• Skip to main content
  • Skip to footer

Audit My PC - Free Internet Security Audit

Firewall Test and web tools to check your security and privacy

  • Firewall Test
  • Anti Spam
  • Internet Speed Test
  • Sitemap Generator
  • Whats My IP

phpBB phpbb-Auction auction_myauctions.php mode Variable Path Disclosure

Network Security News – Thursday, April 21, 2005 Events

phpBB phpbb-Auction auction_myauctions.php mode Variable Path Disclosure

phpbb-Auction contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker provides malformed input to the 'mode' parameter of the auction_myauctions.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15706

phpBB phpbb-Auction auction_offer.php ar Variable SQL Injection

phpbb-Auction contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'ar' variable in the auction_offer.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15705

phpBB phpbb-Auction auction_rating.php u Variable SQL Injection

phpbb-Auction contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'u' variable in the auction_rating.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.. Read more at osvdb.org/15704

PayProCart index.php Traversal File Enumeration

PayProCart contains a flaw that allows a remote attacker to enumerate files
from local resources outside of the web path. The issue is due to the 'index.php' not properly sanitizing user input, specifically traversal style attacks (../) supplied via the 'modID' variable(s).. Read more at osvdb.org/15270

PayProCart invite.php ShortDesc Variable XSS

PayProCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ShortDesc' variable upon submission to the invite.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/15540

PayProCart checkout_totaltrans.php Information Disclosure

PayProCart contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker uses a cross-site scripting style attack to include the checkout_totaltrans.php script, which will disclose arbitrary user's IP addresses resulting in a loss of confidentiality.. Read more at osvdb.org/15538

PayProCart usrauthstamp.php IP Disclosure

PayProCart contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker uses a cross-site scripting style attack to include the usrauthstamp.php script, which will disclose arbitrary user's IP addresses resulting in a loss of confidentiality.. Read more at osvdb.org/15537

PayProCart specials.php Direct Request Path Disclosure

PayProCart contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker directly requests the specials.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15536

PayProCart newitems.php Direct Request Path Disclosure

PayProCart contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker directly requests the newitems.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15535

PayProCart mailingsignup.php Direct Request Path Disclosure

PayProCart contains a flaw that may lead to an unauthorized information disclosure. Өe issue is triggered when an attacker directly requests the mailingsignup.php script, which will disclose the installation path resulting in a loss of confidentiality.. Read more at osvdb.org/15534

PMSoftware Simple Web Server Remote Buffer Overflow Vulnerability

PMSoftware Simple Web Server is a freely available Web server application for the Microsoft Windows platform.A remote buffer overflow vulnerability affects PMSoftware S…

. Read more at securityfocus.com/bid/13227?ref=rss

CPIO Filename Directory Traversal Vulnerability

cpio is an open-source file compression/decompression utility for Unixand Linux variants.cpio is prone to a directory traversal vulnerability. The issue manifests when…

. Read more at securityfocus.com/bid/13291?ref=rss

Linux Kernel Bluetooth Signed Buffer Index Vulnerability

A signed buffer index vulnerability affects the Linux kernel. This issue is due to a failure of the affected kernel to securely handle signed values when validating memor…

. Read more at securityfocus.com/bid/12911?ref=rss

GNU GZip Filename Directory Traversal Vulnerability

GNU GZip is an open-source file compression/decompression utility for Unix and Linux variants.gzip is prone to a directory traversal vulnerability. The issue manifests …

. Read more at securityfocus.com/bid/13290?ref=rss

Microsoft Exchange Server SMTP Extended Verb Buffer Overflow Vulnerability

Microsoft Exchange Server uses an SMTP extended verb to communicate routing information and other Exchange-specific information among the Exchange servers in an organizat…

. Read more at securityfocus.com/bid/13118?ref=rss

Coppermine Photo Gallery ZipDownload.PHP SQL Injection Vulnerability

Coppermine Photo Gallery is a Web-based gallery. It is implemented in PHP and includes features that allow users to vote for pictures.Coppermine is prone to an SQL inje…

. Read more at securityfocus.com/bid/13289?ref=rss

Re: Vulnerability in Coppermine Photo Gallery 1.3.*

Sender: [nibbler999 at users dot sf dot net]

. Read more at securityfocus.com/archive/1/396416?ref=rss

Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Sender: Tom Lane [tgl at sss dot pgh dot pa dot us]

. Read more at securityfocus.com/archive/1/396440?ref=rss

Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Sender: Bruce Momjian [pgman at candle dot pha dot pa dot us]

. Read more at securityfocus.com/archive/1/396436?ref=rss

Re: [HACKERS] Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords

Sender: Jim C dot Nasby [decibel at decibel dot org]

. Read more at securityfocus.com/archive/1/396438?ref=rss

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Footer

Miscellaneous

  • Free Address Finder
  • HTML Encoder Decoder
  • Website Monitoring
  • Whats My IP Address?
  • Yes or No

Copyright © 2001-2021 Audit My PC .com All Rights Reserved. Our Privacy Policy and TOS

  • About
  • Acronyms
  • DLL Files
  • Ports
  • Computer Security News
  • Email Scams & Spam
  • Internet Safety
  • Free Software