

VPMi Enterprise contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Request_Name_Display' variable upon submission to the Service_Requests.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/23916

Microsoft Office Excel Malformed Graphic Arbitrary Code Execution

A user-complicit overflow exists in Excel. The product fails to correctly interpret an undisclosed graphic file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.. Read more at osvdb.org/23901

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software