• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

PostNuke admin.php module Variable XSS

Network Security News – Sunday, April 10, 2005 Events

PostNuke admin.php module Variable XSS

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'module' variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15369

PostNuke News Module sid Parameter SQL Injection

PostNuke contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'sid' variable in the News Module not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15371

PostNuke Reviews Module id Variable Path Disclosure

PostNuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'id' parameter of the Reviews Module, which will disclose the server installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15368

PostNuke user.php op Variable XSS

PostNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'op' variable upon submission to the user.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15370

Drummond Miles A1Statistics a1disp2.cgi Traversal Arbitrary File Read

A1Statistics contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the a1disp2.cgi script not properly sanitizing user input, specifically traversal style attacks (../../).. Read more at osvdb.org/554

Drummond Miles A1Statistics a1disp4.cgi Traversal Arbitrary File Read

A1Statistics contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the a1disp4.cgi script not properly sanitizing user input, specifically traversal style attacks (../../).. Read more at osvdb.org/15387

Drummond Miles A1Statistics a1disp3.cgi Traversal Arbitrary File Read

A1Statistics contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the a1disp3.cgi script not properly sanitizing user input, specifically traversal style attacks (../../).. Read more at osvdb.org/15386

BEA WebLogic config.cmd Log File Admin Credential Plaintext Disclosure

BEA WebLogic contains a flaw that may lead to an unauthorized information disclosure. The issue occurs because config.cmd writes the administrative credentials to a log in plaintext. This will allow a local user to trivially obtain the credentials by browsing the logs generated by the utility.. Read more at osvdb.org/15380

AN HTTPD Server httpd.log Arbitrary Text Injection

AN HTTPD Server contains a flaw that may allow a remote attacker to inject arbitrary text into the server log. The issue is due to the server not properly sanitizing the CR and LF characters of the URI being processed. Using a specially crafted URI, an attacker can cause the injection of custom lines into the log. This could be used to inject fake browsing entries, or arbitrary commands which can be executed through the cmdIS.DLL module.. Read more at osvdb.org/15362

AN HTTPD Server cmdIS.DLL user-agent Field Remote Overflow

A remote overflow exists in AN HTTPD Server. The server fails to check the bounds of the user-agent field resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary scripts resulting in a loss of integrity.. Read more at osvdb.org/15361

File Upload Script PHPBB Module Arbitrary Script Upload Vulnerability

File Upload Script is a phpBB module that allows users to upload files to a Web site.File Upload Script is reported prone to an arbitrary script upload vulnerability. …

. Read more at securityfocus.com/bid/13084?ref=rss

Sun J2SE Software Development Kit Java Archive Tool Directory Traversal Vulnerability

Sun J2SE Java Archive Tool is a compression utility that is used to create Java Archive (JAR) files.The Java Archive Tool is reported vulnerable to a directory traversa…

. Read more at securityfocus.com/bid/13083?ref=rss

Azerbaijan Development Group AzDGDatingPlatinum Multiple Vulnerabilities

AzDGDatingPlatinum is a Web based forum implemented in PHP.AzDGDatingPlatinum is reported prone to multiple vulnerabilities. These issues result from insufficient sani…

. Read more at securityfocus.com/bid/13082?ref=rss

Citrix MetaFrame Web Client Access Restriction Bypass Vulnerability

Citrix MetaFrame Web Client allows users to connect to Citrix using a PC.It is reported that the client application provides access to various applications on the serve…

. Read more at securityfocus.com/bid/13081?ref=rss

RadScripts RadBids Gold Multiple Vulnerabilities

RadBids Gold is a Web based auction application implemented in PHP with a mySQL database.RadBids Gold is reported prone to multiple vulnerabilities. These issues inclu…

. Read more at securityfocus.com/bid/13080?ref=rss

Centrinity FirstClass Client Bookmark Window File Execution Vulnerability

Centrinity FirstClass Desktop is a client application used to manage the FirstClass server. FirstClass is reported prone to a vulnerability that may allow remote attack…

. Read more at securityfocus.com/bid/13079?ref=rss

Pafiledb ACTION Parameter XSS

Sender: tom cruise [the dot n3t at gmail dot com]

. Read more at securityfocus.com/archive/1/395424?ref=rss

UnixWare 7.1.4 UnixWare 7.1.3 UnixWare 7.1.1 : telnet client multiple issues

Sender: [please_reply_to_security at sco dot com]

. Read more at securityfocus.com/archive/1/395428?ref=rss

How to Report a Security Vulnerability to Microsoft

Sender: Microsoft Security Response Center [secure at microsoft dot com]

. Read more at securityfocus.com/archive/1/395427?ref=rss

iDEFENSE Security Advisory 04.08.05: Microsoft Multiple E-Mail Client Address Spoofing Vulnerability

Sender: iDEFENSE Labs [labs-no-reply at idefense dot com]

. Read more at securityfocus.com/archive/1/395426?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software