• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

Claroline rqmkhtml.php file Variable XSS

Network Security News – Saturday, April 01, 2006 Events

Claroline rqmkhtml.php file Variable XSS

Claroline contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' variable upon submission to the rqmkhtml.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Additionally, this can be used to disclose the software installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/24285

SiteSearch Indexer searchresults.asp searchField Variable XSS

SiteSearch Indexer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'searchField' variable upon submission to the searchresults.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24289

Samba winbindd Debug Log Server Credential Local Disclosure

Samba winbindd contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plain text winbindd passwords of a domain member server. When the log level is set to 5 or higher, winbindd stores these credentials in a plain text file readable by non-administrative users, which may lead to a loss of confidentiality.. Read more at osvdb.org/24263

phpmyfamily track.php name Variable XSS

phpmyfamily contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'track.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24166

Greymatter gm-upload.cgi Arbitrary File Upload

Greymatter contains a flaw that may allow a malicious user to upload files to arbitrary locations on the filesystem with the same privileges as the server process. It is possible that the flaw may allow arbitrary code execution when a script file is placed within or below the web server root directory, leading to a loss of integrity.. Read more at osvdb.org/24210

RedCMS register.php SQL Injection

RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the register.php script not properly sanitizing user-supplied input to unspecirfied variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24299

RedCMS register.php Multiple Field XSS

RedCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'email', 'location', or 'website' fields upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24296

RedCMS profile.php u Variable SQL Injection

RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the profile.php script not properly sanitizing user-supplied input to the 'u' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24298

RedCMS login.php Multiple Variable SQL Injection

RedCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more at osvdb.org/24297

Annuaire (Directory) inscription.php Comment Field XSS

Annuaire (Directory) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Comment Field (COMMENTAIRE variable) upon submission to the inscription.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/24303

Vuln: Esqlanelapse Unspecified Cross-Site Scripting Vulnerability

Esqlanelapse Unspecified Cross-Site Scripting Vulnerability. Read more at securityfocus.com/bid/17331

Vuln: Mon Album Multiple SQL Injection Vulnerabilities

Mon Album Multiple SQL Injection Vulnerabilities. Read more at securityfocus.com/bid/17327

Vuln: Mantis Multiple Remote Vulnerabilities

Mantis Multiple Remote Vulnerabilities

. Read more at securityfocus.com/bid/15227

Vuln: XFIT/S Unspecified Denial of Service Vulnerability

XFIT/S Unspecified Denial of Service Vulnerability. Read more at securityfocus.com/bid/17329

Buffer-overflow and in-game crash in Zdaemon 1.08.01

Buffer-overflow and in-game crash in Zdaemon 1.08.01. Read more at securityfocus.com/archive/1/429521

Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking

Warcraft III Replay Parser Script Remote Command Exucetion Vulnerability And Cross-Site Scripting Attacking

. Read more at securityfocus.com/archive/1/429535

DbbS<=2.0-alpha SQL injection

DbbS<=2.0-alpha SQL injection. Read more at securityfocus.com/archive/1/429512

[security bulletin] HPSBUX02108 SSRT061133 rev.2 – HP-UX running Sendmail, Remote Execution of Arbitrary Code

[security bulletin] HPSBUX02108 SSRT061133 rev.2 – HP-UX running Sendmail, Remote Execution of Arbitrary Code. Read more at securityfocus.com/archive/1/429477

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2024 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software